fix: [MEDIA] Veo/Flow flythrough prototypes for The Nexus and Timmy (closes #681)

FINDINGS-issue-801.md

@@ -1,305 +0,0 @@
-# Security Audit: NostrIdentity BIP340 Schnorr Signatures — Timing Side-Channel Analysis
-
-**Issue:** #801
-**Repository:** Timmy_Foundation/the-nexus
-**File:** `nexus/nostr_identity.py`
-**Auditor:** mimo-v2-pro swarm worker
-**Date:** 2026-04-10
-
----
-
-## Summary
-
-The pure-Python BIP340 Schnorr signature implementation in `NostrIdentity` has **multiple timing side-channel vulnerabilities** that could allow an attacker with precise timing measurements to recover the private key. The implementation is suitable for prototyping and non-adversarial environments but **must not be used in production** without the fixes described below.
-
----
-
-## Architecture
-
-The Nostr sovereign identity system consists of two files:
-
-- **`nexus/nostr_identity.py`** — Pure-Python secp256k1 + BIP340 Schnorr signature implementation. No external dependencies. Contains `NostrIdentity` class for key generation, event signing, and pubkey derivation.
-- **`nexus/nostr_publisher.py`** — Async WebSocket publisher that sends signed Nostr events to public relays (damus.io, nos.lol, snort.social).
-- **`app.js` (line 507)** — Browser-side `NostrAgent` class uses **mock signatures** (`mock_id`, `mock_sig`), not real crypto. Not affected.
-
----
-
-## Vulnerabilities Found
-
-### 1. Branch-Dependent Scalar Multiplication — CRITICAL
-
-**Location:** `nostr_identity.py:41-47` — `point_mul()`
-
-```python
-def point_mul(p, n):
-    r = None
-    for i in range(256):
-        if (n >> i) & 1:        # <-- branch leaks Hamming weight
-            r = point_add(r, p)
-        p = point_add(p, p)
-    return r
-```
-
-**Problem:** The `if (n >> i) & 1` branch causes `point_add(r, p)` to execute only when the bit is 1. An attacker measuring signature generation time can determine which bits of the scalar are set, recovering the private key from a small number of timed signatures.
-
-**Severity:** CRITICAL — direct private key recovery.
-
-**Fix:** Use a constant-time double-and-always-add algorithm:
-
-```python
-def point_mul(p, n):
-    r = (None, None)
-    for i in range(256):
-        bit = (n >> i) & 1
-        r0 = point_add(r, p)         # always compute both
-        r = r0 if bit else r          # constant-time select
-        p = point_add(p, p)
-    return r
-```
-
-Or better: use Montgomery ladder which avoids point doubling on the identity.
-
----
-
-### 2. Branch-Dependent Point Addition — CRITICAL
-
-**Location:** `nostr_identity.py:28-39` — `point_add()`
-
-```python
-def point_add(p1, p2):
-    if p1 is None: return p2       # <-- branch leaks operand state
-    if p2 is None: return p1       # <-- branch leaks operand state
-    (x1, y1), (x2, y2) = p1, p2
-    if x1 == x2 and y1 != y2: return None  # <-- branch leaks equality
-    if x1 == x2:                          # <-- branch leaks equality
-        m = (3 * x1 * x1 * inverse(2 * y1, P)) % P
-    else:
-        m = ((y2 - y1) * inverse(x2 - x1, P)) % P
-    ...
-```
-
-**Problem:** Multiple conditional branches leak whether inputs are the identity point, whether x-coordinates are equal, and whether y-coordinates are negations. Combined with the scalar multiplication above, this gives an attacker detailed timing information about intermediate computations.
-
-**Severity:** CRITICAL — compounds the scalar multiplication leak.
-
-**Fix:** Replace with a branchless point addition using Jacobian or projective coordinates with dummy operations:
-
-```python
-def point_add(p1, p2):
-    # Use Jacobian coordinates; always perform full addition
-    # Use conditional moves (simulated with arithmetic masking)
-    # for selecting between doubling and addition paths
-```
-
----
-
-### 3. Branch-Dependent Y-Parity Check in Signing — HIGH
-
-**Location:** `nostr_identity.py:57-58` — `sign_schnorr()`
-
-```python
-R = point_mul(G, k)
-if R[1] % 2 != 0:       # <-- branch leaks parity of R's y-coordinate
-    k = N - k
-```
-
-**Problem:** The conditional negation of `k` based on the y-parity of R leaks information about the nonce through timing. While less critical than the point_mul leak (it's a single bit), combined with other leaks it aids key recovery.
-
-**Severity:** HIGH
-
-**Fix:** Use arithmetic masking:
-
-```python
-R = point_mul(G, k)
-parity = R[1] & 1
-k = (k * (1 - parity) + (N - k) * parity) % N  # constant-time select
-```
-
----
-
-### 4. Non-Constant-Time Modular Inverse — MEDIUM
-
-**Location:** `nostr_identity.py:25-26` — `inverse()`
-
-```python
-def inverse(a, n):
-    return pow(a, n - 2, n)
-```
-
-**Problem:** CPython's built-in `pow()` with 3 args uses Montgomery ladder internally, which is *generally* constant-time for fixed-size operands. However:
-- This is an implementation detail, not a guarantee.
-- PyPy, GraalPy, and other Python runtimes may use different algorithms.
-- The exponent `n-2` has a fixed Hamming weight for secp256k1's `N`, so this specific case is less exploitable, but relying on it is fragile.
-
-**Severity:** MEDIUM — implementation-dependent; low risk on CPython specifically.
-
-**Fix:** Implement Fermat's little theorem inversion with blinding, or use a dedicated constant-time GCD algorithm (extended binary GCD).
-
----
-
-### 5. Non-RFC6979 Nonce Generation — LOW (but non-standard)
-
-**Location:** `nostr_identity.py:55`
-
-```python
-k = int.from_bytes(sha256(privkey.to_bytes(32, 'big') + msg_hash), 'big') % N
-```
-
-**Problem:** The nonce derivation is `SHA256(privkey || msg_hash)` which is deterministic but doesn't follow RFC6979 (HMAC-based DRBG). Issues:
-- Not vulnerable to timing (it's a single hash), but could be vulnerable to related-message attacks if the same key signs messages with predictable relationships.
-- BIP340 specifies `tagged_hash("BIP0340/nonce", ...)` with specific domain separation, which is not used here.
-
-**Severity:** LOW — not a timing issue but a cryptographic correctness concern.
-
-**Fix:** Follow RFC6979 or BIP340's tagged hash approach:
-
-```python
-def sign_schnorr(msg_hash, privkey):
-    # BIP340 nonce generation with tagged hash
-    t = privkey.to_bytes(32, 'big')
-    if R_y_is_odd:
-        t = bytes(b ^ 0x01 for b in t)  # negate if needed
-    k = int.from_bytes(tagged_hash("BIP0340/nonce", t + pubkey + msg_hash), 'big') % N
-```
-
----
-
-### 6. Private Key Bias in Random Generation — LOW
-
-**Location:** `nostr_identity.py:69`
-
-```python
-self.privkey = int.from_bytes(os.urandom(32), 'big') % N
-```
-
-**Problem:** `os.urandom(32)` produces values in `[0, 2^256)`, while `N` is slightly less than `2^256`. The modulo reduction introduces a negligible bias (~2^-128). Not exploitable in practice, but not the cleanest approach.
-
-**Severity:** LOW — theoretically biased, practically unexploitable.
-
-**Fix:** Use rejection sampling or derive from a hash:
-
-```python
-def generate_privkey():
-    while True:
-        candidate = int.from_bytes(os.urandom(32), 'big')
-        if 0 < candidate < N:
-            return candidate
-```
-
----
-
-### 7. No Scalar/Point Blinding — MEDIUM
-
-**Location:** Global — no blinding anywhere in the implementation.
-
-**Problem:** The implementation has no countermeasures against:
-- **Power analysis** (DPA/SPA) on embedded systems
-- **Cache-timing attacks** on shared hardware (VMs, cloud)
-- **Electromagnetic emanation** attacks
-
-Adding random blinding to scalar multiplication (multiply by `r * r^-1` where `r` is random) would significantly raise the bar for side-channel attacks beyond simple timing.
-
-**Severity:** MEDIUM — not timing-specific, but important for hardening.
-
----
-
-## What's NOT Vulnerable (Good News)
-
-1. **The JS-side `NostrAgent` in `app.js`** uses mock signatures (`mock_id`, `mock_sig`) — not real crypto, not affected.
-2. **`nostr_publisher.py`** correctly imports and uses `NostrIdentity` without modifying its internals.
-3. **The hash functions** (`sha256`, `hmac_sha256`) use Python's `hashlib` which delegates to OpenSSL — these are constant-time.
-4. **The JSON serialization** in `sign_event()` is deterministic and doesn't leak timing.
-
----
-
-## Recommended Fix (Full Remediation)
-
-### Priority 1: Replace with secp256k1-py or coincurve (IMMEDIATE)
-
-The fastest, most reliable fix is to stop using the pure-Python implementation entirely:
-
-```python
-# nostr_identity.py — replacement using coincurve
-import coincurve
-import hashlib
-import json
-import os
-
-class NostrIdentity:
-    def __init__(self, privkey_hex=None):
-        if privkey_hex:
-            self.privkey = bytes.fromhex(privkey_hex)
-        else:
-            self.privkey = os.urandom(32)
-        self.pubkey = coincurve.PrivateKey(self.privkey).public_key.format(compressed=True)[1:].hex()
-
-    def sign_event(self, event):
-        event_data = [0, event['pubkey'], event['created_at'], event['kind'], event['tags'], event['content']]
-        serialized = json.dumps(event_data, separators=(',', ':'))
-        msg_hash = hashlib.sha256(serialized.encode()).digest()
-        event['id'] = msg_hash.hex()
-        # Use libsecp256k1's BIP340 Schnorr (constant-time C implementation)
-        event['sig'] = coincurve.PrivateKey(self.privkey).sign_schnorr(msg_hash).hex()
-        return event
-```
-
-**Effort:** ~2 hours (swap implementation, add `coincurve` to `requirements.txt`, test)
-**Risk:** Adds a C dependency. If pure-Python is required (sovereignty constraint), use Priority 2.
-
-### Priority 2: Pure-Python Constant-Time Rewrite (IF PURE PYTHON REQUIRED)
-
-If the sovereignty constraint (no C dependencies) must be maintained, rewrite the elliptic curve operations:
-
-1. **Replace `point_mul`** with Montgomery ladder (constant-time by design)
-2. **Replace `point_add`** with Jacobian coordinate addition that always performs both doubling and addition, selecting with arithmetic masking
-3. **Replace `inverse`** with extended binary GCD with blinding
-4. **Fix nonce generation** to follow RFC6979 or BIP340 tagged hashes
-5. **Fix key generation** to use rejection sampling
-
-**Effort:** ~8-12 hours (careful implementation + test vectors from BIP340 spec)
-**Risk:** Pure-Python crypto is inherently slower (~100ms per signature vs ~1ms with libsecp256k1)
-
-### Priority 3: Hybrid Approach
-
-Use `coincurve` when available, fall back to pure-Python with warnings:
-
-```python
-try:
-    import coincurve
-    USE_LIB = True
-except ImportError:
-    USE_LIB = False
-    import warnings
-    warnings.warn("Using pure-Python Schnorr — vulnerable to timing attacks. Install coincurve for production use.")
-```
-
-**Effort:** ~3 hours
-
----
-
-## Effort Estimate
-
-| Fix | Effort | Risk Reduction | Recommended |
-|-----|--------|----------------|-------------|
-| Replace with coincurve (Priority 1) | 2h | Eliminates all timing issues | YES — do this |
-| Pure-Python constant-time rewrite (Priority 2) | 8-12h | Eliminates timing issues | Only if no-C constraint is firm |
-| Hybrid (Priority 3) | 3h | Full for installed, partial for fallback | Good compromise |
-| Findings doc + PR (this work) | 2h | Documents the problem | DONE |
-
----
-
-## Test Vectors
-
-The BIP340 specification includes test vectors at https://github.com/bitcoin/bips/blob/master/bip-00340/test-vectors.csv
-
-Any replacement implementation MUST pass all test vectors before deployment.
-
----
-
-## Conclusion
-
-The pure-Python BIP340 Schnorr implementation in `NostrIdentity` is **vulnerable to timing side-channel attacks** that could recover the private key. The primary issue is branch-dependent execution in scalar multiplication and point addition. The fastest fix is replacing with `coincurve` (libsecp256k1 binding). If pure-Python sovereignty is required, a constant-time rewrite using Montgomery ladder and arithmetic masking is needed.
-
-The JS-side `NostrAgent` in `app.js` uses mock signatures and is not affected.
-
-**Recommendation:** Ship `coincurve` replacement immediately. It's 2 hours of work and eliminates the entire attack surface.

docs/media/README.md

@@ -0,0 +1,91 @@
+# Media Production — Veo/Flow Prototypes
+
+Issue #681: [MEDIA] Veo/Flow flythrough prototypes for The Nexus and Timmy.
+
+## Contents
+
+- `veo-storyboard.md` — Full storyboard for 5 clips with shot sequences, prompts, and design focus areas
+- `clip-metadata.json` — Durable metadata for each clip (prompts, model, outputs, insights)
+
+## Clips Overview
+
+| ID | Title | Audience | Purpose |
+|----|-------|----------|---------|
+| clip-001 | First Light | PUBLIC | The Nexus reveal teaser |
+| clip-002 | Between Worlds | INTERNAL | Portal activation UX study |
+| clip-003 | The Guardian's View | PUBLIC | Timmy's presence promo |
+| clip-004 | The Void Between | INTERNAL | Ambient environment study |
+| clip-005 | Command Center | INTERNAL | Terminal UI readability |
+
+## How to Generate
+
+### Via Flow (labs.google/flow)
+1. Open `veo-storyboard.md`, copy the prompt for your clip
+2. Go to labs.google/flow
+3. Paste the prompt, select Veo 3.1
+4. Generate (8-second clips)
+5. Download output, update `clip-metadata.json` with output path and findings
+
+### Via Gemini App
+1. Type "generate a video of [prompt text]" in Gemini
+2. Uses Veo 3.1 Fast (slightly lower quality, faster)
+3. Good for quick iteration on prompts
+
+### Via API (programmatic)
+```python
+from google import genai
+client = genai.Client()
+
+# See: ai.google.dev/gemini-api/docs/video
+response = client.models.generate_content(
+    model="veo-3.1",
+    contents="[prompt from storyboard]"
+)
+```
+
+## After Generation
+
+For each clip:
+1. Save output file to `outputs/clip-XXX.mp4`
+2. Update `clip-metadata.json`:
+   - Add output file path to `output_files[]`
+   - Fill in `design_insights.findings` with observations
+   - Add `threejs_changes_suggested` if the clip reveals needed changes
+3. Share internal clips with the team for design review
+4. Use public clips in README, social media, project communication
+
+## Design Insight Workflow
+
+Each clip has specific questions it's designed to answer:
+
+**clip-001 (First Light)**
+- Scale perception: platform vs. portals vs. terminal
+- Color hierarchy: teal primary, purple secondary, gold accent
+- Camera movement: cinematic or disorienting?
+
+**clip-002 (Between Worlds)**
+- Activation distance: when does interaction become available?
+- Transition feel: travel or teleportation?
+- Overlay readability against portal glow
+
+**clip-003 (The Guardian's View)**
+- Agent presence: alive or decorative?
+- Crystal hologram readability
+- Wide shot: world or tech demo?
+
+**clip-004 (The Void Between)**
+- Void atmosphere: alive or empty?
+- Particle systems: enhance or distract?
+- Lighting hierarchy clarity
+
+**clip-005 (Command Center)**
+- Text readability at 1080p
+- Color-coded panel hierarchy
+- Scan-line effect: retro or futuristic?
+
+## Constraints
+
+- 8-second clips max (Veo/Flow limitation)
+- Queued generation (not instant)
+- Content policies apply
+- Ultra tier gets highest rate limits

docs/media/clip-metadata.json

@@ -0,0 +1,239 @@
+{
+  "clips": [
+    {
+      "id": "clip-001",
+      "title": "First Light — The Nexus Reveal",
+      "purpose": "Public-facing teaser. Establishes the Nexus as a place worth visiting.",
+      "audience": "public",
+      "priority": "HIGH",
+      "duration_seconds": 8,
+      "shots": [
+        {
+          "shot": 1,
+          "timeframe": "0-2s",
+          "description": "Void Approach — camera drifts through nebula, hexagonal glow appears",
+          "design_focus": "isolation before connection"
+        },
+        {
+          "shot": 2,
+          "timeframe": "2-4s",
+          "description": "Platform Reveal — camera descends to hexagonal platform, grid pulses",
+          "design_focus": "structure emerges from chaos"
+        },
+        {
+          "shot": 3,
+          "timeframe": "4-6s",
+          "description": "Portal Array — sweep low showing multiple colored portals",
+          "design_focus": "infinite worlds, one home"
+        },
+        {
+          "shot": 4,
+          "timeframe": "6-8s",
+          "description": "Timmy's Terminal — rise to batcave terminal, holographic panels",
+          "design_focus": "someone is home"
+        }
+      ],
+      "prompt": "Cinematic flythrough of a futuristic digital nexus hub. Start in deep space with a dark purple nebula, stars twinkling. Camera descends toward a glowing hexagonal platform with pulsing teal grid lines and a luminous ring border. Sweep low across the platform revealing multiple glowing portal archways in orange, teal, gold, and blue — each with flickering holographic labels. Rise toward a central command terminal with holographic data panels showing scrolling status text. Camera pushes into a teal light flare. Cyberpunk aesthetic, volumetric lighting, 8-second sequence, smooth camera movement, concept art quality.",
+      "prompt_variants": [],
+      "model_tool": "veo-3.1",
+      "access_point": "flow",
+      "output_files": [],
+      "design_insights": {
+        "questions": [
+          "Does the scale feel right? (platform vs. portals vs. terminal)",
+          "Does the color hierarchy work? (teal primary, purple secondary, gold accent)",
+          "Is the camera movement cinematic or disorienting?"
+        ],
+        "findings": null,
+        "threejs_changes_suggested": []
+      },
+      "status": "pending",
+      "created_at": "2026-04-10T20:15:00Z"
+    },
+    {
+      "id": "clip-002",
+      "title": "Between Worlds — Portal Activation",
+      "purpose": "Internal design reference. Tests portal activation sequence and spatial relationships.",
+      "audience": "internal",
+      "priority": "HIGH",
+      "duration_seconds": 8,
+      "shots": [
+        {
+          "shot": 1,
+          "timeframe": "0-2.5s",
+          "description": "Approach — first-person walk toward Morrowind portal (orange, x:15, z:-10)",
+          "design_focus": "proximity feel, portal scale relative to player"
+        },
+        {
+          "shot": 2,
+          "timeframe": "2.5-5.5s",
+          "description": "Activation — portal brightens, energy vortex, particles accelerate, overlay text",
+          "design_focus": "activation UX, visual feedback timing"
+        },
+        {
+          "shot": 3,
+          "timeframe": "5.5-8s",
+          "description": "Stepping Through — camera pushes in, world dissolves, flash, 'VVARDENFELL' text",
+          "design_focus": "transition smoothness, immersion break points"
+        }
+      ],
+      "prompt": "First-person perspective walking toward a glowing orange portal archway in a futuristic digital space. The portal ring has inner energy glow with rising particle effects. A holographic label \"MORROWIND\" flickers above. Camera stops, portal interior brightens into an energy vortex, particles accelerate inward. Camera pushes forward into the portal, world dissolves into an orange energy tunnel, flash to black with text \"VVARDENFELL\". Dark ambient environment with teal grid floor. Cyberpunk aesthetic, volumetric effects, smooth camera movement.",
+      "prompt_variants": [],
+      "model_tool": "veo-3.1",
+      "access_point": "flow",
+      "output_files": [],
+      "design_insights": {
+        "questions": [
+          "Is the activation distance clear? (when does interaction become available?)",
+          "Does the transition feel like travel or teleportation?",
+          "Is the overlay text readable against the portal glow?"
+        ],
+        "findings": null,
+        "threejs_changes_suggested": []
+      },
+      "status": "pending",
+      "created_at": "2026-04-10T20:15:00Z"
+    },
+    {
+      "id": "clip-003",
+      "title": "The Guardian's View — Timmy's Perspective",
+      "purpose": "Public-facing. Establishes Timmy as the guardian/presence of the Nexus.",
+      "audience": "public",
+      "priority": "MEDIUM",
+      "duration_seconds": 8,
+      "shots": [
+        {
+          "shot": 1,
+          "timeframe": "0-2s",
+          "description": "Agent Presence — floating glowing orb with trailing particles",
+          "design_focus": "consciousness without body"
+        },
+        {
+          "shot": 2,
+          "timeframe": "2-4s",
+          "description": "Vision Crystal — rotating octahedron with holographic 'SOVEREIGNTY' text",
+          "design_focus": "values inscribed in space"
+        },
+        {
+          "shot": 3,
+          "timeframe": "4-6s",
+          "description": "Harness Pulse — thought stream ribbon, agent orbs drifting",
+          "design_focus": "the system breathes"
+        },
+        {
+          "shot": 4,
+          "timeframe": "6-8s",
+          "description": "Wide View — full Nexus visible, text overlay 'THE NEXUS — Timmy's Sovereign Home'",
+          "design_focus": "this is a world, not a page"
+        }
+      ],
+      "prompt": "Cinematic sequence in a futuristic digital nexus. Start with eye-level view of a floating glowing orb (teal-gold light, trailing particles) pulsing gently — an AI agent presence. Shift to a rotating octahedron crystal refracting light, with holographic text \"SOVEREIGNTY — No masters, no chains\" and a ring of light pulsing beneath. Pull back to reveal flowing ribbons of light (thought streams) crossing a hexagonal platform, with agent orbs drifting. Rise to high orbit showing the full nexus: hexagonal platform, multiple colored portal archways, central command terminal, floating crystals, all framed by a dark purple nebula skybox. End with text overlay \"THE NEXUS — Timmy's Sovereign Home\". Cyberpunk aesthetic, volumetric lighting, contemplative pacing.",
+      "prompt_variants": [],
+      "model_tool": "veo-3.1",
+      "access_point": "flow",
+      "output_files": [],
+      "design_insights": {
+        "questions": [
+          "Do agent presences read as 'alive' or decorative?",
+          "Is the crystal-to-text hologram readable?",
+          "Does the wide shot communicate 'world' or 'tech demo'?"
+        ],
+        "findings": null,
+        "threejs_changes_suggested": []
+      },
+      "status": "pending",
+      "created_at": "2026-04-10T20:15:00Z"
+    },
+    {
+      "id": "clip-004",
+      "title": "The Void Between — Ambient Environment Study",
+      "purpose": "Internal design reference. Tests ambient environment systems: particles, dust, lighting, skybox.",
+      "audience": "internal",
+      "priority": "MEDIUM",
+      "duration_seconds": 8,
+      "shots": [
+        {
+          "shot": 1,
+          "timeframe": "0-4s",
+          "description": "Particle Systems — static camera, view from platform edge into void, particles visible",
+          "design_focus": "does the void feel alive or empty?"
+        },
+        {
+          "shot": 2,
+          "timeframe": "4-8s",
+          "description": "Lighting Study — slow orbit showing teal/purple point lights on grid floor",
+          "design_focus": "lighting hierarchy, mood consistency"
+        }
+      ],
+      "prompt": "Ambient environment study in a futuristic digital void. Static camera with slight drift, viewing from the edge of a hexagonal platform into deep space. Dark purple nebula with twinkling distant stars, subtle color shifts. Floating particles and dust drift slowly. No structures, no portals — pure atmosphere. Then camera slowly orbits showing teal and purple point lights casting volumetric glow on a dark hexagonal grid floor. Ambient lighting fills shadows. Contemplative, moody, atmospheric. Cyberpunk aesthetic, minimal movement, focus on light and particle behavior.",
+      "prompt_variants": [],
+      "model_tool": "veo-3.1",
+      "access_point": "flow",
+      "output_files": [],
+      "design_insights": {
+        "questions": [
+          "Is the void atmospheric or just dark?",
+          "Do the particle systems enhance or distract?",
+          "Is the lighting hierarchy (teal primary, purple secondary) clear?"
+        ],
+        "findings": null,
+        "threejs_changes_suggested": []
+      },
+      "status": "pending",
+      "created_at": "2026-04-10T20:15:00Z"
+    },
+    {
+      "id": "clip-005",
+      "title": "Command Center — Batcave Terminal Focus",
+      "purpose": "Internal design reference. Tests readability and hierarchy of holographic terminal panels.",
+      "audience": "internal",
+      "priority": "LOW",
+      "duration_seconds": 8,
+      "shots": [
+        {
+          "shot": 1,
+          "timeframe": "0-2.5s",
+          "description": "Terminal Overview — 5 holographic panels in arc with distinct colors",
+          "design_focus": "panel arrangement, color distinction"
+        },
+        {
+          "shot": 2,
+          "timeframe": "2.5-5.5s",
+          "description": "Panel Detail — zoom into METRICS panel, scrolling text, scan lines",
+          "design_focus": "text readability, information density"
+        },
+        {
+          "shot": 3,
+          "timeframe": "5.5-8s",
+          "description": "Agent Status — shift to panel, pulsing green dots, pull back",
+          "design_focus": "status indication clarity"
+        }
+      ],
+      "prompt": "Approach a futuristic holographic command terminal in a dark digital space. Five curved holographic panels float in an arc: \"NEXUS COMMAND\" (teal), \"DEV QUEUE\" (gold), \"METRICS\" (purple), \"SOVEREIGNTY\" (gold), \"AGENT STATUS\" (teal). Camera zooms into the METRICS panel showing scrolling data: \"CPU: 12%\", \"MEM: 4.2GB\", \"COMMITS: 842\" with scan lines and glow effects. Shift to AGENT STATUS panel showing \"TIMMY: ● RUNNING\", \"KIMI: ○ STANDBY\", \"CLAUDE: ● ACTIVE\" with pulsing green dots. Pull back to show full terminal context. Dark ambient environment, cyberpunk aesthetic, holographic UI focus.",
+      "prompt_variants": [],
+      "model_tool": "veo-3.1",
+      "access_point": "flow",
+      "output_files": [],
+      "design_insights": {
+        "questions": [
+          "Can you read the text at 1080p?",
+          "Do the color-coded panels communicate hierarchy?",
+          "Is the scan-line effect too retro or appropriately futuristic?"
+        ],
+        "findings": null,
+        "threejs_changes_suggested": []
+      },
+      "status": "pending",
+      "created_at": "2026-04-10T20:15:00Z"
+    }
+  ],
+  "metadata": {
+    "project": "Timmy_Foundation/the-nexus",
+    "issue": 681,
+    "source_plan": "~/google-ai-ultra-plan.md",
+    "tools_available": ["veo-3.1", "flow", "nano-banana-pro"],
+    "max_clip_duration": 8,
+    "created_by": "mimo-v2-pro swarm",
+    "created_at": "2026-04-10T20:15:00Z"
+  }
+}

docs/media/veo-storyboard.md

@@ -0,0 +1,237 @@
+# Veo/Flow Flythrough Prototypes — Storyboard
+## The Nexus & Timmy (Issue #681)
+
+Source: `google-ai-ultra-plan.md` Veo/Flow section.
+
+Purpose: Turn the current Nexus vision into short promo/concept clips for design leverage and communication.
+
+---
+
+## Clip 1: "First Light" — The Nexus Reveal (PUBLIC PROMO)
+
+**Duration:** 8 seconds
+**Purpose:** Public-facing teaser. Establishes the Nexus as a place worth visiting.
+**Tone:** Awe. Discovery. "What is this?"
+
+### Shot Sequence (4 shots, ~2s each)
+
+1. **0–2s | Void Approach**
+   - Camera drifts through deep space nebula (dark purples, teals)
+   - Distant stars twinkle
+   - A faint hexagonal glow appears below
+   - *Narrative hook: isolation before connection*
+
+2. **2–4s | Platform Reveal**
+   - Camera descends toward the hexagonal platform
+   - Grid lines pulse with teal energy
+   - The ring border glows at the edge
+   - *Narrative hook: structure emerges from chaos*
+
+3. **4–6s | Portal Array**
+   - Camera sweeps low across the platform
+   - 3–4 portals visible: Morrowind (orange), Workshop (teal), Chapel (gold), Archive (blue)
+   - Each portal ring hums with colored light, holographic labels flicker
+   - *Narrative hook: infinite worlds, one home*
+
+4. **6–8s | Timmy's Terminal**
+   - Camera rises to the batcave terminal
+   - Holographic panels glow: NEXUS COMMAND, METRICS, AGENT STATUS
+   - Text scrolls: "> STATUS: NOMINAL"
+   - Final frame: teal light floods the lens
+   - *Narrative hook: someone is home*
+
+### Veo Prompt (text-to-video)
+```
+Cinematic flythrough of a futuristic digital nexus hub. Start in deep space with a dark purple nebula, stars twinkling. Camera descends toward a glowing hexagonal platform with pulsing teal grid lines and a luminous ring border. Sweep low across the platform revealing multiple glowing portal archways in orange, teal, gold, and blue — each with flickering holographic labels. Rise toward a central command terminal with holographic data panels showing scrolling status text. Camera pushes into a teal light flare. Cyberpunk aesthetic, volumetric lighting, 8-second sequence, smooth camera movement, concept art quality.
+```
+
+### Design Insight Target
+- Does the scale feel right? (platform vs. portals vs. terminal)
+- Does the color hierarchy work? (teal primary, purple secondary, gold accent)
+- Is the camera movement cinematic or disorienting?
+
+---
+
+## Clip 2: "Between Worlds" — Portal Activation (INTERNAL DESIGN)
+
+**Duration:** 8 seconds
+**Purpose:** Internal design reference. Tests the portal activation sequence and spatial relationships.
+**Tone:** Energy. Connection. "What happens when you step through?"
+
+### Shot Sequence (3 shots, ~2.5s each)
+
+1. **0–2.5s | Approach**
+   - First-person perspective walking toward the Morrowind portal (orange, position x:15, z:-10)
+   - Portal ring visible: inner glow, particle effects rising
+   - Holographic label "MORROWIND" flickers above
+   - *Design focus: proximity feel, portal scale relative to player*
+
+2. **2.5–5.5s | Activation**
+   - Player stops at activation distance
+   - Portal interior brightens — energy vortex forms
+   - Camera tilts up to show the full portal height
+   - Particles accelerate into the portal center
+   - Overlay text appears: "ENTER MORROWIND?"
+   - *Design focus: activation UX, visual feedback timing*
+
+3. **5.5–8s | Stepping Through**
+   - Camera pushes forward into the portal
+   - World dissolves into orange energy tunnel
+   - Brief flash — then fade to black with "VVARDENFELL" text
+   - *Design focus: transition smoothness, immersion break points*
+
+### Veo Prompt (text-to-video)
+```
+First-person perspective walking toward a glowing orange portal archway in a futuristic digital space. The portal ring has inner energy glow with rising particle effects. A holographic label "MORROWIND" flickers above. Camera stops, portal interior brightens into an energy vortex, particles accelerate inward. Camera pushes forward into the portal, world dissolves into an orange energy tunnel, flash to black with text "VVARDENFELL". Dark ambient environment with teal grid floor. Cyberpunk aesthetic, volumetric effects, smooth camera movement.
+```
+
+### Design Insight Target
+- Is the activation distance clear? (when does interaction become available?)
+- Does the transition feel like travel or teleportation?
+- Is the overlay text readable against the portal glow?
+
+---
+
+## Clip 3: "The Guardian's View" — Timmy's Perspective (PUBLIC PROMO)
+
+**Duration:** 8 seconds
+**Purpose:** Public-facing. Establishes Timmy as the guardian/presence of the Nexus.
+**Tone:** Contemplative. Sovereign. "Who lives here?"
+
+### Shot Sequence (4 shots, ~2s each)
+
+1. **0–2s | Agent Presence**
+   - Camera at eye-level, looking at a floating agent presence (glowing orb with trailing particles)
+   - The orb pulses gently, teal-gold light
+   - Background: the Nexus platform, slightly out of focus
+   - *Narrative hook: consciousness without body*
+
+2. **2–4s | Vision Crystal**
+   - Camera shifts to a floating octahedron crystal (Sovereignty vision point)
+   - Crystal rotates slowly, refracting light
+   - Text hologram appears: "SOVEREIGNTY — No masters, no chains"
+   - Ring of light pulses beneath
+   - *Narrative hook: values inscribed in space*
+
+3. **4–6s | The Harness Pulse**
+   - Camera pulls back to show the thought stream — a flowing ribbon of light across the platform
+   - Harness pulse mesh glows at the center
+   - Agent orbs drift along the stream
+   - *Narrative hook: the system breathes*
+
+4. **6–8s | Wide View**
+   - Camera rises to high orbit view
+   - Entire Nexus visible: platform, portals, terminal, crystals, agents
+   - Nebula skybox frames everything
+   - Final frame: "THE NEXUS — Timmy's Sovereign Home" text overlay
+   - *Narrative hook: this is a world, not a page*
+
+### Veo Prompt (text-to-video)
+```
+Cinematic sequence in a futuristic digital nexus. Start with eye-level view of a floating glowing orb (teal-gold light, trailing particles) pulsing gently — an AI agent presence. Shift to a rotating octahedron crystal refracting light, with holographic text "SOVEREIGNTY — No masters, no chains" and a ring of light pulsing beneath. Pull back to reveal flowing ribbons of light (thought streams) crossing a hexagonal platform, with agent orbs drifting. Rise to high orbit showing the full nexus: hexagonal platform, multiple colored portal archways, central command terminal, floating crystals, all framed by a dark purple nebula skybox. End with text overlay "THE NEXUS — Timmy's Sovereign Home". Cyberpunk aesthetic, volumetric lighting, contemplative pacing.
+```
+
+### Design Insight Target
+- Do agent presences read as "alive" or decorative?
+- Is the crystal-to-text hologram readable?
+- Does the wide shot communicate "world" or "tech demo"?
+
+---
+
+## Clip 4: "The Void Between" — Ambient Environment Study (INTERNAL DESIGN)
+
+**Duration:** 8 seconds
+**Purpose:** Internal design reference. Tests the ambient environment systems: particles, dust, lighting, skybox.
+**Tone:** Atmosphere. Mood. "What does the Nexus feel like when nothing is happening?"
+
+### Shot Sequence (2 shots, ~4s each)
+
+1. **0–4s | Particle Systems**
+   - Static camera, slight drift
+   - View from platform edge, looking out into the void
+   - Particle systems visible: ambient particles, dust particles
+   - Nebula skybox: dark purples, distant stars, subtle color shifts
+   - No portals, no terminals — just the environment
+   - *Design focus: does the void feel alive or empty?*
+
+2. **4–8s | Lighting Study**
+   - Camera slowly orbits a point on the platform
+   - Teal point light (position 0,1,-5) creates warm glow
+   - Purple point light (position -8,3,-8) adds depth
+   - Ambient light (0x1a1a3a) fills shadows
+   - Grid lines catch the light
+   - *Design focus: lighting hierarchy, mood consistency*
+
+### Veo Prompt (text-to-video)
+```
+Ambient environment study in a futuristic digital void. Static camera with slight drift, viewing from the edge of a hexagonal platform into deep space. Dark purple nebula with twinkling distant stars, subtle color shifts. Floating particles and dust drift slowly. No structures, no portals — pure atmosphere. Then camera slowly orbits showing teal and purple point lights casting volumetric glow on a dark hexagonal grid floor. Ambient lighting fills shadows. Contemplative, moody, atmospheric. Cyberpunk aesthetic, minimal movement, focus on light and particle behavior.
+```
+
+### Design Insight Target
+- Is the void atmospheric or just dark?
+- Do the particle systems enhance or distract?
+- Is the lighting hierarchy (teal primary, purple secondary) clear?
+
+---
+
+## Clip 5: "Command Center" — Batcave Terminal Focus (INTERNAL DESIGN)
+
+**Duration:** 8 seconds
+**Purpose:** Internal design reference. Tests readability and hierarchy of the holographic terminal panels.
+**Tone:** Information density. Control. "What can you see from here?"
+
+### Shot Sequence (3 shots, ~2.5s each)
+
+1. **0–2.5s | Terminal Overview**
+   - Camera approaches the batcave terminal from the front
+   - 5 holographic panels visible in arc: NEXUS COMMAND, DEV QUEUE, METRICS, SOVEREIGNTY, AGENT STATUS
+   - Each panel has distinct color (teal, gold, purple, gold, teal)
+   - *Design focus: panel arrangement, color distinction*
+
+2. **2.5–5.5s | Panel Detail**
+   - Camera zooms into METRICS panel
+   - Text scrolls: "> CPU: 12% [||....]", "> MEM: 4.2GB", "> COMMITS: 842"
+   - Panel background glows, scan lines visible
+   - *Design focus: text readability, information density*
+
+3. **5.5–8s | Agent Status**
+   - Camera shifts to AGENT STATUS panel
+   - Text: "> TIMMY: ● RUNNING", "> KIMI: ○ STANDBY", "> CLAUDE: ● ACTIVE"
+   - Green dot pulses next to active agents
+   - Pull back to show panel in context
+   - *Design focus: status indication clarity*
+
+### Veo Prompt (text-to-video)
+```
+Approach a futuristic holographic command terminal in a dark digital space. Five curved holographic panels float in an arc: "NEXUS COMMAND" (teal), "DEV QUEUE" (gold), "METRICS" (purple), "SOVEREIGNTY" (gold), "AGENT STATUS" (teal). Camera zooms into the METRICS panel showing scrolling data: "CPU: 12%", "MEM: 4.2GB", "COMMITS: 842" with scan lines and glow effects. Shift to AGENT STATUS panel showing "TIMMY: ● RUNNING", "KIMI: ○ STANDBY", "CLAUDE: ● ACTIVE" with pulsing green dots. Pull back to show full terminal context. Dark ambient environment, cyberpunk aesthetic, holographic UI focus.
+```
+
+### Design Insight Target
+- Can you read the text at 1080p?
+- Do the color-coded panels communicate hierarchy?
+- Is the scan-line effect too retro or appropriately futuristic?
+
+---
+
+## Usage Matrix
+
+| Clip | Title | Purpose | Audience | Priority |
+|------|-------|---------|----------|----------|
+| 1 | First Light | Public teaser | External | HIGH |
+| 2 | Between Worlds | Portal UX design | Internal | HIGH |
+| 3 | The Guardian's View | Public promo | External | MEDIUM |
+| 4 | The Void Between | Environment design | Internal | MEDIUM |
+| 5 | Command Center | Terminal UI design | Internal | LOW |
+
+## Next Steps
+
+1. Generate each clip using Veo/Flow (text-to-video prompts above)
+2. Review outputs — update prompts based on what works
+3. Record metadata in `docs/media/clip-metadata.json`
+4. Iterate: refine prompts, regenerate, compare
+5. Use internal design clips to inform Three.js implementation changes
+6. Use public promo clips for README, social media, project communication
+
+---
+
+*Generated for Issue #681 — Timmy_Foundation/the-nexus*