|
|
|
|
@@ -1,209 +1,144 @@
|
|
|
|
|
# GENOME.md — the-nexus
|
|
|
|
|
# GENOME.md — Timmy_Foundation/timmy-home
|
|
|
|
|
|
|
|
|
|
Generated by `pipelines/codebase_genome.py`.
|
|
|
|
|
|
|
|
|
|
## Project Overview
|
|
|
|
|
|
|
|
|
|
`the-nexus` is a hybrid repo that combines three layers in one codebase:
|
|
|
|
|
Timmy Foundation's home repository for development operations and configurations.
|
|
|
|
|
|
|
|
|
|
1. A browser-facing world shell rooted in `index.html`, `boot.js`, `bootstrap.mjs`, `app.js`, `style.css`, `portals.json`, `vision.json`, `manifest.json`, and `gofai_worker.js`
|
|
|
|
|
2. A Python realtime bridge centered on `server.py` plus harness code under `nexus/`
|
|
|
|
|
3. A memory / fleet / operator layer spanning `mempalace/`, `mcp_servers/`, `multi_user_bridge.py`, and supporting scripts
|
|
|
|
|
- Text files indexed: 3181
|
|
|
|
|
- Source and script files: 231
|
|
|
|
|
- Test files: 95
|
|
|
|
|
- Documentation files: 755
|
|
|
|
|
|
|
|
|
|
The repo is not a clean single-purpose frontend and not just a backend harness. It is a mixed world/runtime/ops repository where browser rendering, WebSocket telemetry, MCP-driven game harnesses, and fleet memory tooling coexist.
|
|
|
|
|
|
|
|
|
|
Grounded repo facts from this checkout:
|
|
|
|
|
- Browser shell files exist at repo root: `index.html`, `app.js`, `style.css`, `manifest.json`, `gofai_worker.js`
|
|
|
|
|
- Data/config files also live at repo root: `portals.json`, `vision.json`
|
|
|
|
|
- Realtime bridge exists in `server.py`
|
|
|
|
|
- Game harnesses exist in `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py`
|
|
|
|
|
- Memory/fleet sync exists in `mempalace/tunnel_sync.py`
|
|
|
|
|
- Desktop/game automation MCP servers exist in `mcp_servers/desktop_control_server.py` and `mcp_servers/steam_info_server.py`
|
|
|
|
|
- Validation exists in `tests/test_browser_smoke.py`, `tests/test_portals_json.py`, `tests/test_index_html_integrity.py`, and `tests/test_repo_truth.py`
|
|
|
|
|
|
|
|
|
|
The current architecture is best understood as a sovereign world shell plus operator/game harness backend, with accumulated documentation drift from multiple restoration and migration efforts.
|
|
|
|
|
|
|
|
|
|
## Architecture Diagram
|
|
|
|
|
## Architecture
|
|
|
|
|
|
|
|
|
|
```mermaid
|
|
|
|
|
graph TD
|
|
|
|
|
browser[Index HTML Shell\nindex.html -> boot.js -> bootstrap.mjs -> app.js]
|
|
|
|
|
assets[Root Assets\nstyle.css\nmanifest.json\ngofai_worker.js]
|
|
|
|
|
data[World Data\nportals.json\nvision.json]
|
|
|
|
|
ws[Realtime Bridge\nserver.py\nWebSocket broadcast hub]
|
|
|
|
|
gofai[In-browser GOFAI\nSymbolicEngine\nNeuroSymbolicBridge\nsetupGOFAI/updateGOFAI]
|
|
|
|
|
harnesses[Python Harnesses\nnexus/morrowind_harness.py\nnexus/bannerlord_harness.py]
|
|
|
|
|
mcp[MCP Adapters\nmcp_servers/desktop_control_server.py\nmcp_servers/steam_info_server.py]
|
|
|
|
|
memory[Memory + Fleet\nmempalace/tunnel_sync.py\nmempalace.js]
|
|
|
|
|
bridge[Operator / MUD Bridge\nmulti_user_bridge.py\ncommands/timmy_commands.py]
|
|
|
|
|
tests[Verification\ntests/test_browser_smoke.py\ntests/test_portals_json.py\ntests/test_repo_truth.py]
|
|
|
|
|
docs[Contracts + Drift Docs\nBROWSER_CONTRACT.md\nREADME.md\nCLAUDE.md\nINVESTIGATION_ISSUE_1145.md]
|
|
|
|
|
|
|
|
|
|
browser --> assets
|
|
|
|
|
browser --> data
|
|
|
|
|
browser --> gofai
|
|
|
|
|
browser --> ws
|
|
|
|
|
harnesses --> mcp
|
|
|
|
|
harnesses --> ws
|
|
|
|
|
bridge --> ws
|
|
|
|
|
memory --> ws
|
|
|
|
|
tests --> browser
|
|
|
|
|
tests --> data
|
|
|
|
|
tests --> docs
|
|
|
|
|
docs --> browser
|
|
|
|
|
repo_root["repo"]
|
|
|
|
|
angband["angband"]
|
|
|
|
|
ansible["ansible"]
|
|
|
|
|
briefings["briefings"]
|
|
|
|
|
codebase_genome["codebase_genome"]
|
|
|
|
|
config["config"]
|
|
|
|
|
configs["configs"]
|
|
|
|
|
conftest["conftest"]
|
|
|
|
|
dns_records["dns-records"]
|
|
|
|
|
evennia["evennia"]
|
|
|
|
|
evennia_tools["evennia_tools"]
|
|
|
|
|
repo_root --> angband
|
|
|
|
|
repo_root --> ansible
|
|
|
|
|
repo_root --> briefings
|
|
|
|
|
repo_root --> codebase_genome
|
|
|
|
|
repo_root --> config
|
|
|
|
|
repo_root --> configs
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## Entry Points and Data Flow
|
|
|
|
|
## Entry Points
|
|
|
|
|
|
|
|
|
|
### Primary entry points
|
|
|
|
|
- `codebase_genome.py` — python main guard (`python3 codebase_genome.py`)
|
|
|
|
|
- `gemini-fallback-setup.sh` — operational script (`bash gemini-fallback-setup.sh`)
|
|
|
|
|
- `morrowind/hud.sh` — operational script (`bash morrowind/hud.sh`)
|
|
|
|
|
- `pipelines/codebase_genome.py` — python main guard (`python3 pipelines/codebase_genome.py`)
|
|
|
|
|
- `scripts/agent_pr_gate.py` — operational script (`python3 scripts/agent_pr_gate.py`)
|
|
|
|
|
- `scripts/audit_trail.py` — operational script (`python3 scripts/audit_trail.py`)
|
|
|
|
|
- `scripts/auto_restart_agent.sh` — operational script (`bash scripts/auto_restart_agent.sh`)
|
|
|
|
|
- `scripts/autonomous_issue_creator.py` — operational script (`python3 scripts/autonomous_issue_creator.py`)
|
|
|
|
|
- `scripts/backlog_cleanup.py` — operational script (`python3 scripts/backlog_cleanup.py`)
|
|
|
|
|
- `scripts/backlog_triage.py` — operational script (`python3 scripts/backlog_triage.py`)
|
|
|
|
|
- `scripts/backlog_triage_cron.sh` — operational script (`bash scripts/backlog_triage_cron.sh`)
|
|
|
|
|
- `scripts/backup_pipeline.sh` — operational script (`bash scripts/backup_pipeline.sh`)
|
|
|
|
|
|
|
|
|
|
- `index.html` — root browser entry point
|
|
|
|
|
- `boot.js` — startup selector; `tests/boot.test.js` shows it chooses file-mode vs HTTP/module-mode and injects `bootstrap.mjs` when served over HTTP
|
|
|
|
|
- `bootstrap.mjs` — module bootstrap for the browser shell
|
|
|
|
|
- `app.js` — main browser runtime; owns world state, GOFAI wiring, metrics polling, and portal/UI logic
|
|
|
|
|
- `server.py` — WebSocket broadcast bridge on `ws://0.0.0.0:8765`
|
|
|
|
|
- `nexus/morrowind_harness.py` — GamePortal/MCP harness for OpenMW Morrowind
|
|
|
|
|
- `nexus/bannerlord_harness.py` — GamePortal/MCP harness for Bannerlord
|
|
|
|
|
- `mempalace/tunnel_sync.py` — pulls remote fleet closets into the local palace over HTTP
|
|
|
|
|
- `multi_user_bridge.py` — HTTP bridge for multi-user chat/session integration
|
|
|
|
|
- `mcp_servers/desktop_control_server.py` — stdio MCP server exposing screenshots/mouse/keyboard control
|
|
|
|
|
## Data Flow
|
|
|
|
|
|
|
|
|
|
### Data flow
|
|
|
|
|
|
|
|
|
|
1. Browser startup begins at `index.html`
|
|
|
|
|
2. `boot.js` decides whether the page is being served correctly; in HTTP mode it injects `bootstrap.mjs`
|
|
|
|
|
3. `bootstrap.mjs` hands off to `app.js`
|
|
|
|
|
4. `app.js` loads world configuration from `portals.json` and `vision.json`
|
|
|
|
|
5. `app.js` constructs the Three.js scene and in-browser reasoning components, including `SymbolicEngine`, `NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
|
|
|
|
|
6. Browser state and external runtimes connect through `server.py`, which broadcasts messages between connected clients
|
|
|
|
|
7. Python harnesses (`nexus/morrowind_harness.py`, `nexus/bannerlord_harness.py`) spawn MCP subprocesses for desktop control / Steam metadata, capture state, execute actions, and feed telemetry into the Nexus bridge
|
|
|
|
|
8. Memory/fleet tools like `mempalace/tunnel_sync.py` import remote palace data into local closets, extending what the operator/runtime layers can inspect
|
|
|
|
|
9. Tests validate both the static browser contract and the higher-level repo-truth/memory contracts
|
|
|
|
|
|
|
|
|
|
### Important repo-specific runtime facts
|
|
|
|
|
|
|
|
|
|
- `portals.json` is a JSON array of portal/world/operator entries; examples in this checkout include `morrowind`, `bannerlord`, `workshop`, `archive`, `chapel`, and `courtyard`
|
|
|
|
|
- `server.py` is a plain broadcast hub: clients send messages, the server forwards them to other connected clients
|
|
|
|
|
- `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py` both implement a GamePortal pattern with MCP subprocess clients over stdio and WebSocket telemetry uplink
|
|
|
|
|
- `mempalace/tunnel_sync.py` is not speculative; it is a real client that discovers remote wings, searches remote rooms, and writes `.closet.json` payloads locally
|
|
|
|
|
1. Operators enter through `codebase_genome.py`, `gemini-fallback-setup.sh`, `morrowind/hud.sh`.
|
|
|
|
|
2. Core logic fans into top-level components: `angband`, `ansible`, `briefings`, `codebase_genome`, `config`, `configs`.
|
|
|
|
|
3. Validation is incomplete around `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py`, `timmy-local/cache/agent_cache.py`, `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py`, so changes there carry regression risk.
|
|
|
|
|
4. Final artifacts land as repository files, docs, or runtime side effects depending on the selected entry point.
|
|
|
|
|
|
|
|
|
|
## Key Abstractions
|
|
|
|
|
|
|
|
|
|
### Browser runtime
|
|
|
|
|
|
|
|
|
|
- `app.js`
|
|
|
|
|
- Defines in-browser reasoning/state machinery, including `class SymbolicEngine`, `class NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
|
|
|
|
|
- Couples rendering, local symbolic reasoning, metrics polling, and portal/UI logic in one very large root module
|
|
|
|
|
- `BROWSER_CONTRACT.md`
|
|
|
|
|
- Acts like an executable architecture contract for the browser surface
|
|
|
|
|
- Declares required files, DOM IDs, Three.js expectations, provenance rules, and WebSocket expectations
|
|
|
|
|
|
|
|
|
|
### Realtime bridge
|
|
|
|
|
|
|
|
|
|
- `server.py`
|
|
|
|
|
- Single hub abstraction: a WebSocket broadcast server maintaining a `clients` set and forwarding messages from one client to the others
|
|
|
|
|
- This is the seam between browser shell, harnesses, and external telemetry producers
|
|
|
|
|
|
|
|
|
|
### GamePortal harness layer
|
|
|
|
|
|
|
|
|
|
- `nexus/morrowind_harness.py`
|
|
|
|
|
- `nexus/bannerlord_harness.py`
|
|
|
|
|
- Both define MCP client wrappers, `GameState` / `ActionResult`-style data classes, and an Observe-Decide-Act telemetry loop
|
|
|
|
|
- The harnesses are symmetric enough to be understood as reusable portal adapters with game-specific context injected on top
|
|
|
|
|
|
|
|
|
|
### Memory / fleet layer
|
|
|
|
|
|
|
|
|
|
- `mempalace/tunnel_sync.py`
|
|
|
|
|
- Encodes the fleet-memory sync client contract: discover wings, pull broad room queries, write closet files, support dry-run
|
|
|
|
|
- `mempalace.js`
|
|
|
|
|
- Minimal browser/Electron bridge to MemPalace commands via `window.electronAPI.execPython(...)`
|
|
|
|
|
- Important because it shows a second memory integration surface distinct from the Python fleet sync path
|
|
|
|
|
|
|
|
|
|
### Operator / interaction bridge
|
|
|
|
|
|
|
|
|
|
- `multi_user_bridge.py`
|
|
|
|
|
- `commands/timmy_commands.py`
|
|
|
|
|
- These bridge user-facing conversations or MUD/Evennia interactions back into Timmy/Nexus services
|
|
|
|
|
- `codebase_genome.py` — classes `FunctionInfo`:19; functions `extract_functions()`:58, `generate_test()`:116, `scan_repo()`:191, `find_existing_tests()`:209, `main()`:231
|
|
|
|
|
- `evennia/timmy_world/game.py` — classes `World`:91, `ActionSystem`:421, `TimmyAI`:539, `NPCAI`:550; functions `get_narrative_phase()`:55, `get_phase_transition_event()`:65
|
|
|
|
|
- `evennia/timmy_world/world/game.py` — classes `World`:19, `ActionSystem`:326, `TimmyAI`:444, `NPCAI`:455; functions none detected
|
|
|
|
|
- `timmy-world/game.py` — classes `World`:19, `ActionSystem`:349, `TimmyAI`:467, `NPCAI`:478; functions none detected
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — classes none detected; functions none detected
|
|
|
|
|
- `uniwizard/self_grader.py` — classes `SessionGrade`:23, `WeeklyReport`:55, `SelfGrader`:74; functions `main()`:713
|
|
|
|
|
- `uni-wizard/v3/intelligence_engine.py` — classes `ExecutionPattern`:27, `ModelPerformance`:44, `AdaptationEvent`:58, `PatternDatabase`:69; functions none detected
|
|
|
|
|
- `scripts/know_thy_father/crossref_audit.py` — classes `ThemeCategory`:30, `Principle`:160, `MeaningKernel`:169, `CrossRefFinding`:178; functions `extract_themes_from_text()`:192, `parse_soul_md()`:206, `parse_kernels()`:264, `cross_reference()`:296, `generate_report()`:440, `main()`:561
|
|
|
|
|
|
|
|
|
|
## API Surface
|
|
|
|
|
|
|
|
|
|
### Browser / static surface
|
|
|
|
|
- CLI: `python3 codebase_genome.py` — python main guard (`codebase_genome.py`)
|
|
|
|
|
- CLI: `bash gemini-fallback-setup.sh` — operational script (`gemini-fallback-setup.sh`)
|
|
|
|
|
- CLI: `bash morrowind/hud.sh` — operational script (`morrowind/hud.sh`)
|
|
|
|
|
- CLI: `python3 pipelines/codebase_genome.py` — python main guard (`pipelines/codebase_genome.py`)
|
|
|
|
|
- CLI: `python3 scripts/agent_pr_gate.py` — operational script (`scripts/agent_pr_gate.py`)
|
|
|
|
|
- CLI: `python3 scripts/audit_trail.py` — operational script (`scripts/audit_trail.py`)
|
|
|
|
|
- CLI: `bash scripts/auto_restart_agent.sh` — operational script (`scripts/auto_restart_agent.sh`)
|
|
|
|
|
- CLI: `python3 scripts/autonomous_issue_creator.py` — operational script (`scripts/autonomous_issue_creator.py`)
|
|
|
|
|
- Python: `extract_functions()` from `codebase_genome.py:58`
|
|
|
|
|
- Python: `generate_test()` from `codebase_genome.py:116`
|
|
|
|
|
- Python: `scan_repo()` from `codebase_genome.py:191`
|
|
|
|
|
- Python: `find_existing_tests()` from `codebase_genome.py:209`
|
|
|
|
|
- Python: `main()` from `codebase_genome.py:231`
|
|
|
|
|
- Python: `get_narrative_phase()` from `evennia/timmy_world/game.py:55`
|
|
|
|
|
|
|
|
|
|
- `index.html` served over HTTP
|
|
|
|
|
- `boot.js` exports `bootPage()`; verified by `node --test tests/boot.test.js`
|
|
|
|
|
- Data APIs are file-based inside the repo: `portals.json`, `vision.json`, `manifest.json`
|
|
|
|
|
## Test Coverage Report
|
|
|
|
|
|
|
|
|
|
### Network/runtime surface
|
|
|
|
|
- Source and script files inspected: 231
|
|
|
|
|
- Test files inspected: 95
|
|
|
|
|
- Coverage gaps:
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — no matching test reference detected
|
|
|
|
|
- `timmy-local/cache/agent_cache.py` — no matching test reference detected
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — no matching test reference detected
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — no matching test reference detected
|
|
|
|
|
- `skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
|
|
|
|
|
- `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
|
|
|
|
|
- `morrowind/pilot.py` — no matching test reference detected
|
|
|
|
|
- `scripts/sovereignty_audit.py` — no matching test reference detected
|
|
|
|
|
- `skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
|
|
|
|
|
- `wizards/allegro/home/skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
|
|
|
|
|
- `timmy-local/scripts/ingest.py` — no matching test reference detected
|
|
|
|
|
- `uni-wizard/scripts/generate_scorecard.py` — no matching test reference detected
|
|
|
|
|
|
|
|
|
|
- `python3 server.py`
|
|
|
|
|
- Starts the WebSocket bridge on port `8765`
|
|
|
|
|
- `python3 l402_server.py`
|
|
|
|
|
- Local HTTP microservice for cost-estimate style responses
|
|
|
|
|
- `python3 multi_user_bridge.py`
|
|
|
|
|
- Multi-user HTTP/chat bridge
|
|
|
|
|
## Security Audit Findings
|
|
|
|
|
|
|
|
|
|
### Harness / operator CLI surfaces
|
|
|
|
|
- [medium] `briefings/briefing_20260325.json:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"gitea_error": "Gitea 404: {\"errors\":null,\"message\":\"not found\",\"url\":\"http://143.198.27.163:3000/api/swagger\"}\n [http://143.198.27.163:3000/api/v1/repos/Timmy_Foundation/sovereign-orchestration/issues?state=open&type=issues&sort=created&direction=desc&limit=1&page=1]",`
|
|
|
|
|
- [medium] `briefings/briefing_20260328.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
|
|
|
|
|
- [medium] `briefings/briefing_20260329.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
|
|
|
|
|
- [medium] `config.yaml:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `summary_base_url: http://localhost:11434/v1`
|
|
|
|
|
- [medium] `config.yaml:47` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:52` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:57` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:62` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:67` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:77` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:82` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
|
|
|
|
|
- [medium] `config.yaml:174` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: http://localhost:11434/v1`
|
|
|
|
|
|
|
|
|
|
- `python3 nexus/morrowind_harness.py`
|
|
|
|
|
- `python3 nexus/bannerlord_harness.py`
|
|
|
|
|
- `python3 mempalace/tunnel_sync.py --peer <url> [--dry-run] [--n N]`
|
|
|
|
|
- `python3 mcp_servers/desktop_control_server.py`
|
|
|
|
|
- `python3 mcp_servers/steam_info_server.py`
|
|
|
|
|
## Dead Code Candidates
|
|
|
|
|
|
|
|
|
|
### Validation surface
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `timmy-local/cache/agent_cache.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `morrowind/pilot.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `scripts/sovereignty_audit.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `skills/research/domain-intel/scripts/domain_intel.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
- `wizards/allegro/home/skills/research/domain-intel/scripts/domain_intel.py` — not imported by indexed Python modules and not referenced by tests
|
|
|
|
|
|
|
|
|
|
- `python3 -m pytest tests/test_portals_json.py tests/test_index_html_integrity.py tests/test_repo_truth.py -q`
|
|
|
|
|
- `node --test tests/boot.test.js`
|
|
|
|
|
- `python3 -m py_compile server.py nexus/morrowind_harness.py nexus/bannerlord_harness.py mempalace/tunnel_sync.py mcp_servers/desktop_control_server.py`
|
|
|
|
|
- `tests/test_browser_smoke.py` defines the higher-cost Playwright smoke contract for the world shell
|
|
|
|
|
## Performance Bottleneck Analysis
|
|
|
|
|
|
|
|
|
|
## Test Coverage Gaps
|
|
|
|
|
|
|
|
|
|
Strongly covered in this checkout:
|
|
|
|
|
- `tests/test_portals_json.py` validates `portals.json`
|
|
|
|
|
- `tests/test_index_html_integrity.py` checks merge-marker/DOM-integrity regressions in `index.html`
|
|
|
|
|
- `tests/boot.test.js` verifies `boot.js` startup behavior
|
|
|
|
|
- `tests/test_repo_truth.py` validates the repo-truth documents
|
|
|
|
|
- Multiple `tests/test_mempalace_*.py` files cover the palace layer
|
|
|
|
|
- `tests/test_bannerlord_harness.py` exists for the Bannerlord harness
|
|
|
|
|
|
|
|
|
|
Notable gaps or weak seams:
|
|
|
|
|
- `nexus/morrowind_harness.py` is large and operationally critical, but the generated baseline still flags it as a gap relative to its size/complexity
|
|
|
|
|
- `mcp_servers/desktop_control_server.py` exposes high-power automation but has no obvious dedicated test file in the root `tests/` suite
|
|
|
|
|
- `app.js` is the dominant browser runtime file and mixes rendering, GOFAI, metrics, and integration logic in one place; browser smoke exists, but there is limited unit-level decomposition around those subsystems
|
|
|
|
|
- `mempalace.js` appears minimally bridged and stale relative to the richer Python MemPalace layer
|
|
|
|
|
- `multi_user_bridge.py` is a large integration surface and should be treated as high regression risk even though it is central to operator/chat flow
|
|
|
|
|
|
|
|
|
|
## Security Considerations
|
|
|
|
|
|
|
|
|
|
- `server.py` binds `HOST = "0.0.0.0"`, exposing the broadcast bridge beyond localhost unless network controls limit it
|
|
|
|
|
- The WebSocket bridge is a broadcast hub without visible authentication in `server.py`; connected clients are trusted to send messages into the bus
|
|
|
|
|
- `mcp_servers/desktop_control_server.py` exposes mouse/keyboard/screenshot control through a stdio MCP server. In any non-local or poorly isolated runtime, this is a privileged automation surface
|
|
|
|
|
- `app.js` contains hardcoded local/network endpoints such as `http://localhost:${L402_PORT}/api/cost-estimate` and `http://localhost:8082/metrics`; these are convenient for local development but create environment drift and deployment assumptions
|
|
|
|
|
- `app.js` also embeds explicit endpoint/status references like `ws://143.198.27.163:8765`, which is operationally brittle and the kind of hardcoded location data that drifts across environments
|
|
|
|
|
- `mempalace.js` shells out through `window.electronAPI.execPython(...)`; this is powerful and useful, but it is a clear trust boundary between UI and host execution
|
|
|
|
|
- `INVESTIGATION_ISSUE_1145.md` documents an earlier integrity hazard: agents writing to `public/nexus/` instead of canonical root paths. That path confusion is both an operational and security concern because it makes provenance harder to reason about
|
|
|
|
|
|
|
|
|
|
## Runtime Truth and Docs Drift
|
|
|
|
|
|
|
|
|
|
The most important architecture finding in this repo is not a class or subsystem. It is a truth mismatch.
|
|
|
|
|
|
|
|
|
|
- README.md says current `main` does not ship a browser 3D world
|
|
|
|
|
- CLAUDE.md declares root `app.js` and `index.html` as canonical frontend paths
|
|
|
|
|
- tests and browser contract now assume the root frontend exists
|
|
|
|
|
|
|
|
|
|
All three statements are simultaneously present in this checkout.
|
|
|
|
|
|
|
|
|
|
Grounded evidence:
|
|
|
|
|
- `README.md` still says the repo does not contain an active root frontend such as `index.html`, `app.js`, or `style.css`
|
|
|
|
|
- the current checkout does contain `index.html`, `app.js`, `style.css`, `manifest.json`, and `gofai_worker.js`
|
|
|
|
|
- `BROWSER_CONTRACT.md` explicitly treats those root files as required browser assets
|
|
|
|
|
- `tests/test_browser_smoke.py` serves those exact files and validates DOM/WebGL contracts against them
|
|
|
|
|
- `tests/test_index_html_integrity.py` assumes `index.html` is canonical and production-relevant
|
|
|
|
|
- `CLAUDE.md` says frontend code lives at repo root and explicitly warns against `public/nexus/`
|
|
|
|
|
- `INVESTIGATION_ISSUE_1145.md` explains why `public/nexus/` is a bad/corrupt duplicate path and confirms the real classical AI code lives in root `app.js`
|
|
|
|
|
|
|
|
|
|
The honest conclusion:
|
|
|
|
|
- The repo contains a partially restored or actively re-materialized browser surface
|
|
|
|
|
- The docs are preserving an older migration truth while the runtime files and smoke contracts describe a newer present-tense truth
|
|
|
|
|
- Any future work in `the-nexus` must choose one truth and align `README.md`, `CLAUDE.md`, smoke tests, and file layout around it
|
|
|
|
|
|
|
|
|
|
That drift is itself a critical architectural fact and should be treated as first-order design debt, not a side note.
|
|
|
|
|
- `angband/mcp_server.py` — large module (353 lines) likely hides multiple responsibilities
|
|
|
|
|
- `evennia/timmy_world/game.py` — large module (1541 lines) likely hides multiple responsibilities
|
|
|
|
|
- `evennia/timmy_world/world/game.py` — large module (1345 lines) likely hides multiple responsibilities
|
|
|
|
|
- `morrowind/mcp_server.py` — large module (451 lines) likely hides multiple responsibilities
|
|
|
|
|
- `morrowind/pilot.py` — large module (459 lines) likely hides multiple responsibilities
|
|
|
|
|
- `pipelines/codebase_genome.py` — large module (557 lines) likely hides multiple responsibilities
|
|
|
|
|
- `scripts/fleet_progression.py` — large module (361 lines) likely hides multiple responsibilities
|
|
|
|
|
- `scripts/know_thy_father/crossref_audit.py` — large module (657 lines) likely hides multiple responsibilities
|
|
|
|
|
- `scripts/know_thy_father/index_media.py` — large module (405 lines) likely hides multiple responsibilities
|
|
|
|
|
- `scripts/know_thy_father/synthesize_kernels.py` — large module (416 lines) likely hides multiple responsibilities
|
|
|
|
|
|
