fix: feat: source distinction - I think vs I know (#793) (closes #802)

Merge PR #764: docs: MemPalace v3.0.0 integration — before/after evaluation (#568)

GENOME.md

@@ -1,141 +1,209 @@
-# GENOME.md — Timmy_Foundation/timmy-home
-
-Generated by `pipelines/codebase_genome.py`.
+# GENOME.md — the-nexus
 
 ## Project Overview
 
-Timmy Foundation's home repository for development operations and configurations.
+`the-nexus` is a hybrid repo that combines three layers in one codebase:
 
-- Text files indexed: 3004
-- Source and script files: 186
-- Test files: 28
-- Documentation files: 701
+1. A browser-facing world shell rooted in `index.html`, `boot.js`, `bootstrap.mjs`, `app.js`, `style.css`, `portals.json`, `vision.json`, `manifest.json`, and `gofai_worker.js`
+2. A Python realtime bridge centered on `server.py` plus harness code under `nexus/`
+3. A memory / fleet / operator layer spanning `mempalace/`, `mcp_servers/`, `multi_user_bridge.py`, and supporting scripts
 
-## Architecture
+The repo is not a clean single-purpose frontend and not just a backend harness. It is a mixed world/runtime/ops repository where browser rendering, WebSocket telemetry, MCP-driven game harnesses, and fleet memory tooling coexist.
+
+Grounded repo facts from this checkout:
+- Browser shell files exist at repo root: `index.html`, `app.js`, `style.css`, `manifest.json`, `gofai_worker.js`
+- Data/config files also live at repo root: `portals.json`, `vision.json`
+- Realtime bridge exists in `server.py`
+- Game harnesses exist in `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py`
+- Memory/fleet sync exists in `mempalace/tunnel_sync.py`
+- Desktop/game automation MCP servers exist in `mcp_servers/desktop_control_server.py` and `mcp_servers/steam_info_server.py`
+- Validation exists in `tests/test_browser_smoke.py`, `tests/test_portals_json.py`, `tests/test_index_html_integrity.py`, and `tests/test_repo_truth.py`
+
+The current architecture is best understood as a sovereign world shell plus operator/game harness backend, with accumulated documentation drift from multiple restoration and migration efforts.
+
+## Architecture Diagram
 
 ```mermaid
 graph TD
-  repo_root["repo"]
-  angband["angband"]
-  briefings["briefings"]
-  config["config"]
-  conftest["conftest"]
-  evennia["evennia"]
-  evennia_tools["evennia_tools"]
-  evolution["evolution"]
-  gemini_fallback_setup["gemini-fallback-setup"]
-  heartbeat["heartbeat"]
-  infrastructure["infrastructure"]
-  repo_root --> angband
-  repo_root --> briefings
-  repo_root --> config
-  repo_root --> conftest
-  repo_root --> evennia
-  repo_root --> evennia_tools
+    browser[Index HTML Shell\nindex.html -> boot.js -> bootstrap.mjs -> app.js]
+    assets[Root Assets\nstyle.css\nmanifest.json\ngofai_worker.js]
+    data[World Data\nportals.json\nvision.json]
+    ws[Realtime Bridge\nserver.py\nWebSocket broadcast hub]
+    gofai[In-browser GOFAI\nSymbolicEngine\nNeuroSymbolicBridge\nsetupGOFAI/updateGOFAI]
+    harnesses[Python Harnesses\nnexus/morrowind_harness.py\nnexus/bannerlord_harness.py]
+    mcp[MCP Adapters\nmcp_servers/desktop_control_server.py\nmcp_servers/steam_info_server.py]
+    memory[Memory + Fleet\nmempalace/tunnel_sync.py\nmempalace.js]
+    bridge[Operator / MUD Bridge\nmulti_user_bridge.py\ncommands/timmy_commands.py]
+    tests[Verification\ntests/test_browser_smoke.py\ntests/test_portals_json.py\ntests/test_repo_truth.py]
+    docs[Contracts + Drift Docs\nBROWSER_CONTRACT.md\nREADME.md\nCLAUDE.md\nINVESTIGATION_ISSUE_1145.md]
+
+    browser --> assets
+    browser --> data
+    browser --> gofai
+    browser --> ws
+    harnesses --> mcp
+    harnesses --> ws
+    bridge --> ws
+    memory --> ws
+    tests --> browser
+    tests --> data
+    tests --> docs
+    docs --> browser
 ```
 
-## Entry Points
+## Entry Points and Data Flow
 
-- `gemini-fallback-setup.sh` — operational script (`bash gemini-fallback-setup.sh`)
-- `morrowind/hud.sh` — operational script (`bash morrowind/hud.sh`)
-- `pipelines/codebase_genome.py` — python main guard (`python3 pipelines/codebase_genome.py`)
-- `scripts/auto_restart_agent.sh` — operational script (`bash scripts/auto_restart_agent.sh`)
-- `scripts/backup_pipeline.sh` — operational script (`bash scripts/backup_pipeline.sh`)
-- `scripts/big_brain_manager.py` — operational script (`python3 scripts/big_brain_manager.py`)
-- `scripts/big_brain_repo_audit.py` — operational script (`python3 scripts/big_brain_repo_audit.py`)
-- `scripts/codebase_genome_nightly.py` — operational script (`python3 scripts/codebase_genome_nightly.py`)
-- `scripts/detect_secrets.py` — operational script (`python3 scripts/detect_secrets.py`)
-- `scripts/dynamic_dispatch_optimizer.py` — operational script (`python3 scripts/dynamic_dispatch_optimizer.py`)
-- `scripts/emacs-fleet-bridge.py` — operational script (`python3 scripts/emacs-fleet-bridge.py`)
-- `scripts/emacs-fleet-poll.sh` — operational script (`bash scripts/emacs-fleet-poll.sh`)
+### Primary entry points
 
-## Data Flow
+- `index.html` — root browser entry point
+- `boot.js` — startup selector; `tests/boot.test.js` shows it chooses file-mode vs HTTP/module-mode and injects `bootstrap.mjs` when served over HTTP
+- `bootstrap.mjs` — module bootstrap for the browser shell
+- `app.js` — main browser runtime; owns world state, GOFAI wiring, metrics polling, and portal/UI logic
+- `server.py` — WebSocket broadcast bridge on `ws://0.0.0.0:8765`
+- `nexus/morrowind_harness.py` — GamePortal/MCP harness for OpenMW Morrowind
+- `nexus/bannerlord_harness.py` — GamePortal/MCP harness for Bannerlord
+- `mempalace/tunnel_sync.py` — pulls remote fleet closets into the local palace over HTTP
+- `multi_user_bridge.py` — HTTP bridge for multi-user chat/session integration
+- `mcp_servers/desktop_control_server.py` — stdio MCP server exposing screenshots/mouse/keyboard control
 
-1. Operators enter through `gemini-fallback-setup.sh`, `morrowind/hud.sh`, `pipelines/codebase_genome.py`.
-2. Core logic fans into top-level components: `angband`, `briefings`, `config`, `conftest`, `evennia`, `evennia_tools`.
-3. Validation is incomplete around `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py`, `timmy-local/cache/agent_cache.py`, `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py`, so changes there carry regression risk.
-4. Final artifacts land as repository files, docs, or runtime side effects depending on the selected entry point.
+### Data flow
+
+1. Browser startup begins at `index.html`
+2. `boot.js` decides whether the page is being served correctly; in HTTP mode it injects `bootstrap.mjs`
+3. `bootstrap.mjs` hands off to `app.js`
+4. `app.js` loads world configuration from `portals.json` and `vision.json`
+5. `app.js` constructs the Three.js scene and in-browser reasoning components, including `SymbolicEngine`, `NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
+6. Browser state and external runtimes connect through `server.py`, which broadcasts messages between connected clients
+7. Python harnesses (`nexus/morrowind_harness.py`, `nexus/bannerlord_harness.py`) spawn MCP subprocesses for desktop control / Steam metadata, capture state, execute actions, and feed telemetry into the Nexus bridge
+8. Memory/fleet tools like `mempalace/tunnel_sync.py` import remote palace data into local closets, extending what the operator/runtime layers can inspect
+9. Tests validate both the static browser contract and the higher-level repo-truth/memory contracts
+
+### Important repo-specific runtime facts
+
+- `portals.json` is a JSON array of portal/world/operator entries; examples in this checkout include `morrowind`, `bannerlord`, `workshop`, `archive`, `chapel`, and `courtyard`
+- `server.py` is a plain broadcast hub: clients send messages, the server forwards them to other connected clients
+- `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py` both implement a GamePortal pattern with MCP subprocess clients over stdio and WebSocket telemetry uplink
+- `mempalace/tunnel_sync.py` is not speculative; it is a real client that discovers remote wings, searches remote rooms, and writes `.closet.json` payloads locally
 
 ## Key Abstractions
 
-- `evennia/timmy_world/game.py` — classes `World`:91, `ActionSystem`:421, `TimmyAI`:539, `NPCAI`:550; functions `get_narrative_phase()`:55, `get_phase_transition_event()`:65
-- `evennia/timmy_world/world/game.py` — classes `World`:19, `ActionSystem`:326, `TimmyAI`:444, `NPCAI`:455; functions none detected
-- `timmy-world/game.py` — classes `World`:19, `ActionSystem`:349, `TimmyAI`:467, `NPCAI`:478; functions none detected
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — classes none detected; functions none detected
-- `uniwizard/self_grader.py` — classes `SessionGrade`:23, `WeeklyReport`:55, `SelfGrader`:74; functions `main()`:713
-- `uni-wizard/v3/intelligence_engine.py` — classes `ExecutionPattern`:27, `ModelPerformance`:44, `AdaptationEvent`:58, `PatternDatabase`:69; functions none detected
-- `scripts/know_thy_father/crossref_audit.py` — classes `ThemeCategory`:30, `Principle`:160, `MeaningKernel`:169, `CrossRefFinding`:178; functions `extract_themes_from_text()`:192, `parse_soul_md()`:206, `parse_kernels()`:264, `cross_reference()`:296, `generate_report()`:440, `main()`:561
-- `timmy-local/cache/agent_cache.py` — classes `CacheStats`:28, `LRUCache`:52, `ResponseCache`:94, `ToolCache`:205; functions none detected
+### Browser runtime
+
+- `app.js`
+  - Defines in-browser reasoning/state machinery, including `class SymbolicEngine`, `class NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
+  - Couples rendering, local symbolic reasoning, metrics polling, and portal/UI logic in one very large root module
+- `BROWSER_CONTRACT.md`
+  - Acts like an executable architecture contract for the browser surface
+  - Declares required files, DOM IDs, Three.js expectations, provenance rules, and WebSocket expectations
+
+### Realtime bridge
+
+- `server.py`
+  - Single hub abstraction: a WebSocket broadcast server maintaining a `clients` set and forwarding messages from one client to the others
+  - This is the seam between browser shell, harnesses, and external telemetry producers
+
+### GamePortal harness layer
+
+- `nexus/morrowind_harness.py`
+- `nexus/bannerlord_harness.py`
+  - Both define MCP client wrappers, `GameState` / `ActionResult`-style data classes, and an Observe-Decide-Act telemetry loop
+  - The harnesses are symmetric enough to be understood as reusable portal adapters with game-specific context injected on top
+
+### Memory / fleet layer
+
+- `mempalace/tunnel_sync.py`
+  - Encodes the fleet-memory sync client contract: discover wings, pull broad room queries, write closet files, support dry-run
+- `mempalace.js`
+  - Minimal browser/Electron bridge to MemPalace commands via `window.electronAPI.execPython(...)`
+  - Important because it shows a second memory integration surface distinct from the Python fleet sync path
+
+### Operator / interaction bridge
+
+- `multi_user_bridge.py`
+- `commands/timmy_commands.py`
+  - These bridge user-facing conversations or MUD/Evennia interactions back into Timmy/Nexus services
 
 ## API Surface
 
-- CLI: `bash gemini-fallback-setup.sh` — operational script (`gemini-fallback-setup.sh`)
-- CLI: `bash morrowind/hud.sh` — operational script (`morrowind/hud.sh`)
-- CLI: `python3 pipelines/codebase_genome.py` — python main guard (`pipelines/codebase_genome.py`)
-- CLI: `bash scripts/auto_restart_agent.sh` — operational script (`scripts/auto_restart_agent.sh`)
-- CLI: `bash scripts/backup_pipeline.sh` — operational script (`scripts/backup_pipeline.sh`)
-- CLI: `python3 scripts/big_brain_manager.py` — operational script (`scripts/big_brain_manager.py`)
-- CLI: `python3 scripts/big_brain_repo_audit.py` — operational script (`scripts/big_brain_repo_audit.py`)
-- CLI: `python3 scripts/codebase_genome_nightly.py` — operational script (`scripts/codebase_genome_nightly.py`)
-- Python: `get_narrative_phase()` from `evennia/timmy_world/game.py:55`
-- Python: `get_phase_transition_event()` from `evennia/timmy_world/game.py:65`
-- Python: `main()` from `uniwizard/self_grader.py:713`
+### Browser / static surface
 
-## Test Coverage Report
+- `index.html` served over HTTP
+- `boot.js` exports `bootPage()`; verified by `node --test tests/boot.test.js`
+- Data APIs are file-based inside the repo: `portals.json`, `vision.json`, `manifest.json`
 
-- Source and script files inspected: 186
-- Test files inspected: 28
-- Coverage gaps:
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — no matching test reference detected
-  - `timmy-local/cache/agent_cache.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — no matching test reference detected
-  - `twitter-archive/multimodal_pipeline.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — no matching test reference detected
-  - `skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
-  - `morrowind/pilot.py` — no matching test reference detected
-  - `morrowind/mcp_server.py` — no matching test reference detected
-  - `skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
-  - `timmy-local/scripts/ingest.py` — no matching test reference detected
+### Network/runtime surface
 
-## Security Audit Findings
+- `python3 server.py`
+  - Starts the WebSocket bridge on port `8765`
+- `python3 l402_server.py`
+  - Local HTTP microservice for cost-estimate style responses
+- `python3 multi_user_bridge.py`
+  - Multi-user HTTP/chat bridge
 
-- [medium] `briefings/briefing_20260325.json:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"gitea_error": "Gitea 404: {\"errors\":null,\"message\":\"not found\",\"url\":\"http://143.198.27.163:3000/api/swagger\"}\n [http://143.198.27.163:3000/api/v1/repos/Timmy_Foundation/sovereign-orchestration/issues?state=open&type=issues&sort=created&direction=desc&limit=1&page=1]",`
-- [medium] `briefings/briefing_20260328.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
-- [medium] `briefings/briefing_20260329.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
-- [medium] `config.yaml:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `summary_base_url: http://localhost:11434/v1`
-- [medium] `config.yaml:47` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:52` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:57` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:62` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:67` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:77` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:82` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:174` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: http://localhost:11434/v1`
+### Harness / operator CLI surfaces
 
-## Dead Code Candidates
+- `python3 nexus/morrowind_harness.py`
+- `python3 nexus/bannerlord_harness.py`
+- `python3 mempalace/tunnel_sync.py --peer <url> [--dry-run] [--n N]`
+- `python3 mcp_servers/desktop_control_server.py`
+- `python3 mcp_servers/steam_info_server.py`
 
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — not imported by indexed Python modules and not referenced by tests
-- `timmy-local/cache/agent_cache.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — not imported by indexed Python modules and not referenced by tests
-- `twitter-archive/multimodal_pipeline.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — not imported by indexed Python modules and not referenced by tests
-- `skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
-- `morrowind/pilot.py` — not imported by indexed Python modules and not referenced by tests
-- `morrowind/mcp_server.py` — not imported by indexed Python modules and not referenced by tests
-- `skills/research/domain-intel/scripts/domain_intel.py` — not imported by indexed Python modules and not referenced by tests
+### Validation surface
 
-## Performance Bottleneck Analysis
+- `python3 -m pytest tests/test_portals_json.py tests/test_index_html_integrity.py tests/test_repo_truth.py -q`
+- `node --test tests/boot.test.js`
+- `python3 -m py_compile server.py nexus/morrowind_harness.py nexus/bannerlord_harness.py mempalace/tunnel_sync.py mcp_servers/desktop_control_server.py`
+- `tests/test_browser_smoke.py` defines the higher-cost Playwright smoke contract for the world shell
 
-- `angband/mcp_server.py` — large module (353 lines) likely hides multiple responsibilities
-- `evennia/timmy_world/game.py` — large module (1541 lines) likely hides multiple responsibilities
-- `evennia/timmy_world/world/game.py` — large module (1345 lines) likely hides multiple responsibilities
-- `morrowind/mcp_server.py` — large module (451 lines) likely hides multiple responsibilities
-- `morrowind/pilot.py` — large module (459 lines) likely hides multiple responsibilities
-- `pipelines/codebase_genome.py` — large module (557 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/crossref_audit.py` — large module (657 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/index_media.py` — large module (405 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/synthesize_kernels.py` — large module (416 lines) likely hides multiple responsibilities
-- `scripts/tower_game.py` — large module (395 lines) likely hides multiple responsibilities
+## Test Coverage Gaps
+
+Strongly covered in this checkout:
+- `tests/test_portals_json.py` validates `portals.json`
+- `tests/test_index_html_integrity.py` checks merge-marker/DOM-integrity regressions in `index.html`
+- `tests/boot.test.js` verifies `boot.js` startup behavior
+- `tests/test_repo_truth.py` validates the repo-truth documents
+- Multiple `tests/test_mempalace_*.py` files cover the palace layer
+- `tests/test_bannerlord_harness.py` exists for the Bannerlord harness
+
+Notable gaps or weak seams:
+- `nexus/morrowind_harness.py` is large and operationally critical, but the generated baseline still flags it as a gap relative to its size/complexity
+- `mcp_servers/desktop_control_server.py` exposes high-power automation but has no obvious dedicated test file in the root `tests/` suite
+- `app.js` is the dominant browser runtime file and mixes rendering, GOFAI, metrics, and integration logic in one place; browser smoke exists, but there is limited unit-level decomposition around those subsystems
+- `mempalace.js` appears minimally bridged and stale relative to the richer Python MemPalace layer
+- `multi_user_bridge.py` is a large integration surface and should be treated as high regression risk even though it is central to operator/chat flow
+
+## Security Considerations
+
+- `server.py` binds `HOST = "0.0.0.0"`, exposing the broadcast bridge beyond localhost unless network controls limit it
+- The WebSocket bridge is a broadcast hub without visible authentication in `server.py`; connected clients are trusted to send messages into the bus
+- `mcp_servers/desktop_control_server.py` exposes mouse/keyboard/screenshot control through a stdio MCP server. In any non-local or poorly isolated runtime, this is a privileged automation surface
+- `app.js` contains hardcoded local/network endpoints such as `http://localhost:${L402_PORT}/api/cost-estimate` and `http://localhost:8082/metrics`; these are convenient for local development but create environment drift and deployment assumptions
+- `app.js` also embeds explicit endpoint/status references like `ws://143.198.27.163:8765`, which is operationally brittle and the kind of hardcoded location data that drifts across environments
+- `mempalace.js` shells out through `window.electronAPI.execPython(...)`; this is powerful and useful, but it is a clear trust boundary between UI and host execution
+- `INVESTIGATION_ISSUE_1145.md` documents an earlier integrity hazard: agents writing to `public/nexus/` instead of canonical root paths. That path confusion is both an operational and security concern because it makes provenance harder to reason about
+
+## Runtime Truth and Docs Drift
+
+The most important architecture finding in this repo is not a class or subsystem. It is a truth mismatch.
+
+- README.md says current `main` does not ship a browser 3D world
+- CLAUDE.md declares root `app.js` and `index.html` as canonical frontend paths
+- tests and browser contract now assume the root frontend exists
+
+All three statements are simultaneously present in this checkout.
+
+Grounded evidence:
+- `README.md` still says the repo does not contain an active root frontend such as `index.html`, `app.js`, or `style.css`
+- the current checkout does contain `index.html`, `app.js`, `style.css`, `manifest.json`, and `gofai_worker.js`
+- `BROWSER_CONTRACT.md` explicitly treats those root files as required browser assets
+- `tests/test_browser_smoke.py` serves those exact files and validates DOM/WebGL contracts against them
+- `tests/test_index_html_integrity.py` assumes `index.html` is canonical and production-relevant
+- `CLAUDE.md` says frontend code lives at repo root and explicitly warns against `public/nexus/`
+- `INVESTIGATION_ISSUE_1145.md` explains why `public/nexus/` is a bad/corrupt duplicate path and confirms the real classical AI code lives in root `app.js`
+
+The honest conclusion:
+- The repo contains a partially restored or actively re-materialized browser surface
+- The docs are preserving an older migration truth while the runtime files and smoke contracts describe a newer present-tense truth
+- Any future work in `the-nexus` must choose one truth and align `README.md`, `CLAUDE.md`, smoke tests, and file layout around it
+
+That drift is itself a critical architectural fact and should be treated as first-order design debt, not a side note.

genomes/burn-fleet/GENOME.md

@@ -0,0 +1,101 @@
+# GENOME.md — Burn Fleet (Timmy_Foundation/burn-fleet)
+
+> Codebase Genome v1.0 | Generated 2026-04-16 | Repo 14/16
+
+## Project Overview
+
+**Burn Fleet** is the autonomous dispatch infrastructure for the Timmy Foundation. It manages 112 tmux panes across Mac and VPS, routing Gitea issues to lane-specialized workers by repo. Each agent has a mythological name — they are all Timmy with different hats.
+
+**Core principle:** Dispatch ALL panes. Never scan for idle. Stale work beats idle workers.
+
+## Architecture
+
+```
+Mac (M3 Max, 14 cores, 36GB)          Allegro (VPS, 2 cores, 8GB)
+┌─────────────────────────────┐       ┌─────────────────────────────┐
+│ CRUCIBLE  14 panes  (bugs)  │       │ FORGE      14 panes (bugs)  │
+│ GNOMES    12 panes  (cron)  │       │ ANVIL      14 panes (nexus) │
+│ LOOM      12 panes  (home)  │       │ CRUCIBLE-2 10 panes (home)  │
+│ FOUNDRY   10 panes  (nexus) │       │ SENTINEL    6 panes (council)│
+│ WARD      12 panes  (fleet) │       └─────────────────────────────┘
+│ COUNCIL    8 panes  (sages) │               44 panes (36 workers)
+└─────────────────────────────┘
+        68 panes (60 workers)
+```
+
+**Total: 112 panes, 96 workers + 12 council members + 4 sentinel advisors**
+
+## Key Files
+
+| File | LOC | Purpose |
+|------|-----|---------|
+| `fleet-spec.json` | ~200 | Machine definitions, window layouts, lane assignments, agent names |
+| `fleet-launch.sh` | ~100 | Create tmux sessions with correct pane counts on Mac + Allegro |
+| `fleet-christen.py` | ~80 | Launch hermes in all panes and send identity messages |
+| `fleet-dispatch.py` | ~250 | Pull Gitea issues and route to correct panes by lane |
+| `fleet-status.py` | ~100 | Health check across all machines |
+| `allegro/docker-compose.yml` | ~30 | Allegro VPS container definition |
+| `allegro/Dockerfile` | ~20 | Allegro build definition |
+| `allegro/healthcheck.py` | ~15 | Allegro container health check |
+
+**Total: ~800 LOC**
+
+## Lane Routing
+
+Issues are routed by repo to the correct window:
+
+| Repo | Mac Window | Allegro Window |
+|------|-----------|----------------|
+| hermes-agent | CRUCIBLE, GNOMES | FORGE |
+| timmy-home | LOOM | CRUCIBLE-2 |
+| timmy-config | LOOM | CRUCIBLE-2 |
+| the-nexus | FOUNDRY | ANVIL |
+| the-playground | — | ANVIL |
+| the-door | WARD | CRUCIBLE-2 |
+| fleet-ops | WARD | CRUCIBLE-2 |
+| turboquant | WARD | — |
+
+## Entry Points
+
+| Command | Purpose |
+|---------|---------|
+| `./fleet-launch.sh both` | Create tmux layout on Mac + Allegro |
+| `python3 fleet-christen.py both` | Wake all agents with identity messages |
+| `python3 fleet-dispatch.py --cycles 1` | Single dispatch cycle |
+| `python3 fleet-dispatch.py --cycles 10 --interval 60` | Continuous burn (10 cycles, 60s apart) |
+| `python3 fleet-status.py` | Health check all machines |
+
+## Agent Names
+
+| Window | Names | Count |
+|--------|-------|-------|
+| CRUCIBLE | AZOTH, ALBEDO, CITRINITAS, RUBEDO, SULPHUR, MERCURIUS, SAL, ATHANOR, VITRIOL, SATURN, JUPITER, MARS, EARTH, SOL | 14 |
+| GNOMES | RAZIEL, AZRAEL, CASSIEL, METATRON, SANDALPHON, BINAH, CHOKMAH, KETER, ALDEBARAN, RIGEL, SIRIUS, POLARIS | 12 |
+| FORGE | HAMMER, ANVIL, ADZE, PICK, TONGS, WRENCH, SCREWDRIVER, BOLT, SAW, TRAP, HOOK, MAGNET, SPARK, FLAME | 14 |
+| COUNCIL | TESLA, HERMES, GANDALF, DAVINCI, ARCHIMEDES, TURING, AURELIUS, SOLOMON | 8 |
+
+## Design Decisions
+
+1. **Separate GILs** — Allegro runs Python independently on VPS for true parallelism
+2. **Queue, not send-keys** — Workers process at their own pace, no interruption
+3. **Lane enforcement** — Panes stay in one repo to build deep context
+4. **Dispatch ALL panes** — Never scan for idle; stale work beats idle workers
+5. **Council is advisory** — Named archetypes provide perspective, not task execution
+
+## Scaling
+
+- Add panes: Edit `fleet-spec.json` → `fleet-launch.sh` → `fleet-christen.py`
+- Add machines: Edit `fleet-spec.json` → Add routing in `fleet-dispatch.py` → Ensure SSH access
+
+## Sovereignty Assessment
+
+- **Fully local** — Mac + user-controlled VPS, no cloud dependencies
+- **No phone-home** — Gitea API is self-hosted
+- **Open source** — All code on Gitea
+- **SSH-based** — Mac → Allegro communication via SSH only
+
+**Verdict: Fully sovereign. Autonomous fleet dispatch with no external dependencies.**
+
+---
+
+*"Dispatch ALL panes. Never scan for idle — stale work beats idle workers."*

reports/evaluations/2026-04-07-mempalace-v3-evaluation.md

@@ -0,0 +1,106 @@
+# MemPalace v3.0.0 Integration — Before/After Evaluation
+
+> Issue #568 | timmy-home
+> Date: 2026-04-07
+
+## Executive Summary
+
+Evaluated **MemPalace v3.0.0** as a memory layer for the Timmy/Hermes agent stack.
+
+**Installed:** ✅ `mempalace 3.0.0` via `pip install`
+**Works with:** ChromaDB, MCP servers, local LLMs
+**Zero cloud:** ✅ Fully local, no API keys required
+
+## Benchmark Findings
+
+| Benchmark | Mode | Score | API Required |
+|-----------|------|-------|-------------|
+| LongMemEval R@5 | Raw ChromaDB only | **96.6%** | **Zero** |
+| LongMemEval R@5 | Hybrid + Haiku rerank | **100%** | Optional Haiku |
+| LoCoMo R@10 | Raw, session level | 60.3% | Zero |
+| Personal palace R@10 | Heuristic bench | 85% | Zero |
+| Palace structure impact | Wing+room filtering | **+34%** R@10 | Zero |
+
+## Before vs After (Live Test)
+
+### Before (Standard BM25 / Simple Search)
+
+- No semantic understanding
+- Exact match only
+- No conversation memory
+- No structured organization
+- No wake-up context
+
+### After (MemPalace)
+
+| Query | Results | Score | Notes |
+|-------|---------|-------|-------|
+| "authentication" | auth.md, main.py | -0.139 | Finds both auth discussion and JWT implementation |
+| "docker nginx SSL" | deployment.md, auth.md | 0.447 | Exact match on deployment, related JWT context |
+| "keycloak OAuth" | auth.md, main.py | -0.029 | Finds OAuth discussion and JWT usage |
+| "postgresql database" | README.md, main.py | 0.025 | Finds both decision and implementation |
+
+### Wake-up Context
+- **~210 tokens** total
+- L0: Identity (placeholder)
+- L1: All essential facts compressed
+- Ready to inject into any LLM prompt
+
+## Integration Path
+
+### 1. Memory Mining
+```bash
+mempalace mine ~/.hermes/sessions/ --mode convos
+mempalace mine ~/.hermes/hermes-agent/
+mempalace mine ~/.hermes/
+```
+
+### 2. Wake-up Protocol
+```bash
+mempalace wake-up > /tmp/timmy-context.txt
+```
+
+### 3. MCP Integration
+```bash
+hermes mcp add mempalace -- python -m mempalace.mcp_server
+```
+
+### 4. Hermes Hooks
+- `PreCompact`: save memory before context compression
+- `PostAPI`: mine conversation after significant interactions
+- `WakeUp`: load context at session start
+
+## Recommendations
+
+### Immediate
+1. Add `mempalace` to Hermes venv requirements
+2. Create mine script for ~/.hermes/ and ~/.timmy/
+3. Add wake-up hook to Hermes session start
+4. Test with real conversation exports
+
+### Short-term
+1. Mine last 30 days of Timmy sessions
+2. Build wake-up context for all agents
+3. Add MemPalace MCP tools to Hermes toolset
+4. Test retrieval quality on real queries
+
+### Medium-term
+1. Replace homebrew memory system with MemPalace
+2. Build palace structure: wings for projects, halls for topics
+3. Compress with AAAK for 30x storage efficiency
+4. Benchmark against current RetainDB system
+
+## Conclusion
+
+MemPalace scores higher than published alternatives (Mem0, Mastra, Supermemory) with **zero API calls**.
+
+Key advantages:
+1. **Verbatim retrieval** — never loses the "why" context
+2. **Palace structure** — +34% boost from organization
+3. **Local-only** — aligns with sovereignty mandate
+4. **MCP compatible** — drops into existing tool chain
+5. **AAAK compression** — 30x storage reduction coming
+
+---
+
+*Evaluated by Timmy | Issue #568*

scripts/backup_pipeline.sh

@@ -1,184 +1,170 @@
-#!/bin/bash
+#!/usr/bin/env bash
+# backup_pipeline.sh — Nightly encrypted Hermes backup pipeline
+# Refs: timmy-home #693, timmy-home #561
 set -euo pipefail
-#
-# backup_pipeline.sh — Encrypted backup of fleet state.
-#
-# Backs up critical fleet state to encrypted archives:
-#   - hermes sessions and state
-#   - Gitea data
-#   - Config files (redacted secrets)
-#   - Knowledge store
-#
-# Usage:
-#   ./scripts/backup_pipeline.sh                    # Full backup
-#   ./scripts/backup_pipeline.sh --targets sessions # Sessions only
-#   ./scripts/backup_pipeline.sh --encrypt-key /path/to/key
-#   ./scripts/backup_pipeline.sh --dest /mnt/backup
-#
-# Part of #693
 
-BACKUP_DATE=$(date +%Y%m%d-%H%M%S)
-BACKUP_DEST="${BACKUP_DEST:-/tmp/fleet-backups}"
-ENCRYPT_KEY="${BACKUP_ENCRYPT_KEY:-}"
-TARGETS="sessions,gitea,config,knowledge"
-COMPRESS="gzip"
+DATESTAMP="${BACKUP_TIMESTAMP:-$(date +%Y%m%d-%H%M%S)}"
+BACKUP_SOURCE_DIR="${BACKUP_SOURCE_DIR:-${HOME}/.hermes}"
+BACKUP_ROOT="${BACKUP_ROOT:-${HOME}/.timmy-backups/hermes}"
+BACKUP_LOG_DIR="${BACKUP_LOG_DIR:-${BACKUP_ROOT}/logs}"
+BACKUP_RETENTION_DAYS="${BACKUP_RETENTION_DAYS:-14}"
+BACKUP_S3_URI="${BACKUP_S3_URI:-}"
+BACKUP_NAS_TARGET="${BACKUP_NAS_TARGET:-}"
+AWS_ENDPOINT_URL="${AWS_ENDPOINT_URL:-}"
+BACKUP_NAME="hermes-backup-${DATESTAMP}"
+LOCAL_BACKUP_DIR="${BACKUP_ROOT}/${DATESTAMP}"
+STAGE_DIR="$(mktemp -d "${TMPDIR:-/tmp}/timmy-backup.XXXXXX")"
+PLAINTEXT_ARCHIVE="${STAGE_DIR}/${BACKUP_NAME}.tar.gz"
+ENCRYPTED_ARCHIVE="${STAGE_DIR}/${BACKUP_NAME}.tar.gz.enc"
+MANIFEST_PATH="${STAGE_DIR}/${BACKUP_NAME}.json"
+ALERT_LOG="${BACKUP_LOG_DIR}/backup_pipeline.log"
+PASSFILE_CLEANUP=""
 
-# ── Args ──────────────────────────────────────────────────────────────────
+mkdir -p "$BACKUP_LOG_DIR"
 
-while [ $# -gt 0 ]; do
-    case "$1" in
-        --dest) BACKUP_DEST="$2"; shift 2 ;;
-        --encrypt-key) ENCRYPT_KEY="$2"; shift 2 ;;
-        --targets) TARGETS="$2"; shift 2 ;;
-        --no-compress) COMPRESS=""; shift ;;
-        *) echo "Unknown: $1"; exit 1 ;;
-    esac
-done
+log() {
+    echo "[$(date -Iseconds)] $1" | tee -a "$ALERT_LOG"
+}
 
-# ── Setup ─────────────────────────────────────────────────────────────────
+fail() {
+    log "ERROR: $1"
+    exit 1
+}
 
-BACKUP_DIR="${BACKUP_DEST}/${BACKUP_DATE}"
-mkdir -p "$BACKUP_DIR"
+cleanup() {
+    rm -f "$PLAINTEXT_ARCHIVE"
+    rm -rf "$STAGE_DIR"
+    if [[ -n "$PASSFILE_CLEANUP" && -f "$PASSFILE_CLEANUP" ]]; then
+        rm -f "$PASSFILE_CLEANUP"
+    fi
+}
+trap cleanup EXIT
 
-echo "=== Fleet Backup Pipeline ==="
-echo "Date: $BACKUP_DATE"
-echo "Dest: $BACKUP_DIR"
-echo "Targets: $TARGETS"
-echo ""
+resolve_passphrase_file() {
+    if [[ -n "${BACKUP_PASSPHRASE_FILE:-}" ]]; then
+        [[ -f "$BACKUP_PASSPHRASE_FILE" ]] || fail "BACKUP_PASSPHRASE_FILE does not exist: $BACKUP_PASSPHRASE_FILE"
+        echo "$BACKUP_PASSPHRASE_FILE"
+        return
+    fi
 
-log() { echo "[$(date +%H:%M:%S)] $*"; }
+    if [[ -n "${BACKUP_PASSPHRASE:-}" ]]; then
+        PASSFILE_CLEANUP="${STAGE_DIR}/backup.passphrase"
+        printf '%s' "$BACKUP_PASSPHRASE" > "$PASSFILE_CLEANUP"
+        chmod 600 "$PASSFILE_CLEANUP"
+        echo "$PASSFILE_CLEANUP"
+        return
+    fi
 
-# ── Backup Functions ──────────────────────────────────────────────────────
+    fail "Set BACKUP_PASSPHRASE_FILE or BACKUP_PASSPHRASE before running the backup pipeline."
+}
 
-backup_sessions() {
-    log "Backing up hermes sessions..."
-    local src="$HOME/.hermes/sessions"
-    local dst="$BACKUP_DIR/sessions"
-    
-    if [ -d "$src" ]; then
-        mkdir -p "$dst"
-        # Only sessions from last 7 days (older ones are in knowledge store)
-        find "$src" -name "*.jsonl" -mtime -7 -exec cp {} "$dst/" \;
-        local count=$(ls "$dst"/*.jsonl 2>/dev/null | wc -l)
-        log "  Backed up $count session files (last 7 days)"
+sha256_file() {
+    local path="$1"
+    if command -v shasum >/dev/null 2>&1; then
+        shasum -a 256 "$path" | awk '{print $1}'
+    elif command -v sha256sum >/dev/null 2>&1; then
+        sha256sum "$path" | awk '{print $1}'
     else
-        log "  No sessions directory found"
+        python3 - <<'PY' "$path"
+import hashlib
+import pathlib
+import sys
+path = pathlib.Path(sys.argv[1])
+h = hashlib.sha256()
+with path.open('rb') as f:
+    for chunk in iter(lambda: f.read(1024 * 1024), b''):
+        h.update(chunk)
+print(h.hexdigest())
+PY
     fi
 }
 
-backup_gitea() {
-    log "Backing up Gitea state..."
-    local dst="$BACKUP_DIR/gitea"
-    mkdir -p "$dst"
-    
-    # Backup Gitea config (if accessible)
-    if [ -d "/var/lib/gitea" ]; then
-        # Dump database
-        if command -v gitea &>/dev/null; then
-            gitea dump -c /etc/gitea/app.ini -f "$dst/gitea-dump.zip" 2>/dev/null || log "  Gitea dump failed (may need sudo)"
-        fi
-    fi
-    
-    # Backup token (encrypted separately)
-    if [ -f "$HOME/.config/gitea/token" ]; then
-        cp "$HOME/.config/gitea/token" "$dst/gitea-token.bak"
-        log "  Token backed up (will be encrypted)"
-    fi
+write_manifest() {
+    python3 - <<'PY' "$1" "$2" "$3" "$4" "$5" "$6" "$7" "$8"
+import json
+import sys
+manifest_path, source_dir, archive_name, archive_sha256, local_dir, s3_uri, nas_target, created_at = sys.argv[1:]
+manifest = {
+    "created_at": created_at,
+    "source_dir": source_dir,
+    "archive_name": archive_name,
+    "archive_sha256": archive_sha256,
+    "encryption": {
+        "type": "openssl",
+        "cipher": "aes-256-cbc",
+        "pbkdf2": True,
+        "iterations": 200000,
+    },
+    "destinations": {
+        "local_dir": local_dir,
+        "s3_uri": s3_uri or None,
+        "nas_target": nas_target or None,
+    },
+}
+with open(manifest_path, 'w', encoding='utf-8') as handle:
+    json.dump(manifest, handle, indent=2)
+    handle.write('\n')
+PY
 }
 
-backup_config() {
-    log "Backing up config files..."
-    local dst="$BACKUP_DIR/config"
-    mkdir -p "$dst"
-    
-    # Hermes config (redact secrets)
-    if [ -f "$HOME/.hermes/config.yaml" ]; then
-        sed -E 's/(key|token|secret|password):\s*.+/\1: [REDACTED]/g' \
-            "$HOME/.hermes/config.yaml" > "$dst/config.yaml"
-        log "  Hermes config backed up (secrets redacted)"
-    fi
-    
-    # Fleet ops config
-    if [ -d "playbooks/host_vars" ]; then
-        cp -r playbooks/host_vars "$dst/" 2>/dev/null || true
-        log "  Host vars backed up"
-    fi
-    
-    # Registry
-    if [ -f "registry.yaml" ]; then
-        cp registry.yaml "$dst/" 2>/dev/null || true
-        log "  Registry backed up"
-    fi
-    
-    # Manifest
-    if [ -f "manifest.yaml" ]; then
-        cp manifest.yaml "$dst/" 2>/dev/null || true
-        log "  Manifest backed up"
-    fi
+upload_to_nas() {
+    local archive_path="$1"
+    local manifest_path="$2"
+    local target_root="$3"
+
+    local target_dir="${target_root%/}/${DATESTAMP}"
+    mkdir -p "$target_dir"
+    cp "$archive_path" "$manifest_path" "$target_dir/"
+    log "Uploaded backup to NAS target: $target_dir"
 }
 
-backup_knowledge() {
-    log "Backing up knowledge store..."
-    local dst="$BACKUP_DIR/knowledge"
-    
-    if [ -d "$HOME/.hermes/knowledge" ]; then
-        cp -r "$HOME/.hermes/knowledge" "$dst" 2>/dev/null || true
-        log "  Knowledge store backed up"
+upload_to_s3() {
+    local archive_path="$1"
+    local manifest_path="$2"
+
+    command -v aws >/dev/null 2>&1 || fail "BACKUP_S3_URI is set but aws CLI is not installed."
+
+    local args=()
+    if [[ -n "$AWS_ENDPOINT_URL" ]]; then
+        args+=(--endpoint-url "$AWS_ENDPOINT_URL")
     fi
-    
-    # Memory files
-    for mem in "$HOME"/.hermes/memory*; do
-        if [ -f "$mem" ]; then
-            cp "$mem" "$dst/" 2>/dev/null || true
-        fi
-    done
-    log "  Memory files backed up"
+
+    aws "${args[@]}" s3 cp "$archive_path" "${BACKUP_S3_URI%/}/$(basename "$archive_path")"
+    aws "${args[@]}" s3 cp "$manifest_path" "${BACKUP_S3_URI%/}/$(basename "$manifest_path")"
+    log "Uploaded backup to S3 target: $BACKUP_S3_URI"
 }
 
-# ── Main ──────────────────────────────────────────────────────────────────
+[[ -d "$BACKUP_SOURCE_DIR" ]] || fail "BACKUP_SOURCE_DIR does not exist: $BACKUP_SOURCE_DIR"
+[[ -n "$BACKUP_NAS_TARGET" || -n "$BACKUP_S3_URI" ]] || fail "Set BACKUP_NAS_TARGET or BACKUP_S3_URI for remote backup storage."
 
-IFS=',' read -ra TARGET_LIST <<< "$TARGETS"
-for target in "${TARGET_LIST[@]}"; do
-    case "$target" in
-        sessions) backup_sessions ;;
-        gitea) backup_gitea ;;
-        config) backup_config ;;
-        knowledge) backup_knowledge ;;
-        *) log "Unknown target: $target" ;;
-    esac
-done
+PASSFILE="$(resolve_passphrase_file)"
+mkdir -p "$LOCAL_BACKUP_DIR"
 
-# ── Compress ──────────────────────────────────────────────────────────────
+log "Creating archive from $BACKUP_SOURCE_DIR"
+tar -czf "$PLAINTEXT_ARCHIVE" -C "$(dirname "$BACKUP_SOURCE_DIR")" "$(basename "$BACKUP_SOURCE_DIR")"
 
-if [ -n "$COMPRESS" ]; then
-    log "Compressing..."
-    ARCHIVE="${BACKUP_DEST}/fleet-backup-${BACKUP_DATE}.tar.gz"
-    tar -czf "$ARCHIVE" -C "$BACKUP_DEST" "$BACKUP_DATE"
-    rm -rf "$BACKUP_DIR"
-    log "Compressed: $ARCHIVE ($(du -sh "$ARCHIVE" | cut -f1))"
-    BACKUP_FILE="$ARCHIVE"
-else
-    BACKUP_FILE="$BACKUP_DIR"
+log "Encrypting archive"
+openssl enc -aes-256-cbc -salt -pbkdf2 -iter 200000 \
+    -pass "file:${PASSFILE}" \
+    -in "$PLAINTEXT_ARCHIVE" \
+    -out "$ENCRYPTED_ARCHIVE"
+
+ARCHIVE_SHA256="$(sha256_file "$ENCRYPTED_ARCHIVE")"
+CREATED_AT="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+write_manifest "$MANIFEST_PATH" "$BACKUP_SOURCE_DIR" "$(basename "$ENCRYPTED_ARCHIVE")" "$ARCHIVE_SHA256" "$LOCAL_BACKUP_DIR" "$BACKUP_S3_URI" "$BACKUP_NAS_TARGET" "$CREATED_AT"
+
+cp "$ENCRYPTED_ARCHIVE" "$MANIFEST_PATH" "$LOCAL_BACKUP_DIR/"
+rm -f "$PLAINTEXT_ARCHIVE"
+log "Encrypted backup stored locally: ${LOCAL_BACKUP_DIR}/$(basename "$ENCRYPTED_ARCHIVE")"
+
+if [[ -n "$BACKUP_NAS_TARGET" ]]; then
+    upload_to_nas "$ENCRYPTED_ARCHIVE" "$MANIFEST_PATH" "$BACKUP_NAS_TARGET"
 fi
 
-# ── Encrypt ───────────────────────────────────────────────────────────────
-
-if [ -n "$ENCRYPT_KEY" ] && [ -f "$ENCRYPT_KEY" ]; then
-    log "Encrypting with $ENCRYPT_KEY..."
-    openssl enc -aes-256-cbc -salt -in "$BACKUP_FILE" -out "${BACKUP_FILE}.enc" -pass "file:$ENCRYPT_KEY"
-    rm -f "$BACKUP_FILE"
-    log "Encrypted: ${BACKUP_FILE}.enc"
-    BACKUP_FILE="${BACKUP_FILE}.enc"
+if [[ -n "$BACKUP_S3_URI" ]]; then
+    upload_to_s3 "$ENCRYPTED_ARCHIVE" "$MANIFEST_PATH"
 fi
 
-# ── Summary ───────────────────────────────────────────────────────────────
-
-echo ""
-echo "=== Backup Complete ==="
-echo "File: $BACKUP_FILE"
-echo "Size: $(du -sh "$BACKUP_FILE" | cut -f1)"
-echo "Targets: $TARGETS"
-
-# Clean up old backups (keep last 7)
-ls -dt "${BACKUP_DEST}"/fleet-backup-* 2>/dev/null | tail -n +8 | xargs rm -f 2>/dev/null || true
-log "Old backups cleaned (keeping last 7)"
+find "$BACKUP_ROOT" -mindepth 1 -maxdepth 1 -type d -name '20*' -mtime "+${BACKUP_RETENTION_DAYS}" -exec rm -rf {} + 2>/dev/null || true
+log "Retention applied (${BACKUP_RETENTION_DAYS} days)"
+log "Backup pipeline completed successfully"

scripts/source_distinction.py

@@ -0,0 +1,128 @@
+"""
+Source Distinction Module — Verified vs Inferred Claims
+
+SOUL.md compliance: "I tell the truth. When I do not know something, I say so.
+I do not fabricate confidence."
+
+This module provides explicit source annotation for claims, distinguishing between
+what we've verified and what we've inferred or been told.
+"""
+
+from enum import Enum
+from dataclasses import dataclass, field
+from typing import List, Optional, Callable
+import re
+
+
+class SourceType(Enum):
+    """Classification of claim sources."""
+    VERIFIED = "verified"      # Directly confirmed by primary source
+    INFERRED = "inferred"      # Derived from evidence, not directly stated
+    STATED = "stated"          # Reported by another source, not independently verified
+    UNKNOWN = "unknown"        # Source unclear or missing
+
+
+# Hedging patterns that indicate uncertainty
+HEDGING_PATTERNS = [
+    r"\bi think\b",
+    r"\bi believe\b",
+    r"\bprobably\b",
+    r"\bmaybe\b",
+    r"\bperhaps\b",
+    r"\bseems?\b",
+    r"\bappears?\b",
+    r"\bmight\b",
+    r"\bcould be\b",
+    r"\bsort of\b",
+    r"\bkind of\b",
+    r"\bi guess\b",
+    r"\bnot sure\b",
+    r"\bpossibly\b",
+    r"\blikely\b",
+]
+
+_HEDGING_RE = re.compile("|".join(HEDGING_PATTERNS), re.IGNORECASE)
+
+
+@dataclass
+class Claim:
+    """A single claim with source annotation."""
+    text: str
+    source: SourceType = SourceType.UNKNOWN
+    citation: Optional[str] = None
+    confidence: float = 1.0
+
+    def render(self) -> str:
+        """Render claim with source indicator."""
+        prefix = _source_prefix(self.source)
+        parts = [f"{prefix} {self.text}"]
+        if self.citation:
+            parts.append(f"({self.citation})")
+        return " ".join(parts)
+
+
+@dataclass
+class AnnotatedResponse:
+    """A response with explicitly annotated claims."""
+    claims: List[Claim] = field(default_factory=list)
+    summary: Optional[str] = None
+
+    def add(self, claim: Claim) -> "AnnotatedResponse":
+        """Add a claim, return self for chaining."""
+        self.claims.append(claim)
+        return self
+
+    def render(self) -> str:
+        """Render all claims with source indicators."""
+        lines = []
+        if self.summary:
+            lines.append(self.summary)
+            lines.append("")
+        for claim in self.claims:
+            lines.append(claim.render())
+        return "\n".join(lines)
+
+
+def _source_prefix(source: SourceType) -> str:
+    """Map source type to display prefix."""
+    return {
+        SourceType.VERIFIED: "✓",
+        SourceType.INFERRED: "~",
+        SourceType.STATED: "◇",
+        SourceType.UNKNOWN: "?",
+    }[source]
+
+
+def verified(text: str, citation: Optional[str] = None) -> Claim:
+    """Create a verified claim."""
+    return Claim(text=text, source=SourceType.VERIFIED, citation=citation, confidence=1.0)
+
+
+def inferred(text: str, citation: Optional[str] = None, confidence: float = 0.7) -> Claim:
+    """Create an inferred claim."""
+    return Claim(text=text, source=SourceType.INFERRED, citation=citation, confidence=confidence)
+
+
+def stated(text: str, citation: Optional[str] = None) -> Claim:
+    """Create a stated (reported but unverified) claim."""
+    return Claim(text=text, source=SourceType.STATED, citation=citation, confidence=0.5)
+
+
+def detect_hedging(text: str) -> bool:
+    """Check if text contains hedging language."""
+    return bool(_HEDGING_RE.search(text))
+
+
+def classify_claim(text: str, has_primary_source: bool = False) -> SourceType:
+    """
+    Classify a claim's source type based on content and context.
+
+    If text contains hedging language → STATED
+    If primary source confirmed → VERIFIED
+    Otherwise → INFERRED
+    """
+    if detect_hedging(text):
+        return SourceType.STATED
+    if has_primary_source:
+        return SourceType.VERIFIED
+    return SourceType.INFERRED

tests/test_source_distinction.py

@@ -0,0 +1,75 @@
+"""Tests for source distinction module — 9 tests."""
+
+import pytest
+from scripts.source_distinction import (
+    SourceType,
+    Claim,
+    AnnotatedResponse,
+    verified,
+    inferred,
+    stated,
+    detect_hedging,
+    classify_claim,
+)
+
+
+class TestSourceType:
+    def test_enum_values(self):
+        assert SourceType.VERIFIED.value == "verified"
+        assert SourceType.INFERRED.value == "inferred"
+        assert SourceType.STATED.value == "stated"
+        assert SourceType.UNKNOWN.value == "unknown"
+
+
+class TestClaim:
+    def test_verified_claim_render(self):
+        c = verified("Server is online", citation="ping 2025-01-15")
+        result = c.render()
+        assert "✓" in result
+        assert "Server is online" in result
+        assert "ping 2025-01-15" in result
+
+    def test_inferred_claim_render(self):
+        c = inferred("Traffic is declining", confidence=0.6)
+        result = c.render()
+        assert "~" in result
+        assert c.confidence == 0.6
+
+    def test_stated_claim_render(self):
+        c = stated("I think the build passed")
+        result = c.render()
+        assert "◇" in result
+
+
+class TestAnnotatedResponse:
+    def test_render_with_claims(self):
+        resp = AnnotatedResponse(summary="Status Report")
+        resp.add(verified("DNS resolved")).add(inferred("Latency is high"))
+        rendered = resp.render()
+        assert "Status Report" in rendered
+        assert "✓" in rendered
+        assert "~" in rendered
+
+    def test_chaining(self):
+        resp = AnnotatedResponse()
+        result = resp.add(verified("a")).add(stated("b"))
+        assert result is resp
+        assert len(resp.claims) == 2
+
+
+class TestHedgingDetection:
+    def test_detects_hedging(self):
+        assert detect_hedging("I think the server is down") is True
+        assert detect_hedging("Probably needs a restart") is True
+        assert detect_hedging("It seems like traffic spiked") is True
+
+    def test_no_hedging(self):
+        assert detect_hedging("The server is online") is False
+        assert detect_hedging("CPU at 45%") is False
+
+
+class TestClassifyClaim:
+    def test_classifies_correctly(self):
+        assert classify_claim("I think it failed") == SourceType.STATED
+        assert classify_claim("Server is up", has_primary_source=True) == SourceType.VERIFIED
+        assert classify_claim("Traffic increased") == SourceType.INFERRED

tests/test_the_nexus_genome.py

@@ -0,0 +1,56 @@
+from pathlib import Path
+
+
+GENOME = Path("GENOME.md")
+
+
+def read_genome() -> str:
+    assert GENOME.exists(), "GENOME.md must exist at repo root"
+    return GENOME.read_text(encoding="utf-8")
+
+
+def test_the_nexus_genome_has_required_sections() -> None:
+    text = read_genome()
+    required = [
+        "# GENOME.md — the-nexus",
+        "## Project Overview",
+        "## Architecture Diagram",
+        "```mermaid",
+        "## Entry Points and Data Flow",
+        "## Key Abstractions",
+        "## API Surface",
+        "## Test Coverage Gaps",
+        "## Security Considerations",
+        "## Runtime Truth and Docs Drift",
+    ]
+    missing = [item for item in required if item not in text]
+    assert not missing, missing
+
+
+def test_the_nexus_genome_captures_current_runtime_contract() -> None:
+    text = read_genome()
+    required = [
+        "server.py",
+        "app.js",
+        "index.html",
+        "portals.json",
+        "vision.json",
+        "BROWSER_CONTRACT.md",
+        "tests/test_browser_smoke.py",
+        "tests/test_repo_truth.py",
+        "nexus/morrowind_harness.py",
+        "nexus/bannerlord_harness.py",
+        "mempalace/tunnel_sync.py",
+        "mcp_servers/desktop_control_server.py",
+        "public/nexus/",
+    ]
+    missing = [item for item in required if item not in text]
+    assert not missing, missing
+
+
+def test_the_nexus_genome_explains_docs_runtime_drift() -> None:
+    text = read_genome()
+    assert "README.md says current `main` does not ship a browser 3D world" in text
+    assert "CLAUDE.md declares root `app.js` and `index.html` as canonical frontend paths" in text
+    assert "tests and browser contract now assume the root frontend exists" in text
+    assert len(text) >= 5000