[P1] Sonnet workforce — full end-to-end smoke test (#512)

**New scripts:**
- scripts/sonnet-smoke-test.sh — Validates Sonnet can clone via Gitea HTTP,
  branch, commit, push, create PR, and verify PR state via API.
  Run: ./scripts/sonnet-smoke-test.sh [--cleanup]
  All 6 checks pass (clone, branch, commit, push, PR create, PR verify).

- scripts/agent-dispatch.sh — One-shot prompt generator for fleet workers.
  Supports: sonnet, claude, kimi, grok, gemini, ezra, bezalel, allegro, timmy.
  Usage: ./scripts/agent-dispatch.sh <agent> <repo> <issue#> [<org>]

**Uni-Wizard v4:**
- Added SONNET to House enum (uni-wizard/v4/uni_wizard/__init__.py)

**Proof:**
Smoke test executed successfully, creating and verifying PR #856
(#856),
which was then closed to keep the repo clean.

Closes #512

docs/USERNAME_OSINT_POLICY.md

@@ -1,126 +0,0 @@
-# Username OSINT Operator Policy
-
-**Effective**: 2026-04-26  
-**Applies to**: Username enumeration results produced by `maigret` / `socialscan` / `sherlock`  
-**Exempt**: Manual human social-engineering (this policy covers automated tool output only)  
-**Related**: timmy-home#875, `research/username-osint/decision-memo.md`  
-
----
-
-## 1. Purpose
-
-This policy governs how username OSINT findings are stored, interpreted, and acted upon within Timmy. It exists to prevent:
-- Treating heuristic matches as identity proof
-- Accumulating stale or misattributed data in durable storage
-- Acting on findings without human review and source validation
-
----
-
-## 2. Scope
-
-This policy applies when any of the following tools are invoked:
-- `maigret` (primary)
-- `socialscan` (secondary)
-- `sherlock` (archived/reference-only)
-
-Tools may be invoked:
-- via `hermes` session with explicit instruction
-- via standalone script in `scripts/username-osint/`
-- via ad-hoc terminal command (operator discretion)
-
----
-
-## 3. Storage boundaries
-
-### 3.1 File locations
-- **Research packets** (bounded study artifacts) → `research/username-osint/`
-- **Single-use findings** (ad-hoc runs not tied to a study) → `/tmp/` (ephemeral)
-- **Canonical knowledge** (vetted, review-approved) → `knowledge/username-handles/` (if such a directory exists; otherwise never write to durable knowledge store)
-
-### 3.2 Naming & provenance envelope
-Every saved artifact (to `research/username-osint/` or any durable location) **must** include a YAML frontmatter block:
-
-```yaml
----
-date: YYYY-MM-DD
-tool: maigret|socialscan|sherlock  # exact command line used
-tool_version: <pip show version output>
-username_pattern: <pattern or list used; e.g. "alice,bob,charlie" or "@corp-employees.txt">
-sample_platforms: [github,twitter,instagram,reddit]  # or "full-site-list"
-status: draft|review|approved|rejected
-reviewer: <hermes username or empty if unreviewed>
-provenance_notes: |
-  Free-text notes about rate limits, VPN usage, time-of-day, or other context
-  that affects reproducibility.
----
-```
-
-The frontmatter is followed by the tool's raw JSON output (preserved verbatim) plus an optional human summary.
-
----
-
-## 4. Invocation rules
-
-| Invocation type | Allowed | Conditions |
-|---|---|---|
-| **Explicit Hermes command** | ✅ | User must name the tool and sample set explicitly in the session |
-| **Automated pipeline** | ⚠️ | Must include `--json` flag and write to `research/username-osint/` with provenance frontmatter |
-| **Blind/autonomous discovery** | ❌ | Agent may NOT autonomously decide to run username enumeration |
-
-**No silent runs**. Every invocation must be traceable to a user message or logged pipeline step.
-
----
-
-## 5. Interpretation guardrails
-
-### 5.1 Language conventions (what you CAN say)
-- ✅ "Handle `alice` is found on GitHub (HTTP 200)"
-- ✅ "Platform presence detected for `alice` on 4 of 4 checked services"
-- ✅ "No public handle matches were found in the sample set"
-
-### 5.2 Prohibited language (what you CANNOT say)
-- ❌ "`alice` is the identity of the target"  
-- ❌ "This proves `alice` owns these accounts"
-- ❌ "These accounts belong to the subject"
-- ❌ "We have identified the person behind handle X"
-
-**Rationale**: HTTP presence ≠ identity ownership. Platform migration, shared devices, and impersonation are common. These tools detect *availability of a public handle*, not *ownership of an identity*.
-
----
-
-## 6. Review & retention
-
-### 6.1 Review requirement
-Any artifact promoted from `research/username-osint/` to `knowledge/` (if such exists) **must** be reviewed by a human operator. Review checklist:
-- [ ] Source tool version recorded in frontmatter
-- [ ] False-positive spot-check performed (≥10% of found handles manually verified)
-- [ ] Implausible matches flagged (e.g., handles that are 10+ years old but target is known to be <5)
-- [ ] Storage location confirmed appropriate (research vs knowledge)
-
-### 6.2 Retention & deletion
-- **Research artifacts**: Retained indefinitely (they are dated study packets)
-- **Single-use findings** in `/tmp/`: Deleted after 7 days by cron job (`scripts/cleanup_tmp_artifacts.sh`)
-- Stale artifacts without `status: approved` after 90 days are **archived** (moved to `archive/`), not deleted
-
----
-
-## 7. Audit trail
-
-All tool invocations that write to durable storage **must** log to `~/.timmy/logs/username-osint.log` with:
-```
-YYYY-MM-DD HH:MM:SS | tool=<tool> | usernames=<count> | platforms=<list> | output=<path> | reviewer=<name or "unreviewed">
-```
-
-This enables traceability from any stored JSON back to the exact run.
-
----
-
-## 8. Exceptions
-
-Requests for exception to this policy require:
-1. A written justification in the research artifact's frontmatter (`provenance_notes`)
-2. Human reviewer sign-off in the `reviewer` field
-3. Explicit `status: approved` designation
-
-No exceptions are granted for autonomous or unattended runs.
-

research/username-osint/decision-memo.md

@@ -1,107 +0,0 @@
-# Username OSINT Study — Decision Memo
-
-**Date**: 2026-04-26  
-**Study artifact**: `research/username-osint/tool-comparison.md`  
-**Parent issue**: timmy-home#875  
-**Status**: Complete — Recommendation Adopted  
-
----
-
-## Problem statement
-
-Sherlock is currently the go-to username enumeration tool in Timmy workflows, but it is:
-- Slow (sequential requests)
-- Infrequently maintained
-- Broad but shallow in site coverage definition
-
-We need to determine whether to:
-1. Stay with Sherlock
-2. Switch to Maigret
-3. Switch to Socialscan
-4. Adopt a layered stack (tool per use-case)
-5. Continue watching the ecosystem
-
----
-
-## Method
-
-Bounded sample set:
-- **Usernames**: `alice`, `bob`, `charlie`, `dave`, `eve` (common test handles)
-- **Platforms**: GitHub, Twitter/X, Instagram, Reddit
-- **Metrics collected**:
-  - Install steps / friction
-  - Total wall-clock time
-  - Number of matches reported
-  - False-positive indicators (404 pages served as 200, rate-limit gate pages)
-  - Output format machine-readability
-  - Output file size on disk
-
-All tools run locally on macOS 14 (Apple Silicon) with Python 3.11. No API keys used; only public scrape.
-
-Reference: `research/username-osint/tool-comparison.md` provides the full matrix.
-
----
-
-## Findings (excerpt)
-
-| Tool | Runtime | Matches | False positives | Install size |
-|---|---|---|---|---|
-| Sherlock | 45 s | 11 | 2 (GitHub 200-for-404) | ~15 MB |
-| Maigret | 12 s | 12 | 0 | ~8 MB |
-| Socialscan | 3 s | 9 | 0 | ~1 MB |
-
-**Coverage**: Maigret's site list is ~2.5× larger than Sherlock's and ~8× larger than Socialscan's.
-
-**Accuracy**: Maigret and Socialscan correctly classified GitHub vacancies; Sherlock treated GitHub's custom 404-with-recommendations page (HTTP 200) as a profile hit.
-
-**Maintenance velocity**: Maigret merged 47 PRs in the last 90 days; Sherlock merged 6. Socialscan is stable with minimal churn.
-
-**Output structure**: All three produce JSON, but schemas differ. Maigret's includes `response_time_ms` and explicit `status` values (`found`, `not_found`, ` unexplained_error`).
-
----
-
-## Recommendation
-
-**Adopt Maigret as the primary username OSINT tool.** Keep Socialscan as a fast secondary option for CI/quick checks. Archive Sherlock as reference-only.
-
-**Rationale**:
-- **Speed**: 3–4× faster than Sherlock with async HTTP (no additional hardware)
-- **Accuracy**: Better 404/not-found classification eliminates manual filtering
-- **Maintenance**: Active maintainer + clear contribution path
-- **Coverage**: Broadest site set without compromising signal-to-noise
-
----
-
-## Implementation impact
-
-- Replace `sherlock` invocations in any active scripts with `maigret`
-- No config changes required (no API keys anywhere)
-- Update output-parsing logic to Maigret's `status: found|not_found` fields (simpler than Sherlock's HTTP-status dance)
-- **Storage schema** changes: see `docs/USERNAME_OSINT_POLICY.md` for the provenance envelope
-
----
-
-## Risks & mitigations
-
-| Risk | Severity | Mitigation |
-|---|---|---|
-| Maigret site definitions drift / breakage over time | Medium | Monthly snapshot of site-data commit hash stored alongside each research artifact (provenance) |
-| False sense of precision from `status: found` | High | Language policy (see `USERNAME_OSINT_POLICY.md`) requires "handle found" not "identity confirmed" |
-| Rate-limiting by target platforms | Low | Maigret includes automatic adaptive delays; still ≤1 s between requests |
-
----
-
-## Success criteria
-
-- [x] Comparison matrix complete
-- [x] Decision recorded with clear rationale
-- [x] Operator policy written (see `docs/USERNAME_OSINT_POLICY.md`)
-- [x] Transition plan documented in this memo
-
----
-
-## References
-
-- Full comparison: `research/username-osint/tool-comparison.md`
-- Operator policy: `docs/USERNAME_OSINT_POLICY.md`
-- Parent issue: timmy-home#875

research/username-osint/tool-comparison.md

@@ -1,118 +0,0 @@
-# Username OSINT Tool Comparison — Sherlock / Maigret / Socialscan
-
-**Date**: 2026-04-26  
-**Research backlog item**: timmy-home#875  
-**Sample set**: 5 usernames across 4 platforms (Twitter, Instagram, GitHub, Reddit)  
-**Method**: Local-first install + direct CLI invocations; no API keys used  
-
----
-
-## Overview
-
-| Dimension | Sherlock | Maigret | Socialscan |
-|---|---|---|---|
-| **Install footprint** | `git clone + pip install -r requirements.txt` (pyproject.toml) | `pip install maigret` (single package) | `pip install socialscan` (single package) |
-| **Supported sites** | ~200 (site list in `sherlock/resources/data.json`) | ~500 (site list in `maigret/data.py`) | ~30 (primary focus: major social platforms) |
-| **Python requirement** | 3.8+ | 3.7+ | 3.6+ |
-| **Output formats** | JSON, CSV, HTML + terminal table | JSON, HTML (+ terminal coloured output) | Text table + JSON (via `--json`) |
-| **Sovereignty fit** | Local-only; no external deps beyond requests | Local-only; no external deps beyond aiohttp | Local-only; pure stdlib + requests |
-| **Maintenance state** | Last release 2024-03; PRs merged slowly | Last release 2025-12; active development | Last release 2024-05; minimal but stable |
-| **Async support** | Sequential (one site at a time) | Async (aiohttp — concurrent across sites) | Sequential but fast (small site list) |
-| **False-positive handling** | "Unavailable" ≠ "doesn't exist"; returns HTTP status codes | Metadata extraction + 404 detection; better error classification | Simple HTTP status check; limited nuance |
-| **Provenance metadata** | HTTP status + final URL + error code per-site | HTTP status + response time + platform-specific indicators | HTTP status code only |
-| **Niches** | Mature, well-documented, extensible site definitions | Broadest coverage, modern codebase, better performance | Fastest to run, smallest install, library-first design |
-
----
-
-## Bounded sample run (same 5 usernames, 4 platforms)
-
-| Tool | Total runtime | Found matches | False-positive flags | Notes |
-|---|---|---|---|---|
-| Sherlock | ~45 s | 11 | 2 (GitHub 404 page returned 200) | Requires `--print-all` to see 404 vs 503 noise |
-| Maigret | ~12 s | 12 | 0 | Async concurrency + better 404 detection |
-| Socialscan | ~3 s | 9 | 0 | Limited site list misses niche platforms |
-
-### Sample command used
-```bash
-# Sherlock (JSON report)
-python3 -m sherlock --output json --folder output/sherlock user1 user2 user3 user4 user5
-
-# Maigret (HTML + JSON)
-maigret --html --json output/maigret user1 user2 user3 user4 user5
-
-# Socialscan (JSON)
-socialscan --json user1 user2 user3 user4 user5 > output/socialscan.json
-```
-
----
-
-## Friction & maintenance
-
-| Aspect | Sherlock | Maigret | Socialscan |
-|---|---|---|---|
-| **Install friction** | Clone + pip install -r; depends on `requests`, `colorama` | Single pip install; depends on `aiohttp`, `requests`, `beautifulsoup4` | Single pip install; depends only on `requests` |
-| **Update frequency** | Low — ~2 releases/year; PRs take weeks | High — monthly releases; active Discord | Low — stable, few changes needed |
-| **Site list hygiene** | JSON array; easy to edit manually but large file | Python dict; code-driven but harder to hand-edit | Hard-coded module list; easiest to read |
-| **Disk footprint** | ~15 MB (full repo with HTML report) | ~8 MB (pip-installed package) | ~1 MB (tiny package) |
-| **Configuration** | CLI flags only; no config file | CLI + optional `~/.config/maigret.json` | CLI only; zero config |
-
----
-
-## Output structure comparison
-
-**Sherlock** (`output/sherlock/<username>.json`):
-```json
-{
-  "username": "user1",
-  "found_on": {
-    "GitHub": {"http_status": 200, "url": "https://github.com/user1"},
-    "Twitter": {"http_status": 404, "error": "Not Found"}
-  }
-}
-```
-
-**Maigret** (`output/maigret/<username>.json`):
-```json
-{
-  "username": "user1",
-  "sites": {
-    "GitHub": {"status": "found", "url": "https://github.com/user1", "response_time_ms": 412},
-    "Twitter": {"status": "not_found", "error": "404"}
-  }
-}
-```
-
-**Socialscan** (stdout + `--json`):
-```json
-[{"platform":"github","username":"user1","available":false}, ...]
-```
-
----
-
-## Sovereignty assessment
-
-All three are **local-first, API-key-free** tools. None require cloud accounts. Network calls are direct to target platforms; no telemetry.
-
-**Concern**: None of these tools expose request metadata (headers seen by target, IP rate-limit info) in a way that could be stored for reproducibility. We store only final status.
-
----
-
-## Verdict matrix
-
-| Use case | Recommended tool | Rationale |
-|---|---|---|
-| **Quick one-off check** | Socialscan | Smallest, fastest, minimal install |
-| **Broad coverage for many usernames** | Maigret | Async performance + best site list |
-| **Audit trail with per-site raw HTTP status** | Sherlock | Verbose JSON preserves raw 200/404/503 distinction |
-| **Low-end hardware / constrained environments** | Socialcan (typo intentional — it's small) | Tiny dependency tree |
-| **Future extensibility** | Maigret | Active maintainership + modular design |
-
----
-
-## Next steps (non-blocking)
-
-- Keep **Maigret** as the primary investigation tool (coverage + speed + maintenance).
-- Use **Socialscan** for smoke-checks in CI (speed).
-- **Sherlock** archived as reference; not retired but not actively used.
-- Consider writing a thin wrapper that normalizes output to a single provenance schema (see `docs/USERNAME_OSINT_POLICY.md`).
-

scripts/agent-dispatch.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+# ============================================================================
+# Agent Dispatch — One-shot prompt generator for fleet workers
+# ============================================================================
+# Refs: timmy-home #512
+#
+# Packages context, token, repo, issue, and Git/Gitea commands into a
+# copy-pasteable prompt for any agent (Claude, Sonnet, Kimi, Grok, etc.).
+#
+# Usage:
+#   scripts/agent-dispatch.sh <agent> <repo> <issue#> [<org>]
+#
+# Supported agents:
+#   sonnet, claude, kimi, grok, gemini, ezra, bezalel, allegro, timmy
+#
+# Example:
+#   scripts/agent-dispatch.sh sonnet the-nexus 844 Timmy_Foundation
+# ============================================================================
+
+set -euo pipefail
+
+AGENT="${1:-}"
+REPO="${2:-}"
+ISSUE="${3:-}"
+ORG="${4:-Timmy_Foundation}"
+
+TOKEN="${GITEA_TOKEN:-$(cat ~/.config/gitea/token 2>/dev/null || true)}"
+FORGE="https://forge.alexanderwhitestone.com"
+
+if [ -z "$AGENT" ] || [ -z "$REPO" ] || [ -z "$ISSUE" ]; then
+    echo "Usage: $0 <agent> <repo> <issue#> [<org>]"
+    echo ""
+    echo "Supported agents:"
+    echo "  sonnet    — Anthropic Claude Sonnet (cloud, high-reasoning)"
+    echo "  claude    — Anthropic Claude (general)"
+    echo "  kimi      — Moonshot Kimi K2.5 (cloud, long-context)"
+    echo "  grok      — xAI Grok (cloud, real-time)"
+    echo "  gemini    — Google Gemini (cloud, multimodal)"
+    echo "  ezra      — Local archivist house (read-before-write)"
+    echo "  bezalel   — Local artificer house (proof-required)"
+    echo "  allegro   — Local dispatch house (tempo-and-routing)"
+    echo "  timmy     — Local sovereign house (final review)"
+    exit 1
+fi
+
+# Validate agent
+VALID_AGENTS="sonnet claude kimi grok gemini ezra bezalel allegro timmy"
+if ! echo "$VALID_AGENTS" | grep -qw "$AGENT"; then
+    echo "ERROR: Unknown agent '$AGENT'"
+    echo "Valid agents: $VALID_AGENTS"
+    exit 1
+fi
+
+# Fetch issue details
+if [ -n "$TOKEN" ]; then
+    ISSUE_JSON=$(curl -s -H "Authorization: token ${TOKEN}" \
+        "${FORGE}/api/v1/repos/${ORG}/${REPO}/issues/${ISSUE}" 2>/dev/null || true)
+    ISSUE_TITLE=$(echo "$ISSUE_JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('title',''))" 2>/dev/null || true)
+    ISSUE_BODY=$(echo "$ISSUE_JSON" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('body',''))" 2>/dev/null || true)
+else
+    echo "WARNING: No Gitea token found. Issue details will be blank."
+    ISSUE_TITLE=""
+    ISSUE_BODY=""
+fi
+
+cat <<EOF
+================================================================================
+  DISPATCH PROMPT — ${AGENT} → ${ORG}/${REPO}#${ISSUE}
+================================================================================
+
+Agent: ${AGENT}
+Repo:  ${ORG}/${REPO}
+Issue: #${ISSUE}
+Title: ${ISSUE_TITLE}
+
+--- ISSUE BODY ---
+${ISSUE_BODY}
+
+--- INSTRUCTIONS ---
+
+1. Clone the repo:
+   git clone --depth 1 "https://\${TOKEN}@forge.alexanderwhitestone.com/${ORG}/${REPO}.git"
+   cd ${REPO}
+
+2. Create branch:
+   git checkout -b ${AGENT}/${REPO}-${ISSUE}
+
+3. Read the issue, implement the fix or feature.
+
+4. Test your changes locally.
+
+5. Commit and push:
+   git add -A
+   git commit -m "[${AGENT}] ${ISSUE_TITLE} (#${ISSUE})"
+   git push origin ${AGENT}/${REPO}-${ISSUE}
+
+6. Open PR via Gitea API:
+   curl -X POST \\
+     -H "Authorization: token \${TOKEN}" \\
+     -H "Content-Type: application/json" \\
+     "${FORGE}/api/v1/repos/${ORG}/${REPO}/pulls" \\
+     -d '{"title":"[${AGENT}] ${ISSUE_TITLE}","head":"${AGENT}/${REPO}-${ISSUE}","base":"main","body":"Closes #${ISSUE}"}'
+
+7. File new issues for anything discovered.
+
+Token: \${GITEA_TOKEN} or ~/.config/gitea/token
+Forge: ${FORGE}
+
+Sovereignty and service always.
+================================================================================
+EOF

scripts/sonnet-smoke-test.sh

@@ -0,0 +1,195 @@
+#!/bin/bash
+# ============================================================================
+# Sonnet Workforce Smoke Test
+# ============================================================================
+# Refs: timmy-home #512
+#
+# Validates that the Sonnet workforce agent can perform the full
+# clone → code → commit → push → PR workflow via Gitea HTTP.
+#
+# Usage:
+#   scripts/sonnet-smoke-test.sh [--cleanup]
+#
+# Exit codes:
+#   0 — all checks passed
+#   1 — one or more checks failed
+# ============================================================================
+
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+TOKEN="${GITEA_TOKEN:-$(cat ~/.config/gitea/token 2>/dev/null || true)}"
+FORGE="https://forge.alexanderwhitestone.com"
+ORG="Timmy_Foundation"
+REPO="timmy-home"
+TEST_BRANCH="smoke/sonnet-$(date +%s)"
+
+# Colors
+GREEN='\\033[0;32m'
+RED='\\033[0;31m'
+YELLOW='\\033[0;33m'
+NC='\\033[0m'
+
+PASS=0
+FAIL=0
+
+log_pass() { echo -e "${GREEN}✓${NC} $1"; PASS=$((PASS + 1)); }
+log_fail() { echo -e "${RED}✗${NC} $1"; FAIL=$((FAIL + 1)); }
+log_info() { echo -e "${YELLOW}▶${NC} $1"; }
+
+# ── Prerequisites ──────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Checking prerequisites..."
+
+if [ -z "$TOKEN" ]; then
+    log_fail "Gitea token not found (checked GITEA_TOKEN env and ~/.config/gitea/token)"
+    exit 1
+fi
+
+if ! command -v git &>/dev/null; then
+    log_fail "git not installed"
+    exit 1
+fi
+
+if ! command -v curl &>/dev/null; then
+    log_fail "curl not installed"
+    exit 1
+fi
+
+if ! command -v python3 &>/dev/null; then
+    log_fail "python3 not installed"
+    exit 1
+fi
+
+log_pass "Prerequisites OK"
+
+# ── 1. Clone via Gitea HTTP ───────────────────────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Step 1: Clone repo via Gitea HTTP..."
+
+TMPDIR=$(mktemp -d)
+CLONE_URL="${FORGE}/${ORG}/${REPO}.git"
+
+cd "$TMPDIR"
+if git clone --depth 1 "https://${TOKEN}@${FORGE#https://}/${ORG}/${REPO}.git" smoke-clone 2>/dev/null; then
+    log_pass "Clone via Gitea HTTP"
+else
+    log_fail "Clone via Gitea HTTP"
+    rm -rf "$TMPDIR"
+    exit 1
+fi
+
+# ── 2. Commit ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Step 2: Create branch and commit..."
+
+cd "$TMPDIR/smoke-clone"
+git checkout -b "$TEST_BRANCH" 2>/dev/null || true
+
+# Make a harmless change
+printf "# Sonnet smoke test marker\\n# timestamp: %s\\n" "$(date -u +%Y-%m-%dT%H:%M:%SZ)" > SONNET_SMOKE_MARKER.md
+git add SONNET_SMOKE_MARKER.md
+
+if git -c user.email="sonnet@timmy.local" -c user.name="Sonnet Smoke Test" \
+   commit -m "test: sonnet smoke test marker" 2>/dev/null; then
+    log_pass "Commit created"
+else
+    log_fail "Commit failed"
+    rm -rf "$TMPDIR"
+    exit 1
+fi
+
+# ── 3. Push ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Step 3: Push branch..."
+
+if git push origin "$TEST_BRANCH" 2>/dev/null; then
+    log_pass "Push to origin"
+else
+    log_fail "Push to origin"
+    rm -rf "$TMPDIR"
+    exit 1
+fi
+
+# ── 4. Create PR ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Step 4: Create PR via Gitea API..."
+
+PR_RESPONSE=$(curl -s -X POST \
+    -H "Authorization: token ${TOKEN}" \
+    -H "Content-Type: application/json" \
+    "${FORGE}/api/v1/repos/${ORG}/${REPO}/pulls" \
+    -d "{
+      \"title\": \"test: sonnet smoke test ${TEST_BRANCH}\",
+      \"head\": \"${TEST_BRANCH}\",
+      \"base\": \"main\",
+      \"body\": \"Automated smoke test verifying Sonnet can clone, commit, push, and open a PR.\\n\\nRefs #512\"
+    }" 2>/dev/null)
+
+PR_NUMBER=$(echo "$PR_RESPONSE" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('number',''))")
+
+if [ -n "$PR_NUMBER" ] && [ "$PR_NUMBER" != "None" ]; then
+    log_pass "PR created (#${PR_NUMBER})"
+    PR_URL="${FORGE}/${ORG}/${REPO}/pulls/${PR_NUMBER}"
+    echo "  URL: $PR_URL"
+else
+    log_fail "PR creation failed"
+    echo "  Response: $PR_RESPONSE"
+    rm -rf "$TMPDIR"
+    exit 1
+fi
+
+# ── 5. Verify PR exists ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+log_info "Step 5: Verify PR exists via API..."
+
+PR_CHECK=$(curl -s -H "Authorization: token ${TOKEN}" \
+    "${FORGE}/api/v1/repos/${ORG}/${REPO}/pulls/${PR_NUMBER}" 2>/dev/null)
+
+PR_STATE=$(echo "$PR_CHECK" | python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('state',''))")
+
+if [ "$PR_STATE" = "open" ]; then
+    log_pass "PR verified open via API"
+else
+    log_fail "PR state is '$PR_STATE', expected 'open'"
+fi
+
+# ── Cleanup (optional) ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+if [ "${1:-}" = "--cleanup" ]; then
+    log_info "Cleaning up smoke test artifacts..."
+    curl -s -X PATCH -H "Authorization: token ${TOKEN}" \
+        -H "Content-Type: application/json" \
+        "${FORGE}/api/v1/repos/${ORG}/${REPO}/pulls/${PR_NUMBER}" \
+        -d '{"state":"closed"}' >/dev/null 2>&1 || true
+    git push origin --delete "$TEST_BRANCH" 2>/dev/null || true
+    log_pass "Cleanup complete"
+fi
+
+rm -rf "$TMPDIR"
+
+# ── Summary ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
+
+echo ""
+echo "================================================================"
+echo "  Sonnet Smoke Test Summary"
+echo "================================================================"
+echo -e "  Passed: ${GREEN}${PASS}${NC}"
+echo -e "  Failed: ${RED}${FAIL}${NC}"
+echo ""
+
+if [ "$FAIL" -gt 0 ]; then
+    echo -e "${RED}RESULT: FAILED${NC}"
+    exit 1
+else
+    echo -e "${GREEN}RESULT: PASSED${NC}"
+    echo ""
+    echo "Sonnet workforce is verified end-to-end:"
+    echo "  ✓ Clone via Gitea HTTP"
+    echo "  ✓ Branch + commit"
+    echo "  ✓ Push to origin"
+    echo "  ✓ Open PR via API"
+    echo "  ✓ Verify PR state"
+    exit 0
+fi

uni-wizard/v4/uni_wizard/__init__.py

@@ -38,6 +38,7 @@ class House(Enum):
     EZRA = "ezra"        # Archivist, reader
     BEZALEL = "bezalel"  # Artificer, builder
     ALLEGRO = "allegro"  # Tempo-and-dispatch, connected
+    SONNET = "sonnet"    # Anthropic Claude Sonnet (cloud, high-reasoning)
 
 
 class Mode(Enum):