test: fix burn velocity alert coverage

GENOME.md

@@ -1,144 +1,209 @@
-# GENOME.md — Timmy_Foundation/timmy-home
-
-Generated by `pipelines/codebase_genome.py`.
+# GENOME.md — the-nexus
 
 ## Project Overview
 
-Timmy Foundation's home repository for development operations and configurations.
+`the-nexus` is a hybrid repo that combines three layers in one codebase:
 
-- Text files indexed: 3181
-- Source and script files: 231
-- Test files: 95
-- Documentation files: 755
+1. A browser-facing world shell rooted in `index.html`, `boot.js`, `bootstrap.mjs`, `app.js`, `style.css`, `portals.json`, `vision.json`, `manifest.json`, and `gofai_worker.js`
+2. A Python realtime bridge centered on `server.py` plus harness code under `nexus/`
+3. A memory / fleet / operator layer spanning `mempalace/`, `mcp_servers/`, `multi_user_bridge.py`, and supporting scripts
 
-## Architecture
+The repo is not a clean single-purpose frontend and not just a backend harness. It is a mixed world/runtime/ops repository where browser rendering, WebSocket telemetry, MCP-driven game harnesses, and fleet memory tooling coexist.
+
+Grounded repo facts from this checkout:
+- Browser shell files exist at repo root: `index.html`, `app.js`, `style.css`, `manifest.json`, `gofai_worker.js`
+- Data/config files also live at repo root: `portals.json`, `vision.json`
+- Realtime bridge exists in `server.py`
+- Game harnesses exist in `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py`
+- Memory/fleet sync exists in `mempalace/tunnel_sync.py`
+- Desktop/game automation MCP servers exist in `mcp_servers/desktop_control_server.py` and `mcp_servers/steam_info_server.py`
+- Validation exists in `tests/test_browser_smoke.py`, `tests/test_portals_json.py`, `tests/test_index_html_integrity.py`, and `tests/test_repo_truth.py`
+
+The current architecture is best understood as a sovereign world shell plus operator/game harness backend, with accumulated documentation drift from multiple restoration and migration efforts.
+
+## Architecture Diagram
 
 ```mermaid
 graph TD
-  repo_root["repo"]
-  angband["angband"]
-  ansible["ansible"]
-  briefings["briefings"]
-  codebase_genome["codebase_genome"]
-  config["config"]
-  configs["configs"]
-  conftest["conftest"]
-  dns_records["dns-records"]
-  evennia["evennia"]
-  evennia_tools["evennia_tools"]
-  repo_root --> angband
-  repo_root --> ansible
-  repo_root --> briefings
-  repo_root --> codebase_genome
-  repo_root --> config
-  repo_root --> configs
+    browser[Index HTML Shell\nindex.html -> boot.js -> bootstrap.mjs -> app.js]
+    assets[Root Assets\nstyle.css\nmanifest.json\ngofai_worker.js]
+    data[World Data\nportals.json\nvision.json]
+    ws[Realtime Bridge\nserver.py\nWebSocket broadcast hub]
+    gofai[In-browser GOFAI\nSymbolicEngine\nNeuroSymbolicBridge\nsetupGOFAI/updateGOFAI]
+    harnesses[Python Harnesses\nnexus/morrowind_harness.py\nnexus/bannerlord_harness.py]
+    mcp[MCP Adapters\nmcp_servers/desktop_control_server.py\nmcp_servers/steam_info_server.py]
+    memory[Memory + Fleet\nmempalace/tunnel_sync.py\nmempalace.js]
+    bridge[Operator / MUD Bridge\nmulti_user_bridge.py\ncommands/timmy_commands.py]
+    tests[Verification\ntests/test_browser_smoke.py\ntests/test_portals_json.py\ntests/test_repo_truth.py]
+    docs[Contracts + Drift Docs\nBROWSER_CONTRACT.md\nREADME.md\nCLAUDE.md\nINVESTIGATION_ISSUE_1145.md]
+
+    browser --> assets
+    browser --> data
+    browser --> gofai
+    browser --> ws
+    harnesses --> mcp
+    harnesses --> ws
+    bridge --> ws
+    memory --> ws
+    tests --> browser
+    tests --> data
+    tests --> docs
+    docs --> browser
 ```
 
-## Entry Points
+## Entry Points and Data Flow
 
-- `codebase_genome.py` — python main guard (`python3 codebase_genome.py`)
-- `gemini-fallback-setup.sh` — operational script (`bash gemini-fallback-setup.sh`)
-- `morrowind/hud.sh` — operational script (`bash morrowind/hud.sh`)
-- `pipelines/codebase_genome.py` — python main guard (`python3 pipelines/codebase_genome.py`)
-- `scripts/agent_pr_gate.py` — operational script (`python3 scripts/agent_pr_gate.py`)
-- `scripts/audit_trail.py` — operational script (`python3 scripts/audit_trail.py`)
-- `scripts/auto_restart_agent.sh` — operational script (`bash scripts/auto_restart_agent.sh`)
-- `scripts/autonomous_issue_creator.py` — operational script (`python3 scripts/autonomous_issue_creator.py`)
-- `scripts/backlog_cleanup.py` — operational script (`python3 scripts/backlog_cleanup.py`)
-- `scripts/backlog_triage.py` — operational script (`python3 scripts/backlog_triage.py`)
-- `scripts/backlog_triage_cron.sh` — operational script (`bash scripts/backlog_triage_cron.sh`)
-- `scripts/backup_pipeline.sh` — operational script (`bash scripts/backup_pipeline.sh`)
+### Primary entry points
 
-## Data Flow
+- `index.html` — root browser entry point
+- `boot.js` — startup selector; `tests/boot.test.js` shows it chooses file-mode vs HTTP/module-mode and injects `bootstrap.mjs` when served over HTTP
+- `bootstrap.mjs` — module bootstrap for the browser shell
+- `app.js` — main browser runtime; owns world state, GOFAI wiring, metrics polling, and portal/UI logic
+- `server.py` — WebSocket broadcast bridge on `ws://0.0.0.0:8765`
+- `nexus/morrowind_harness.py` — GamePortal/MCP harness for OpenMW Morrowind
+- `nexus/bannerlord_harness.py` — GamePortal/MCP harness for Bannerlord
+- `mempalace/tunnel_sync.py` — pulls remote fleet closets into the local palace over HTTP
+- `multi_user_bridge.py` — HTTP bridge for multi-user chat/session integration
+- `mcp_servers/desktop_control_server.py` — stdio MCP server exposing screenshots/mouse/keyboard control
 
-1. Operators enter through `codebase_genome.py`, `gemini-fallback-setup.sh`, `morrowind/hud.sh`.
-2. Core logic fans into top-level components: `angband`, `ansible`, `briefings`, `codebase_genome`, `config`, `configs`.
-3. Validation is incomplete around `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py`, `timmy-local/cache/agent_cache.py`, `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py`, so changes there carry regression risk.
-4. Final artifacts land as repository files, docs, or runtime side effects depending on the selected entry point.
+### Data flow
+
+1. Browser startup begins at `index.html`
+2. `boot.js` decides whether the page is being served correctly; in HTTP mode it injects `bootstrap.mjs`
+3. `bootstrap.mjs` hands off to `app.js`
+4. `app.js` loads world configuration from `portals.json` and `vision.json`
+5. `app.js` constructs the Three.js scene and in-browser reasoning components, including `SymbolicEngine`, `NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
+6. Browser state and external runtimes connect through `server.py`, which broadcasts messages between connected clients
+7. Python harnesses (`nexus/morrowind_harness.py`, `nexus/bannerlord_harness.py`) spawn MCP subprocesses for desktop control / Steam metadata, capture state, execute actions, and feed telemetry into the Nexus bridge
+8. Memory/fleet tools like `mempalace/tunnel_sync.py` import remote palace data into local closets, extending what the operator/runtime layers can inspect
+9. Tests validate both the static browser contract and the higher-level repo-truth/memory contracts
+
+### Important repo-specific runtime facts
+
+- `portals.json` is a JSON array of portal/world/operator entries; examples in this checkout include `morrowind`, `bannerlord`, `workshop`, `archive`, `chapel`, and `courtyard`
+- `server.py` is a plain broadcast hub: clients send messages, the server forwards them to other connected clients
+- `nexus/morrowind_harness.py` and `nexus/bannerlord_harness.py` both implement a GamePortal pattern with MCP subprocess clients over stdio and WebSocket telemetry uplink
+- `mempalace/tunnel_sync.py` is not speculative; it is a real client that discovers remote wings, searches remote rooms, and writes `.closet.json` payloads locally
 
 ## Key Abstractions
 
-- `codebase_genome.py` — classes `FunctionInfo`:19; functions `extract_functions()`:58, `generate_test()`:116, `scan_repo()`:191, `find_existing_tests()`:209, `main()`:231
-- `evennia/timmy_world/game.py` — classes `World`:91, `ActionSystem`:421, `TimmyAI`:539, `NPCAI`:550; functions `get_narrative_phase()`:55, `get_phase_transition_event()`:65
-- `evennia/timmy_world/world/game.py` — classes `World`:19, `ActionSystem`:326, `TimmyAI`:444, `NPCAI`:455; functions none detected
-- `timmy-world/game.py` — classes `World`:19, `ActionSystem`:349, `TimmyAI`:467, `NPCAI`:478; functions none detected
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — classes none detected; functions none detected
-- `uniwizard/self_grader.py` — classes `SessionGrade`:23, `WeeklyReport`:55, `SelfGrader`:74; functions `main()`:713
-- `uni-wizard/v3/intelligence_engine.py` — classes `ExecutionPattern`:27, `ModelPerformance`:44, `AdaptationEvent`:58, `PatternDatabase`:69; functions none detected
-- `scripts/know_thy_father/crossref_audit.py` — classes `ThemeCategory`:30, `Principle`:160, `MeaningKernel`:169, `CrossRefFinding`:178; functions `extract_themes_from_text()`:192, `parse_soul_md()`:206, `parse_kernels()`:264, `cross_reference()`:296, `generate_report()`:440, `main()`:561
+### Browser runtime
+
+- `app.js`
+  - Defines in-browser reasoning/state machinery, including `class SymbolicEngine`, `class NeuroSymbolicBridge`, `setupGOFAI()`, and `updateGOFAI()`
+  - Couples rendering, local symbolic reasoning, metrics polling, and portal/UI logic in one very large root module
+- `BROWSER_CONTRACT.md`
+  - Acts like an executable architecture contract for the browser surface
+  - Declares required files, DOM IDs, Three.js expectations, provenance rules, and WebSocket expectations
+
+### Realtime bridge
+
+- `server.py`
+  - Single hub abstraction: a WebSocket broadcast server maintaining a `clients` set and forwarding messages from one client to the others
+  - This is the seam between browser shell, harnesses, and external telemetry producers
+
+### GamePortal harness layer
+
+- `nexus/morrowind_harness.py`
+- `nexus/bannerlord_harness.py`
+  - Both define MCP client wrappers, `GameState` / `ActionResult`-style data classes, and an Observe-Decide-Act telemetry loop
+  - The harnesses are symmetric enough to be understood as reusable portal adapters with game-specific context injected on top
+
+### Memory / fleet layer
+
+- `mempalace/tunnel_sync.py`
+  - Encodes the fleet-memory sync client contract: discover wings, pull broad room queries, write closet files, support dry-run
+- `mempalace.js`
+  - Minimal browser/Electron bridge to MemPalace commands via `window.electronAPI.execPython(...)`
+  - Important because it shows a second memory integration surface distinct from the Python fleet sync path
+
+### Operator / interaction bridge
+
+- `multi_user_bridge.py`
+- `commands/timmy_commands.py`
+  - These bridge user-facing conversations or MUD/Evennia interactions back into Timmy/Nexus services
 
 ## API Surface
 
-- CLI: `python3 codebase_genome.py` — python main guard (`codebase_genome.py`)
-- CLI: `bash gemini-fallback-setup.sh` — operational script (`gemini-fallback-setup.sh`)
-- CLI: `bash morrowind/hud.sh` — operational script (`morrowind/hud.sh`)
-- CLI: `python3 pipelines/codebase_genome.py` — python main guard (`pipelines/codebase_genome.py`)
-- CLI: `python3 scripts/agent_pr_gate.py` — operational script (`scripts/agent_pr_gate.py`)
-- CLI: `python3 scripts/audit_trail.py` — operational script (`scripts/audit_trail.py`)
-- CLI: `bash scripts/auto_restart_agent.sh` — operational script (`scripts/auto_restart_agent.sh`)
-- CLI: `python3 scripts/autonomous_issue_creator.py` — operational script (`scripts/autonomous_issue_creator.py`)
-- Python: `extract_functions()` from `codebase_genome.py:58`
-- Python: `generate_test()` from `codebase_genome.py:116`
-- Python: `scan_repo()` from `codebase_genome.py:191`
-- Python: `find_existing_tests()` from `codebase_genome.py:209`
-- Python: `main()` from `codebase_genome.py:231`
-- Python: `get_narrative_phase()` from `evennia/timmy_world/game.py:55`
+### Browser / static surface
 
-## Test Coverage Report
+- `index.html` served over HTTP
+- `boot.js` exports `bootPage()`; verified by `node --test tests/boot.test.js`
+- Data APIs are file-based inside the repo: `portals.json`, `vision.json`, `manifest.json`
 
-- Source and script files inspected: 231
-- Test files inspected: 95
-- Coverage gaps:
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — no matching test reference detected
-  - `timmy-local/cache/agent_cache.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — no matching test reference detected
-  - `skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — no matching test reference detected
-  - `morrowind/pilot.py` — no matching test reference detected
-  - `scripts/sovereignty_audit.py` — no matching test reference detected
-  - `skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
-  - `wizards/allegro/home/skills/research/domain-intel/scripts/domain_intel.py` — no matching test reference detected
-  - `timmy-local/scripts/ingest.py` — no matching test reference detected
-  - `uni-wizard/scripts/generate_scorecard.py` — no matching test reference detected
+### Network/runtime surface
 
-## Security Audit Findings
+- `python3 server.py`
+  - Starts the WebSocket bridge on port `8765`
+- `python3 l402_server.py`
+  - Local HTTP microservice for cost-estimate style responses
+- `python3 multi_user_bridge.py`
+  - Multi-user HTTP/chat bridge
 
-- [medium] `briefings/briefing_20260325.json:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"gitea_error": "Gitea 404: {\"errors\":null,\"message\":\"not found\",\"url\":\"http://143.198.27.163:3000/api/swagger\"}\n [http://143.198.27.163:3000/api/v1/repos/Timmy_Foundation/sovereign-orchestration/issues?state=open&type=issues&sort=created&direction=desc&limit=1&page=1]",`
-- [medium] `briefings/briefing_20260328.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
-- [medium] `briefings/briefing_20260329.json:11` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `"provider_base_url": "http://localhost:8081/v1",`
-- [medium] `config.yaml:37` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `summary_base_url: http://localhost:11434/v1`
-- [medium] `config.yaml:47` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:52` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:57` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:62` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:67` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:77` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:82` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: 'http://localhost:11434/v1'`
-- [medium] `config.yaml:174` — hardcoded http endpoint: plaintext or fixed HTTP endpoints can drift or leak across environments. Evidence: `base_url: http://localhost:11434/v1`
+### Harness / operator CLI surfaces
 
-## Dead Code Candidates
+- `python3 nexus/morrowind_harness.py`
+- `python3 nexus/bannerlord_harness.py`
+- `python3 mempalace/tunnel_sync.py --peer <url> [--dry-run] [--n N]`
+- `python3 mcp_servers/desktop_control_server.py`
+- `python3 mcp_servers/steam_info_server.py`
 
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/auto_jailbreak.py` — not imported by indexed Python modules and not referenced by tests
-- `timmy-local/cache/agent_cache.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/parseltongue.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/red-teaming/godmode/scripts/godmode_race.py` — not imported by indexed Python modules and not referenced by tests
-- `skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/productivity/google-workspace/scripts/google_api.py` — not imported by indexed Python modules and not referenced by tests
-- `morrowind/pilot.py` — not imported by indexed Python modules and not referenced by tests
-- `scripts/sovereignty_audit.py` — not imported by indexed Python modules and not referenced by tests
-- `skills/research/domain-intel/scripts/domain_intel.py` — not imported by indexed Python modules and not referenced by tests
-- `wizards/allegro/home/skills/research/domain-intel/scripts/domain_intel.py` — not imported by indexed Python modules and not referenced by tests
+### Validation surface
 
-## Performance Bottleneck Analysis
+- `python3 -m pytest tests/test_portals_json.py tests/test_index_html_integrity.py tests/test_repo_truth.py -q`
+- `node --test tests/boot.test.js`
+- `python3 -m py_compile server.py nexus/morrowind_harness.py nexus/bannerlord_harness.py mempalace/tunnel_sync.py mcp_servers/desktop_control_server.py`
+- `tests/test_browser_smoke.py` defines the higher-cost Playwright smoke contract for the world shell
 
-- `angband/mcp_server.py` — large module (353 lines) likely hides multiple responsibilities
-- `evennia/timmy_world/game.py` — large module (1541 lines) likely hides multiple responsibilities
-- `evennia/timmy_world/world/game.py` — large module (1345 lines) likely hides multiple responsibilities
-- `morrowind/mcp_server.py` — large module (451 lines) likely hides multiple responsibilities
-- `morrowind/pilot.py` — large module (459 lines) likely hides multiple responsibilities
-- `pipelines/codebase_genome.py` — large module (557 lines) likely hides multiple responsibilities
-- `scripts/fleet_progression.py` — large module (361 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/crossref_audit.py` — large module (657 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/index_media.py` — large module (405 lines) likely hides multiple responsibilities
-- `scripts/know_thy_father/synthesize_kernels.py` — large module (416 lines) likely hides multiple responsibilities
+## Test Coverage Gaps
+
+Strongly covered in this checkout:
+- `tests/test_portals_json.py` validates `portals.json`
+- `tests/test_index_html_integrity.py` checks merge-marker/DOM-integrity regressions in `index.html`
+- `tests/boot.test.js` verifies `boot.js` startup behavior
+- `tests/test_repo_truth.py` validates the repo-truth documents
+- Multiple `tests/test_mempalace_*.py` files cover the palace layer
+- `tests/test_bannerlord_harness.py` exists for the Bannerlord harness
+
+Notable gaps or weak seams:
+- `nexus/morrowind_harness.py` is large and operationally critical, but the generated baseline still flags it as a gap relative to its size/complexity
+- `mcp_servers/desktop_control_server.py` exposes high-power automation but has no obvious dedicated test file in the root `tests/` suite
+- `app.js` is the dominant browser runtime file and mixes rendering, GOFAI, metrics, and integration logic in one place; browser smoke exists, but there is limited unit-level decomposition around those subsystems
+- `mempalace.js` appears minimally bridged and stale relative to the richer Python MemPalace layer
+- `multi_user_bridge.py` is a large integration surface and should be treated as high regression risk even though it is central to operator/chat flow
+
+## Security Considerations
+
+- `server.py` binds `HOST = "0.0.0.0"`, exposing the broadcast bridge beyond localhost unless network controls limit it
+- The WebSocket bridge is a broadcast hub without visible authentication in `server.py`; connected clients are trusted to send messages into the bus
+- `mcp_servers/desktop_control_server.py` exposes mouse/keyboard/screenshot control through a stdio MCP server. In any non-local or poorly isolated runtime, this is a privileged automation surface
+- `app.js` contains hardcoded local/network endpoints such as `http://localhost:${L402_PORT}/api/cost-estimate` and `http://localhost:8082/metrics`; these are convenient for local development but create environment drift and deployment assumptions
+- `app.js` also embeds explicit endpoint/status references like `ws://143.198.27.163:8765`, which is operationally brittle and the kind of hardcoded location data that drifts across environments
+- `mempalace.js` shells out through `window.electronAPI.execPython(...)`; this is powerful and useful, but it is a clear trust boundary between UI and host execution
+- `INVESTIGATION_ISSUE_1145.md` documents an earlier integrity hazard: agents writing to `public/nexus/` instead of canonical root paths. That path confusion is both an operational and security concern because it makes provenance harder to reason about
+
+## Runtime Truth and Docs Drift
+
+The most important architecture finding in this repo is not a class or subsystem. It is a truth mismatch.
+
+- README.md says current `main` does not ship a browser 3D world
+- CLAUDE.md declares root `app.js` and `index.html` as canonical frontend paths
+- tests and browser contract now assume the root frontend exists
+
+All three statements are simultaneously present in this checkout.
+
+Grounded evidence:
+- `README.md` still says the repo does not contain an active root frontend such as `index.html`, `app.js`, or `style.css`
+- the current checkout does contain `index.html`, `app.js`, `style.css`, `manifest.json`, and `gofai_worker.js`
+- `BROWSER_CONTRACT.md` explicitly treats those root files as required browser assets
+- `tests/test_browser_smoke.py` serves those exact files and validates DOM/WebGL contracts against them
+- `tests/test_index_html_integrity.py` assumes `index.html` is canonical and production-relevant
+- `CLAUDE.md` says frontend code lives at repo root and explicitly warns against `public/nexus/`
+- `INVESTIGATION_ISSUE_1145.md` explains why `public/nexus/` is a bad/corrupt duplicate path and confirms the real classical AI code lives in root `app.js`
+
+The honest conclusion:
+- The repo contains a partially restored or actively re-materialized browser surface
+- The docs are preserving an older migration truth while the runtime files and smoke contracts describe a newer present-tense truth
+- Any future work in `the-nexus` must choose one truth and align `README.md`, `CLAUDE.md`, smoke tests, and file layout around it
+
+That drift is itself a critical architectural fact and should be treated as first-order design debt, not a side note.

configs/burn_velocity_repos.json

@@ -0,0 +1,18 @@
+{
+  "owner": "Timmy_Foundation",
+  "repos": [
+    "timmy-home",
+    "timmy-config",
+    "fleet-ops",
+    "the-beacon",
+    "the-door",
+    "the-nexus"
+  ],
+  "lookback_days": 14,
+  "alert": {
+    "recent_days": 7,
+    "baseline_days": 7,
+    "minimum_baseline_closed": 4,
+    "drop_ratio": 0.6
+  }
+}

docs/BURN_VELOCITY_TRACKING.md

@@ -0,0 +1,70 @@
+# Burn-down Velocity Tracking
+
+Refs #519.
+
+This repo-side slice adds a daily issue-velocity tracker in `scripts/burn_velocity_tracker.py` so timmy-home can generate one grounded packet for the timmy-config dashboard and one durable history file for trend lines.
+
+## What it emits
+
+Daily run outputs:
+- `~/.timmy/burn-velocity/latest.json` — machine-readable payload for the timmy-config dashboard
+- `~/.timmy/burn-velocity/latest.md` — operator-facing markdown summary
+- `~/.timmy/burn-velocity/history.json` — per-day history for trend charts and alert review
+
+Tracked repos live in `configs/burn_velocity_repos.json`.
+
+## Cron command
+
+```bash
+cd ~/timmy-home && \
+python3 scripts/burn_velocity_tracker.py \
+  --config configs/burn_velocity_repos.json \
+  --output-json ~/.timmy/burn-velocity/latest.json \
+  --output-md ~/.timmy/burn-velocity/latest.md \
+  --history-file ~/.timmy/burn-velocity/history.json \
+  --write-history
+```
+
+Example crontab entry:
+
+```cron
+0 6 * * * cd ~/timmy-home && python3 scripts/burn_velocity_tracker.py --config configs/burn_velocity_repos.json --output-json ~/.timmy/burn-velocity/latest.json --output-md ~/.timmy/burn-velocity/latest.md --history-file ~/.timmy/burn-velocity/history.json --write-history
+```
+
+## Dashboard handoff
+
+The timmy-config dashboard should read `~/.timmy/burn-velocity/latest.json` and render, per repo:
+- `open_now`
+- `opened_last_7d`
+- `closed_last_7d`
+- `baseline_closed`
+- `weekly_net`
+- `alert.status`
+- `alert.kind`
+- `alert.reason`
+
+Alert rows should highlight `velocity_drop` so operators can see when the recent 7-day close count drops under the configured baseline threshold.
+
+## Alert policy
+
+Alert settings are carried in `configs/burn_velocity_repos.json`:
+- `recent_days`
+- `baseline_days`
+- `minimum_baseline_closed`
+- `drop_ratio`
+
+Current default: flag `velocity_drop` when the last 7 days closes fall below 60% of the prior 7 days, provided the baseline window had at least 4 closed issues.
+
+## Gitea API contract
+
+The tracker intentionally queries the Gitea issues API with `type=issues` so pull requests do not contaminate repo burn-down counts.
+
+Live collection shape:
+- open backlog uses `/repos/{owner}/{repo}/issues?state=open&type=issues`
+- recent event scan uses `/repos/{owner}/{repo}/issues?state=all&type=issues&since=...`
+
+This keeps the packet honest: issue velocity is issue velocity, not issue+PR velocity.
+
+## Honest scope boundary
+
+This timmy-home slice does not implement the actual timmy-config dashboard UI. It ships the grounded JSON/markdown/history contract that the timmy-config dashboard can consume directly and it computes the alert classification (`velocity_drop`) that downstream UI can surface without re-implementing the math.

scripts/burn_velocity_tracker.py

@@ -0,0 +1,406 @@
+#!/usr/bin/env python3
+"""Burn-down velocity tracker for Timmy Foundation issue throughput.
+
+Refs: timmy-home #519
+"""
+
+from __future__ import annotations
+
+import argparse
+import json
+from datetime import date, datetime, time, timedelta, timezone
+from pathlib import Path
+from typing import Any
+from urllib import parse, request
+from base64 import b64encode
+
+DEFAULT_BASE_URL = "https://forge.alexanderwhitestone.com/api/v1"
+DEFAULT_OWNER = "Timmy_Foundation"
+DEFAULT_TOKEN_FILE = Path.home() / ".config" / "gitea" / "token"
+DEFAULT_CONFIG_FILE = Path(__file__).resolve().parent.parent / "configs" / "burn_velocity_repos.json"
+DEFAULT_OUTPUT_DIR = Path.home() / ".timmy" / "burn-velocity"
+DEFAULT_OUTPUT_JSON = DEFAULT_OUTPUT_DIR / "latest.json"
+DEFAULT_OUTPUT_MD = DEFAULT_OUTPUT_DIR / "latest.md"
+DEFAULT_HISTORY_FILE = DEFAULT_OUTPUT_DIR / "history.json"
+DEFAULT_CONFIG = {
+    "owner": DEFAULT_OWNER,
+    "repos": ["timmy-home", "timmy-config", "fleet-ops", "the-beacon", "the-door", "the-nexus"],
+    "lookback_days": 14,
+    "alert": {
+        "recent_days": 7,
+        "baseline_days": 7,
+        "minimum_baseline_closed": 4,
+        "drop_ratio": 0.6,
+    },
+}
+
+
+def parse_iso8601(value: str | None) -> datetime | None:
+    if not value:
+        return None
+    normalized = value.replace("Z", "+00:00")
+    parsed = datetime.fromisoformat(normalized)
+    if parsed.tzinfo is None:
+        return parsed.replace(tzinfo=timezone.utc)
+    return parsed.astimezone(timezone.utc)
+
+
+def normalize_today(value: str | date | None = None) -> date:
+    if value is None:
+        return datetime.now(timezone.utc).date()
+    if isinstance(value, date):
+        return value
+    return date.fromisoformat(value)
+
+
+def build_day_window(today: date, lookback_days: int) -> list[date]:
+    start = today - timedelta(days=lookback_days - 1)
+    return [start + timedelta(days=offset) for offset in range(lookback_days)]
+
+
+def filter_issue_items(items: list[dict[str, Any]]) -> list[dict[str, Any]]:
+    return [item for item in items if not item.get("pull_request")]
+
+
+def build_daily_series(items: list[dict[str, Any]], today: date, lookback_days: int) -> list[dict[str, int | str]]:
+    days = build_day_window(today, lookback_days)
+    counts = {day.isoformat(): {"opened": 0, "closed": 0} for day in days}
+    start_day = days[0]
+
+    for item in filter_issue_items(items):
+        created_at = parse_iso8601(item.get("created_at"))
+        if created_at is not None:
+            created_day = created_at.date()
+            if start_day <= created_day <= today:
+                counts[created_day.isoformat()]["opened"] += 1
+
+        closed_at = parse_iso8601(item.get("closed_at"))
+        if closed_at is not None:
+            closed_day = closed_at.date()
+            if start_day <= closed_day <= today:
+                counts[closed_day.isoformat()]["closed"] += 1
+
+    return [
+        {
+            "date": day.isoformat(),
+            "opened": counts[day.isoformat()]["opened"],
+            "closed": counts[day.isoformat()]["closed"],
+        }
+        for day in days
+    ]
+
+
+def summarize_velocity_alert(
+    *, recent_closed: int, baseline_closed: int, open_now: int, config: dict[str, Any]
+) -> dict[str, Any]:
+    minimum_baseline = int(config.get("minimum_baseline_closed", 4))
+    drop_ratio = float(config.get("drop_ratio", 0.6))
+
+    if baseline_closed >= minimum_baseline and recent_closed < baseline_closed * drop_ratio:
+        return {
+            "status": "drop",
+            "kind": "velocity_drop",
+            "recent_closed": recent_closed,
+            "baseline_closed": baseline_closed,
+            "reason": (
+                f"velocity_drop: closed {recent_closed} in the last {config.get('recent_days', 7)}d "
+                f"vs {baseline_closed} in the prior {config.get('baseline_days', 7)}d"
+            ),
+        }
+
+    if open_now > 0 and baseline_closed >= minimum_baseline and recent_closed == 0:
+        return {
+            "status": "drop",
+            "kind": "velocity_drop",
+            "recent_closed": recent_closed,
+            "baseline_closed": baseline_closed,
+            "reason": "velocity_drop: no issues closed in the recent window while backlog is still open",
+        }
+
+    return {
+        "status": "ok",
+        "kind": "none",
+        "recent_closed": recent_closed,
+        "baseline_closed": baseline_closed,
+        "reason": "velocity stable",
+    }
+
+
+def _sum_window(daily: list[dict[str, int | str]], field: str, days: int) -> int:
+    if days <= 0:
+        return 0
+    return sum(int(item[field]) for item in daily[-days:])
+
+
+def _sum_baseline_window(daily: list[dict[str, int | str]], recent_days: int, baseline_days: int) -> int:
+    if baseline_days <= 0:
+        return 0
+    if recent_days <= 0:
+        return sum(int(item["closed"]) for item in daily[-baseline_days:])
+    baseline_slice = daily[-(recent_days + baseline_days) : -recent_days]
+    return sum(int(item["closed"]) for item in baseline_slice)
+
+
+def build_velocity_report(config: dict[str, Any], snapshot: dict[str, Any], today: str | date | None = None) -> dict[str, Any]:
+    report_day = normalize_today(today)
+    generated_at = snapshot.get("generated_at") or datetime.now(timezone.utc).isoformat().replace("+00:00", "Z")
+    owner = config.get("owner", DEFAULT_OWNER)
+    repos = list(config.get("repos") or sorted((snapshot.get("repos") or {}).keys()))
+    lookback_days = int(config.get("lookback_days", 14))
+    alert_config = dict(DEFAULT_CONFIG["alert"])
+    alert_config.update(config.get("alert") or {})
+    recent_days = int(alert_config.get("recent_days", 7))
+    baseline_days = int(alert_config.get("baseline_days", 7))
+
+    repo_reports: list[dict[str, Any]] = []
+    total_open_now = 0
+    total_closed_last_7d = 0
+    repos_with_alerts: list[str] = []
+
+    for repo_name in repos:
+        repo_snapshot = (snapshot.get("repos") or {}).get(repo_name, {})
+        open_issues = filter_issue_items(list(repo_snapshot.get("open_issues") or []))
+        recent_issues = filter_issue_items(list(repo_snapshot.get("recent_issues") or []))
+        daily = build_daily_series(recent_issues, report_day, lookback_days)
+
+        open_now = len(open_issues)
+        opened_last_7d = _sum_window(daily, "opened", recent_days)
+        closed_last_7d = _sum_window(daily, "closed", recent_days)
+        baseline_closed = _sum_baseline_window(daily, recent_days, baseline_days)
+        weekly_net = opened_last_7d - closed_last_7d
+        alert = summarize_velocity_alert(
+            recent_closed=closed_last_7d,
+            baseline_closed=baseline_closed,
+            open_now=open_now,
+            config=alert_config,
+        )
+
+        repo_report = {
+            "repo": repo_name,
+            "open_now": open_now,
+            "opened_last_7d": opened_last_7d,
+            "closed_last_7d": closed_last_7d,
+            "baseline_closed": baseline_closed,
+            "weekly_net": weekly_net,
+            "daily": daily,
+            "alert": alert,
+        }
+        repo_reports.append(repo_report)
+
+        total_open_now += open_now
+        total_closed_last_7d += closed_last_7d
+        if alert["status"] != "ok":
+            repos_with_alerts.append(repo_name)
+
+    return {
+        "owner": owner,
+        "generated_at": generated_at,
+        "generated_day": report_day.isoformat(),
+        "lookback_days": lookback_days,
+        "dashboard_contract_version": 1,
+        "repos": repo_reports,
+        "summary": {
+            "total_open_now": total_open_now,
+            "total_closed_last_7d": total_closed_last_7d,
+            "repos_with_alerts": repos_with_alerts,
+        },
+    }
+
+
+def render_markdown(report: dict[str, Any]) -> str:
+    lines = [
+        "# Burn-down Velocity Tracking",
+        "",
+        f"Generated: {report['generated_at']}",
+        f"Owner: {report['owner']}",
+        f"Lookback days: {report['lookback_days']}",
+        "",
+        "## Per-repo velocity",
+        "",
+        "| Repo | Open now | Opened 7d | Closed 7d | Previous 7d | Alert |",
+        "| --- | ---: | ---: | ---: | ---: | --- |",
+    ]
+
+    for repo in report["repos"]:
+        alert_label = repo["alert"]["kind"] if repo["alert"]["status"] != "ok" else "ok"
+        lines.append(
+            f"| {repo['repo']} | {repo['open_now']} | {repo['opened_last_7d']} | {repo['closed_last_7d']} | {repo['baseline_closed']} | {alert_label} |"
+        )
+
+    lines.extend(
+        [
+            "",
+            "## Dashboard handoff for timmy-config",
+            "",
+            "The timmy-config dashboard should consume `~/.timmy/burn-velocity/latest.json` and render, for each repo:",
+            "- `open_now`",
+            "- `opened_last_7d`",
+            "- `closed_last_7d`",
+            "- `baseline_closed`",
+            "- `alert.status` / `alert.kind` / `alert.reason`",
+            "",
+            "Cron should also persist `~/.timmy/burn-velocity/history.json` so timmy-config can plot the daily trend line instead of only the latest snapshot.",
+            "",
+            "## Alerts",
+            "",
+        ]
+    )
+
+    alerts = [repo for repo in report["repos"] if repo["alert"]["status"] != "ok"]
+    if not alerts:
+        lines.append("- none")
+    else:
+        for repo in alerts:
+            lines.append(f"- {repo['repo']}: {repo['alert']['reason']}")
+
+    return "\n".join(lines) + "\n"
+
+
+def update_history(history_path: Path, report: dict[str, Any]) -> dict[str, Any]:
+    if history_path.exists():
+        history = json.loads(history_path.read_text(encoding="utf-8"))
+    else:
+        history = {"days": []}
+
+    entry = {
+        "date": report["generated_day"],
+        "generated_at": report["generated_at"],
+        "summary": report["summary"],
+        "repos": report["repos"],
+    }
+
+    retained = [item for item in history.get("days", []) if item.get("date") != report["generated_day"]]
+    retained.append(entry)
+    retained.sort(key=lambda item: item["date"])
+    history["days"] = retained
+
+    history_path.parent.mkdir(parents=True, exist_ok=True)
+    history_path.write_text(json.dumps(history, indent=2), encoding="utf-8")
+    return history
+
+
+class GiteaClient:
+    def __init__(self, token: str, owner: str = DEFAULT_OWNER, base_url: str = DEFAULT_BASE_URL):
+        self.token = token
+        self.owner = owner
+        self.base_url = base_url.rstrip("/")
+
+    def _headers(self) -> list[dict[str, str]]:
+        return [
+            {"Authorization": f"token {self.token}", "Accept": "application/json"},
+            {
+                "Authorization": "Basic " + b64encode(f"{self.token}:".encode()).decode(),
+                "Accept": "application/json",
+            },
+        ]
+
+    def _request_json(self, url: str) -> list[dict[str, Any]]:
+        last_error: Exception | None = None
+        for headers in self._headers():
+            try:
+                req = request.Request(url, headers=headers)
+                with request.urlopen(req, timeout=30) as response:
+                    return json.loads(response.read().decode())
+            except Exception as exc:  # pragma: no cover - exercised only on live API failure
+                last_error = exc
+        if last_error is None:  # pragma: no cover - defensive
+            raise RuntimeError("request failed without an exception")
+        raise last_error
+
+    def list_issues(self, repo: str, *, state: str, since: str | None = None) -> list[dict[str, Any]]:
+        issues: list[dict[str, Any]] = []
+        page = 1
+        while True:
+            query = {"state": state, "type": "issues", "limit": 100, "page": page}
+            if since:
+                query["since"] = since
+            url = f"{self.base_url}/repos/{self.owner}/{repo}/issues?{parse.urlencode(query)}"
+            batch = self._request_json(url)
+            if not batch:
+                break
+            issues.extend(filter_issue_items(batch))
+            page += 1
+        return issues
+
+
+def load_json(path: Path, default: Any) -> Any:
+    if not path.exists():
+        return default
+    return json.loads(path.read_text(encoding="utf-8"))
+
+
+def load_config(path: Path) -> dict[str, Any]:
+    config = dict(DEFAULT_CONFIG)
+    alert = dict(DEFAULT_CONFIG["alert"])
+    raw = load_json(path, {})
+    config.update(raw)
+    alert.update(raw.get("alert") or {})
+    config["alert"] = alert
+    return config
+
+
+def collect_live_snapshot(
+    config: dict[str, Any], *, today: str | date | None = None, token_file: Path = DEFAULT_TOKEN_FILE, base_url: str = DEFAULT_BASE_URL
+) -> dict[str, Any]:
+    token = token_file.read_text(encoding="utf-8").strip()
+    report_day = normalize_today(today)
+    since_day = report_day - timedelta(days=int(config.get("lookback_days", 14)) - 1)
+    since_timestamp = datetime.combine(since_day, time.min, tzinfo=timezone.utc).isoformat().replace("+00:00", "Z")
+    client = GiteaClient(token=token, owner=config.get("owner", DEFAULT_OWNER), base_url=base_url)
+
+    repos = list(config.get("repos") or [])
+    repo_payload = {}
+    for repo in repos:
+        repo_payload[repo] = {
+            "open_issues": client.list_issues(repo, state="open"),
+            "recent_issues": client.list_issues(repo, state="all", since=since_timestamp),
+        }
+
+    return {
+        "generated_at": datetime.now(timezone.utc).isoformat().replace("+00:00", "Z"),
+        "repos": repo_payload,
+    }
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(description="Track per-repo issue burn-down velocity and emit timmy-config dashboard payloads.")
+    parser.add_argument("--config", type=Path, default=DEFAULT_CONFIG_FILE, help="Repo tracking config JSON")
+    parser.add_argument("--snapshot-file", type=Path, help="Use a pre-fetched snapshot JSON instead of calling Gitea")
+    parser.add_argument("--token-file", type=Path, default=DEFAULT_TOKEN_FILE, help="Gitea token file for live collection")
+    parser.add_argument("--base-url", default=DEFAULT_BASE_URL, help="Gitea API base URL")
+    parser.add_argument("--today", help="Override report date (YYYY-MM-DD)")
+    parser.add_argument("--output-json", type=Path, default=DEFAULT_OUTPUT_JSON, help="Path for latest JSON payload")
+    parser.add_argument("--output-md", type=Path, default=DEFAULT_OUTPUT_MD, help="Path for latest markdown summary")
+    parser.add_argument("--history-file", type=Path, default=DEFAULT_HISTORY_FILE, help="Path for persisted daily history JSON")
+    parser.add_argument("--write-history", action="store_true", help="Update the daily history file after generating the report")
+    parser.add_argument("--json", action="store_true", help="Print JSON instead of markdown to stdout")
+    return parser.parse_args()
+
+
+def main() -> None:
+    args = parse_args()
+    config = load_config(args.config)
+
+    if args.snapshot_file:
+        snapshot = load_json(args.snapshot_file, {"repos": {}})
+    else:
+        snapshot = collect_live_snapshot(config, today=args.today, token_file=args.token_file, base_url=args.base_url)
+
+    report = build_velocity_report(config, snapshot, today=args.today)
+
+    args.output_json.parent.mkdir(parents=True, exist_ok=True)
+    args.output_md.parent.mkdir(parents=True, exist_ok=True)
+    args.output_json.write_text(json.dumps(report, indent=2), encoding="utf-8")
+    args.output_md.write_text(render_markdown(report), encoding="utf-8")
+
+    if args.write_history:
+        update_history(args.history_file, report)
+
+    if args.json:
+        print(json.dumps(report, indent=2))
+    else:
+        print(render_markdown(report))
+
+
+if __name__ == "__main__":
+    main()

tests/test_burn_velocity_tracker.py

@@ -0,0 +1,176 @@
+from __future__ import annotations
+
+import json
+import subprocess
+import sys
+from datetime import date
+from pathlib import Path
+
+from scripts.burn_velocity_tracker import build_velocity_report, render_markdown, update_history
+
+
+ROOT = Path(__file__).resolve().parent.parent
+DOC_PATH = ROOT / "docs" / "BURN_VELOCITY_TRACKING.md"
+
+
+SNAPSHOT = {
+    "generated_at": "2026-04-22T12:00:00Z",
+    "repos": {
+        "timmy-home": {
+            "open_issues": [
+                {"number": 501, "state": "open", "created_at": "2026-04-20T09:00:00Z"},
+                {"number": 502, "state": "open", "created_at": "2026-04-22T07:00:00Z"},
+            ],
+            "recent_issues": [
+                {"number": 401, "state": "closed", "created_at": "2026-04-21T09:00:00Z", "closed_at": "2026-04-22T05:30:00Z"},
+                {"number": 402, "state": "closed", "created_at": "2026-04-20T09:00:00Z", "closed_at": "2026-04-21T05:30:00Z"},
+                {"number": 403, "state": "closed", "created_at": "2026-04-19T09:00:00Z", "closed_at": "2026-04-20T05:30:00Z"},
+                {"number": 404, "state": "closed", "created_at": "2026-04-14T09:00:00Z", "closed_at": "2026-04-15T05:30:00Z"},
+                {"number": 405, "state": "closed", "created_at": "2026-04-13T09:00:00Z", "closed_at": "2026-04-14T05:30:00Z"},
+                {"number": 406, "state": "closed", "created_at": "2026-04-12T09:00:00Z", "closed_at": "2026-04-13T05:30:00Z"},
+                {"number": 407, "state": "closed", "created_at": "2026-04-11T09:00:00Z", "closed_at": "2026-04-12T05:30:00Z"},
+                {"number": 408, "state": "closed", "created_at": "2026-04-10T09:00:00Z", "closed_at": "2026-04-11T05:30:00Z"},
+                {"number": 409, "state": "closed", "created_at": "2026-04-09T09:00:00Z", "closed_at": "2026-04-10T05:30:00Z"},
+                {"number": 410, "state": "closed", "created_at": "2026-04-08T09:00:00Z", "closed_at": "2026-04-09T05:30:00Z"},
+                {"number": 411, "state": "closed", "created_at": "2026-04-07T09:00:00Z", "closed_at": "2026-04-08T05:30:00Z"},
+                {"number": 412, "state": "closed", "created_at": "2026-04-06T09:00:00Z", "closed_at": "2026-04-07T05:30:00Z"},
+                {"number": 413, "state": "closed", "created_at": "2026-04-05T09:00:00Z", "closed_at": "2026-04-06T05:30:00Z"},
+                {"number": 414, "state": "open", "created_at": "2026-04-22T08:45:00Z", "closed_at": None},
+                {"number": 415, "state": "open", "created_at": "2026-04-17T08:45:00Z", "closed_at": None},
+            ],
+        },
+        "timmy-config": {
+            "open_issues": [
+                {"number": 601, "state": "open", "created_at": "2026-04-18T09:00:00Z"},
+            ],
+            "recent_issues": [
+                {"number": 602, "state": "closed", "created_at": "2026-04-20T09:00:00Z", "closed_at": "2026-04-21T06:00:00Z"},
+                {"number": 603, "state": "open", "created_at": "2026-04-22T06:00:00Z", "closed_at": None},
+            ],
+        },
+    },
+}
+
+
+CONFIG = {
+    "owner": "Timmy_Foundation",
+    "repos": ["timmy-home", "timmy-config"],
+    "lookback_days": 14,
+    "alert": {
+        "recent_days": 7,
+        "baseline_days": 7,
+        "minimum_baseline_closed": 4,
+        "drop_ratio": 0.6,
+    },
+}
+
+
+def test_build_velocity_report_counts_opened_closed_and_flags_drop_alert() -> None:
+    report = build_velocity_report(CONFIG, SNAPSHOT, today=date(2026, 4, 22))
+
+    assert report["generated_day"] == "2026-04-22"
+    assert report["summary"]["repos_with_alerts"] == ["timmy-home"]
+    assert report["summary"]["total_open_now"] == 3
+
+    home = report["repos"][0]
+    assert home["repo"] == "timmy-home"
+    assert home["open_now"] == 2
+    assert home["opened_last_7d"] == 5
+    assert home["closed_last_7d"] == 3
+    assert home["baseline_closed"] == 7
+    assert home["weekly_net"] == 2
+    assert home["alert"]["status"] == "drop"
+    assert home["alert"]["recent_closed"] == 3
+    assert home["daily"][-1] == {"date": "2026-04-22", "opened": 1, "closed": 1}
+
+    timmy_config = report["repos"][1]
+    assert timmy_config["repo"] == "timmy-config"
+    assert timmy_config["open_now"] == 1
+    assert timmy_config["closed_last_7d"] == 1
+    assert timmy_config["alert"]["status"] == "ok"
+
+
+def test_render_markdown_includes_dashboard_handoff_and_alerts() -> None:
+    report = build_velocity_report(CONFIG, SNAPSHOT, today=date(2026, 4, 22))
+    rendered = render_markdown(report)
+
+    for snippet in (
+        "# Burn-down Velocity Tracking",
+        "## Per-repo velocity",
+        "timmy-home",
+        "timmy-config",
+        "## Dashboard handoff for timmy-config",
+        "velocity_drop",
+        "## Alerts",
+    ):
+        assert snippet in rendered
+
+
+def test_update_history_replaces_same_day_snapshot(tmp_path: Path) -> None:
+    history_path = tmp_path / "burn-velocity-history.json"
+    report = build_velocity_report(CONFIG, SNAPSHOT, today=date(2026, 4, 22))
+    update_history(history_path, report)
+
+    updated = json.loads(json.dumps(report))
+    updated["repos"][0]["open_now"] = 9
+    updated["summary"]["total_open_now"] = 10
+    update_history(history_path, updated)
+
+    history = json.loads(history_path.read_text(encoding="utf-8"))
+    assert [item["date"] for item in history["days"]] == ["2026-04-22"]
+    assert history["days"][0]["summary"]["total_open_now"] == 10
+    assert history["days"][0]["repos"][0]["open_now"] == 9
+
+
+def test_cli_writes_json_markdown_and_history_from_snapshot(tmp_path: Path) -> None:
+    snapshot_path = tmp_path / "snapshot.json"
+    output_json = tmp_path / "latest.json"
+    output_md = tmp_path / "latest.md"
+    history_path = tmp_path / "history.json"
+    snapshot_path.write_text(json.dumps(SNAPSHOT), encoding="utf-8")
+
+    result = subprocess.run(
+        [
+            sys.executable,
+            "-m",
+            "scripts.burn_velocity_tracker",
+            "--snapshot-file",
+            str(snapshot_path),
+            "--today",
+            "2026-04-22",
+            "--output-json",
+            str(output_json),
+            "--output-md",
+            str(output_md),
+            "--history-file",
+            str(history_path),
+            "--write-history",
+            "--json",
+        ],
+        check=True,
+        cwd=ROOT,
+        capture_output=True,
+        text=True,
+    )
+
+    payload = json.loads(result.stdout)
+    assert payload["summary"]["repos_with_alerts"] == ["timmy-home"]
+    assert output_json.exists()
+    assert output_md.exists()
+    assert history_path.exists()
+    assert "timmy-config" in output_md.read_text(encoding="utf-8")
+
+
+def test_repo_contains_burn_velocity_tracking_doc() -> None:
+    text = DOC_PATH.read_text(encoding="utf-8")
+    required = [
+        "# Burn-down Velocity Tracking",
+        "python3 scripts/burn_velocity_tracker.py",
+        "configs/burn_velocity_repos.json",
+        "~/.timmy/burn-velocity/latest.json",
+        "timmy-config dashboard",
+        "type=issues",
+        "velocity_drop",
+    ]
+    for snippet in required:
+        assert snippet in text