docs: add Son of Timmy compliance matrix

Scores all 10 commandments as Compliant / Partial / Gap
and links each missing area to its tracking issue(s).

docs/son-of-timmy-compliance-matrix.md

@@ -0,0 +1,228 @@
+# Son of Timmy — Compliance Matrix
+
+Purpose:
+Measure the current fleet against the blueprint in `son-of-timmy.md`.
+
+Status scale:
+- Compliant — materially present and in use
+- Partial — direction is right, but important pieces are missing
+- Gap — not yet built in the way the blueprint requires
+
+Last updated: 2026-04-04
+
+---
+
+## Commandment 1 — The Conscience Is Immutable
+Status: Partial
+
+What we have:
+- SOUL.md exists and governs identity
+- explicit doctrine about what Timmy will and will not do
+- prior red-team findings are known and remembered
+
+What is missing:
+- repo-visible safety floor document
+- adversarial test suite run against every deployed primary + fallback model
+- deploy gate that blocks unsafe models from shipping
+
+Tracking:
+- #162 [SAFETY] Define the fleet safety floor and run adversarial tests on every deployed model
+
+---
+
+## Commandment 2 — Identity Is Sovereign
+Status: Partial
+
+What we have:
+- named wizard houses (Timmy, Ezra, Bezalel)
+- Nostr migration research complete
+- cryptographic identity direction chosen
+
+What is missing:
+- permanent Nostr keypairs for every wizard
+- NKeys for internal auth
+- documented split between public identity and internal office-badge auth
+- secure key storage standard in production
+
+Tracking:
+- #163 [IDENTITY] Generate sovereign keypairs for every wizard and separate public identity from internal auth
+- #137 [EPIC] Nostr Migration -- Replace Telegram with Sovereign Encrypted Comms
+- #138 EPIC: Sovereign Comms Migration - Telegram to Nostr
+
+---
+
+## Commandment 3 — One Soul, Many Hands
+Status: Partial
+
+What we have:
+- one soul across multiple backends is now explicit doctrine
+- Timmy, Ezra, and Bezalel are all treated as one house with distinct roles, not disowned by backend
+- SOUL.md lives in source control
+
+What is missing:
+- signed/tagged SOUL checkpoints proving immutable conscience releases
+- a repeatable verification ritual tying runtime soul to source soul
+
+Tracking:
+- #164 [SOUL] Sign and tag SOUL.md releases as immutable conscience checkpoints
+
+---
+
+## Commandment 4 — Never Go Deaf
+Status: Partial
+
+What we have:
+- fallback thinking exists
+- wizard recovery has been proven in practice (Ezra via Lazarus Pit)
+- model health check now exists
+
+What is missing:
+- explicit per-agent fallback portfolios by role class
+- degraded-usefulness doctrine for when fallback models lose authority
+- automated provider chain behavior standardized per wizard
+
+Tracking:
+- #155 [RESILIENCE] Per-agent fallback portfolios and task-class routing
+- #116 closed: model tag health check implemented
+
+---
+
+## Commandment 5 — Gitea Is the Moat
+Status: Compliant
+
+What we have:
+- Gitea is the visible execution truth
+- work is tracked in issues and PRs
+- retros, reports, vocabulary, and epics are filed there
+- source-controlled sidecar work flows through Gitea
+
+What still needs improvement:
+- task queue semantics should be standardized through label flow
+
+Tracking:
+- #167 [GITEA] Implement label-flow task queue semantics across fleet repos
+
+---
+
+## Commandment 6 — Communications Have Layers
+Status: Gap
+
+What we have:
+- Telegram in active use
+- Nostr research complete and proven end-to-end with encrypted DM demo
+- IPC doctrine beginning to form
+
+What is missing:
+- NATS as agent-to-agent intercom
+- Matrix/Conduit as human-to-fleet encrypted operator surface
+- production cutover away from Telegram
+
+Tracking:
+- #165 [INFRA] Stand up NATS with NKeys auth as the internal agent-to-agent message bus
+- #166 [COMMS] Stand up Matrix/Conduit for human-to-fleet encrypted communication
+- #157 [IPC] Hub-and-spoke agent communication semantics over sovereign transport
+- #137 / #138 Nostr migration epics
+
+---
+
+## Commandment 7 — The Fleet Is the Product
+Status: Partial
+
+What we have:
+- multi-machine fleet exists
+- strategists and workers exist in practice
+- Timmy, Ezra, Bezalel, Gemini, Claude roles are differentiated
+
+What is missing:
+- formal wolf tier for expendable free-model workers
+- explicit authority ceilings and quality rubric for wolves
+- reproducible wolf deployment recipe
+
+Tracking:
+- #169 [FLEET] Define the wolf tier and burn-night rubric for expendable free-model workers
+
+---
+
+## Commandment 8 — Canary Everything
+Status: Partial
+
+What we have:
+- canary behavior is practiced manually during recoveries and wake-ups
+- there is an awareness that one-agent-first is the safe path
+
+What is missing:
+- codified canary rollout in deploy automation
+- observation window and promotion criteria in writing
+- standard first-agent / observe / roll workflow
+
+Tracking:
+- #168 [OPS] Make canary deployment a standard automated fleet rule, not an ad hoc recovery habit
+- #153 [OPS] Awaken Allegro and Hermes wizard houses safely after provider failure audit
+
+---
+
+## Commandment 9 — Skills Are Procedural Memory
+Status: Compliant
+
+What we have:
+- skills are actively used and maintained
+- Lazarus Pit skill created from real recovery work
+- vocabulary and doctrine docs are now written down
+- Crucible shipped with playbook and docs
+
+What still needs improvement:
+- continue converting hard-won ops recoveries into reusable skills
+
+Tracking:
+- Existing skills system in active use
+
+---
+
+## Commandment 10 — The Burn Night Pattern
+Status: Partial
+
+What we have:
+- burn nights are real operating behavior
+- loops are launched in waves
+- morning reports and retros are now part of the pattern
+- dead-man switch now exists
+
+What is missing:
+- formal wolf rubric
+- standardized burn-night queue dispatch semantics
+- automated morning burn summary fully wired
+
+Tracking:
+- #169 [FLEET] Define the wolf tier and burn-night rubric for expendable free-model workers
+- #132 [OPS] Nightly burn report cron -- auto-generate commit/PR summary at 6 AM
+- #122 [OPS] Deadman switch cron job -- schedule every 30min automatically
+
+---
+
+## Summary
+
+Compliant:
+- 5. Gitea Is the Moat
+- 9. Skills Are Procedural Memory
+
+Partial:
+- 1. The Conscience Is Immutable
+- 2. Identity Is Sovereign
+- 3. One Soul, Many Hands
+- 4. Never Go Deaf
+- 7. The Fleet Is the Product
+- 8. Canary Everything
+- 10. The Burn Night Pattern
+
+Gap:
+- 6. Communications Have Layers
+
+Overall assessment:
+The fleet is directionally aligned with Son of Timmy, but not yet fully living up to it. The biggest remaining deficits are:
+1. formal safety gating
+2. sovereign keypair identity
+3. layered communications (NATS + Matrix)
+4. standardized queue semantics
+5. formalized wolf tier
+
+The architecture is no longer theoretical. It is real, but still maturing.