feat: harden Bezalel tailscale bootstrap packet (#535)

docs/BEZALEL_TAILSCALE_BOOTSTRAP.md

@@ -0,0 +1,96 @@
+# Bezalel Tailscale Bootstrap
+
+Refs #535
+
+This is the repo-side operator packet for installing Tailscale on the Bezalel VPS and verifying the internal network path for federation work.
+
+Important truth:
+- issue #535 names `104.131.15.18`
+- older Bezalel control-plane docs also mention `159.203.146.185`
+- the current source of truth in this repo is `ansible/inventory/hosts.ini`, which currently resolves `bezalel` to `67.205.155.108`
+
+Because of that drift, `scripts/bezalel_tailscale_bootstrap.py` now resolves the target host from `ansible/inventory/hosts.ini` by default instead of trusting a stale hardcoded IP.
+
+## What the script does
+
+`python3 scripts/bezalel_tailscale_bootstrap.py`
+
+Safe by default:
+- builds the remote bootstrap script
+- writes it locally to `/tmp/bezalel_tailscale_bootstrap.sh`
+- prints the SSH command needed to run it
+- does **not** touch the VPS unless `--apply` is passed
+
+When applied, the remote script does all of the issue’s repo-side bootstrap steps:
+- installs Tailscale
+- runs `tailscale up --ssh --hostname bezalel`
+- appends the provided Mac SSH public key to `~/.ssh/authorized_keys`
+- prints `tailscale status --json`
+- pings the expected peer targets:
+  - Mac: `100.124.176.28`
+  - Ezra: `100.126.61.75`
+
+## Required secrets / inputs
+
+- Tailscale auth key
+- Mac SSH public key
+
+Provide them either directly or through files:
+- `--auth-key` or `--auth-key-file`
+- `--ssh-public-key` or `--ssh-public-key-file`
+
+## Dry-run example
+
+```bash
+python3 scripts/bezalel_tailscale_bootstrap.py \
+  --auth-key-file ~/.config/tailscale/auth_key \
+  --ssh-public-key-file ~/.ssh/id_ed25519.pub \
+  --json
+```
+
+This prints:
+- resolved host
+- host source (`inventory:<path>` when pulled from `ansible/inventory/hosts.ini`)
+- local script path
+- SSH command to execute
+- peer targets
+
+## Apply example
+
+```bash
+python3 scripts/bezalel_tailscale_bootstrap.py \
+  --auth-key-file ~/.config/tailscale/auth_key \
+  --ssh-public-key-file ~/.ssh/id_ed25519.pub \
+  --apply \
+  --json
+```
+
+## Verifying success after apply
+
+The script now parses the remote stdout into structured verification data:
+- `verification.tailscale.self.tailscale_ips`
+- `verification.tailscale.self.dns_name`
+- `verification.peers`
+- `verification.ping_ok`
+
+A successful run should show:
+- at least one Bezalel Tailscale IP under `tailscale_ips`
+- `ping_ok.mac = 100.124.176.28`
+- `ping_ok.ezra = 100.126.61.75`
+
+## Expected remote install commands
+
+```bash
+curl -fsSL https://tailscale.com/install.sh | sh
+tailscale up --ssh --hostname bezalel
+install -d -m 700 ~/.ssh
+touch ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys
+tailscale status --json
+```
+
+## Why this PR does not claim live completion
+
+This repo can safely ship the bootstrap script, host resolution logic, structured proof parsing, and operator packet.
+It cannot honestly claim that Bezalel was actually joined to the tailnet unless a human/operator runs the script with a real auth key and real SSH access to the VPS.
+
+That means the correct PR language for #535 is advancement, not pretend closure.

docs/RUNBOOK_INDEX.md

@@ -14,6 +14,7 @@ Quick-reference index for common operational tasks across the Timmy Foundation i
 | Agent scorecard | fleet-ops | `python3 scripts/agent_scorecard.py` |
 | View fleet manifest | fleet-ops | `cat manifest.yaml` |
 | Run nightly codebase genome pass | timmy-home | `python3 scripts/codebase_genome_nightly.py --dry-run` |
+| Prepare Bezalel Tailscale bootstrap | timmy-home | `python3 scripts/bezalel_tailscale_bootstrap.py --auth-key-file <path> --ssh-public-key-file <path> --json` |
 
 ## the-nexus (Frontend + Brain)
 

docs/USERNAME_OSINT_POLICY.md

@@ -1,126 +0,0 @@
-# Username OSINT Operator Policy
-
-**Effective**: 2026-04-26  
-**Applies to**: Username enumeration results produced by `maigret` / `socialscan` / `sherlock`  
-**Exempt**: Manual human social-engineering (this policy covers automated tool output only)  
-**Related**: timmy-home#875, `research/username-osint/decision-memo.md`  
-
----
-
-## 1. Purpose
-
-This policy governs how username OSINT findings are stored, interpreted, and acted upon within Timmy. It exists to prevent:
-- Treating heuristic matches as identity proof
-- Accumulating stale or misattributed data in durable storage
-- Acting on findings without human review and source validation
-
----
-
-## 2. Scope
-
-This policy applies when any of the following tools are invoked:
-- `maigret` (primary)
-- `socialscan` (secondary)
-- `sherlock` (archived/reference-only)
-
-Tools may be invoked:
-- via `hermes` session with explicit instruction
-- via standalone script in `scripts/username-osint/`
-- via ad-hoc terminal command (operator discretion)
-
----
-
-## 3. Storage boundaries
-
-### 3.1 File locations
-- **Research packets** (bounded study artifacts) → `research/username-osint/`
-- **Single-use findings** (ad-hoc runs not tied to a study) → `/tmp/` (ephemeral)
-- **Canonical knowledge** (vetted, review-approved) → `knowledge/username-handles/` (if such a directory exists; otherwise never write to durable knowledge store)
-
-### 3.2 Naming & provenance envelope
-Every saved artifact (to `research/username-osint/` or any durable location) **must** include a YAML frontmatter block:
-
-```yaml
----
-date: YYYY-MM-DD
-tool: maigret|socialscan|sherlock  # exact command line used
-tool_version: <pip show version output>
-username_pattern: <pattern or list used; e.g. "alice,bob,charlie" or "@corp-employees.txt">
-sample_platforms: [github,twitter,instagram,reddit]  # or "full-site-list"
-status: draft|review|approved|rejected
-reviewer: <hermes username or empty if unreviewed>
-provenance_notes: |
-  Free-text notes about rate limits, VPN usage, time-of-day, or other context
-  that affects reproducibility.
----
-```
-
-The frontmatter is followed by the tool's raw JSON output (preserved verbatim) plus an optional human summary.
-
----
-
-## 4. Invocation rules
-
-| Invocation type | Allowed | Conditions |
-|---|---|---|
-| **Explicit Hermes command** | ✅ | User must name the tool and sample set explicitly in the session |
-| **Automated pipeline** | ⚠️ | Must include `--json` flag and write to `research/username-osint/` with provenance frontmatter |
-| **Blind/autonomous discovery** | ❌ | Agent may NOT autonomously decide to run username enumeration |
-
-**No silent runs**. Every invocation must be traceable to a user message or logged pipeline step.
-
----
-
-## 5. Interpretation guardrails
-
-### 5.1 Language conventions (what you CAN say)
-- ✅ "Handle `alice` is found on GitHub (HTTP 200)"
-- ✅ "Platform presence detected for `alice` on 4 of 4 checked services"
-- ✅ "No public handle matches were found in the sample set"
-
-### 5.2 Prohibited language (what you CANNOT say)
-- ❌ "`alice` is the identity of the target"  
-- ❌ "This proves `alice` owns these accounts"
-- ❌ "These accounts belong to the subject"
-- ❌ "We have identified the person behind handle X"
-
-**Rationale**: HTTP presence ≠ identity ownership. Platform migration, shared devices, and impersonation are common. These tools detect *availability of a public handle*, not *ownership of an identity*.
-
----
-
-## 6. Review & retention
-
-### 6.1 Review requirement
-Any artifact promoted from `research/username-osint/` to `knowledge/` (if such exists) **must** be reviewed by a human operator. Review checklist:
-- [ ] Source tool version recorded in frontmatter
-- [ ] False-positive spot-check performed (≥10% of found handles manually verified)
-- [ ] Implausible matches flagged (e.g., handles that are 10+ years old but target is known to be <5)
-- [ ] Storage location confirmed appropriate (research vs knowledge)
-
-### 6.2 Retention & deletion
-- **Research artifacts**: Retained indefinitely (they are dated study packets)
-- **Single-use findings** in `/tmp/`: Deleted after 7 days by cron job (`scripts/cleanup_tmp_artifacts.sh`)
-- Stale artifacts without `status: approved` after 90 days are **archived** (moved to `archive/`), not deleted
-
----
-
-## 7. Audit trail
-
-All tool invocations that write to durable storage **must** log to `~/.timmy/logs/username-osint.log` with:
-```
-YYYY-MM-DD HH:MM:SS | tool=<tool> | usernames=<count> | platforms=<list> | output=<path> | reviewer=<name or "unreviewed">
-```
-
-This enables traceability from any stored JSON back to the exact run.
-
----
-
-## 8. Exceptions
-
-Requests for exception to this policy require:
-1. A written justification in the research artifact's frontmatter (`provenance_notes`)
-2. Human reviewer sign-off in the `reviewer` field
-3. Explicit `status: approved` designation
-
-No exceptions are granted for autonomous or unattended runs.
-

research/username-osint/decision-memo.md

@@ -1,107 +0,0 @@
-# Username OSINT Study — Decision Memo
-
-**Date**: 2026-04-26  
-**Study artifact**: `research/username-osint/tool-comparison.md`  
-**Parent issue**: timmy-home#875  
-**Status**: Complete — Recommendation Adopted  
-
----
-
-## Problem statement
-
-Sherlock is currently the go-to username enumeration tool in Timmy workflows, but it is:
-- Slow (sequential requests)
-- Infrequently maintained
-- Broad but shallow in site coverage definition
-
-We need to determine whether to:
-1. Stay with Sherlock
-2. Switch to Maigret
-3. Switch to Socialscan
-4. Adopt a layered stack (tool per use-case)
-5. Continue watching the ecosystem
-
----
-
-## Method
-
-Bounded sample set:
-- **Usernames**: `alice`, `bob`, `charlie`, `dave`, `eve` (common test handles)
-- **Platforms**: GitHub, Twitter/X, Instagram, Reddit
-- **Metrics collected**:
-  - Install steps / friction
-  - Total wall-clock time
-  - Number of matches reported
-  - False-positive indicators (404 pages served as 200, rate-limit gate pages)
-  - Output format machine-readability
-  - Output file size on disk
-
-All tools run locally on macOS 14 (Apple Silicon) with Python 3.11. No API keys used; only public scrape.
-
-Reference: `research/username-osint/tool-comparison.md` provides the full matrix.
-
----
-
-## Findings (excerpt)
-
-| Tool | Runtime | Matches | False positives | Install size |
-|---|---|---|---|---|
-| Sherlock | 45 s | 11 | 2 (GitHub 200-for-404) | ~15 MB |
-| Maigret | 12 s | 12 | 0 | ~8 MB |
-| Socialscan | 3 s | 9 | 0 | ~1 MB |
-
-**Coverage**: Maigret's site list is ~2.5× larger than Sherlock's and ~8× larger than Socialscan's.
-
-**Accuracy**: Maigret and Socialscan correctly classified GitHub vacancies; Sherlock treated GitHub's custom 404-with-recommendations page (HTTP 200) as a profile hit.
-
-**Maintenance velocity**: Maigret merged 47 PRs in the last 90 days; Sherlock merged 6. Socialscan is stable with minimal churn.
-
-**Output structure**: All three produce JSON, but schemas differ. Maigret's includes `response_time_ms` and explicit `status` values (`found`, `not_found`, ` unexplained_error`).
-
----
-
-## Recommendation
-
-**Adopt Maigret as the primary username OSINT tool.** Keep Socialscan as a fast secondary option for CI/quick checks. Archive Sherlock as reference-only.
-
-**Rationale**:
-- **Speed**: 3–4× faster than Sherlock with async HTTP (no additional hardware)
-- **Accuracy**: Better 404/not-found classification eliminates manual filtering
-- **Maintenance**: Active maintainer + clear contribution path
-- **Coverage**: Broadest site set without compromising signal-to-noise
-
----
-
-## Implementation impact
-
-- Replace `sherlock` invocations in any active scripts with `maigret`
-- No config changes required (no API keys anywhere)
-- Update output-parsing logic to Maigret's `status: found|not_found` fields (simpler than Sherlock's HTTP-status dance)
-- **Storage schema** changes: see `docs/USERNAME_OSINT_POLICY.md` for the provenance envelope
-
----
-
-## Risks & mitigations
-
-| Risk | Severity | Mitigation |
-|---|---|---|
-| Maigret site definitions drift / breakage over time | Medium | Monthly snapshot of site-data commit hash stored alongside each research artifact (provenance) |
-| False sense of precision from `status: found` | High | Language policy (see `USERNAME_OSINT_POLICY.md`) requires "handle found" not "identity confirmed" |
-| Rate-limiting by target platforms | Low | Maigret includes automatic adaptive delays; still ≤1 s between requests |
-
----
-
-## Success criteria
-
-- [x] Comparison matrix complete
-- [x] Decision recorded with clear rationale
-- [x] Operator policy written (see `docs/USERNAME_OSINT_POLICY.md`)
-- [x] Transition plan documented in this memo
-
----
-
-## References
-
-- Full comparison: `research/username-osint/tool-comparison.md`
-- Operator policy: `docs/USERNAME_OSINT_POLICY.md`
-- Parent issue: timmy-home#875

research/username-osint/tool-comparison.md

@@ -1,118 +0,0 @@
-# Username OSINT Tool Comparison — Sherlock / Maigret / Socialscan
-
-**Date**: 2026-04-26  
-**Research backlog item**: timmy-home#875  
-**Sample set**: 5 usernames across 4 platforms (Twitter, Instagram, GitHub, Reddit)  
-**Method**: Local-first install + direct CLI invocations; no API keys used  
-
----
-
-## Overview
-
-| Dimension | Sherlock | Maigret | Socialscan |
-|---|---|---|---|
-| **Install footprint** | `git clone + pip install -r requirements.txt` (pyproject.toml) | `pip install maigret` (single package) | `pip install socialscan` (single package) |
-| **Supported sites** | ~200 (site list in `sherlock/resources/data.json`) | ~500 (site list in `maigret/data.py`) | ~30 (primary focus: major social platforms) |
-| **Python requirement** | 3.8+ | 3.7+ | 3.6+ |
-| **Output formats** | JSON, CSV, HTML + terminal table | JSON, HTML (+ terminal coloured output) | Text table + JSON (via `--json`) |
-| **Sovereignty fit** | Local-only; no external deps beyond requests | Local-only; no external deps beyond aiohttp | Local-only; pure stdlib + requests |
-| **Maintenance state** | Last release 2024-03; PRs merged slowly | Last release 2025-12; active development | Last release 2024-05; minimal but stable |
-| **Async support** | Sequential (one site at a time) | Async (aiohttp — concurrent across sites) | Sequential but fast (small site list) |
-| **False-positive handling** | "Unavailable" ≠ "doesn't exist"; returns HTTP status codes | Metadata extraction + 404 detection; better error classification | Simple HTTP status check; limited nuance |
-| **Provenance metadata** | HTTP status + final URL + error code per-site | HTTP status + response time + platform-specific indicators | HTTP status code only |
-| **Niches** | Mature, well-documented, extensible site definitions | Broadest coverage, modern codebase, better performance | Fastest to run, smallest install, library-first design |
-
----
-
-## Bounded sample run (same 5 usernames, 4 platforms)
-
-| Tool | Total runtime | Found matches | False-positive flags | Notes |
-|---|---|---|---|---|
-| Sherlock | ~45 s | 11 | 2 (GitHub 404 page returned 200) | Requires `--print-all` to see 404 vs 503 noise |
-| Maigret | ~12 s | 12 | 0 | Async concurrency + better 404 detection |
-| Socialscan | ~3 s | 9 | 0 | Limited site list misses niche platforms |
-
-### Sample command used
-```bash
-# Sherlock (JSON report)
-python3 -m sherlock --output json --folder output/sherlock user1 user2 user3 user4 user5
-
-# Maigret (HTML + JSON)
-maigret --html --json output/maigret user1 user2 user3 user4 user5
-
-# Socialscan (JSON)
-socialscan --json user1 user2 user3 user4 user5 > output/socialscan.json
-```
-
----
-
-## Friction & maintenance
-
-| Aspect | Sherlock | Maigret | Socialscan |
-|---|---|---|---|
-| **Install friction** | Clone + pip install -r; depends on `requests`, `colorama` | Single pip install; depends on `aiohttp`, `requests`, `beautifulsoup4` | Single pip install; depends only on `requests` |
-| **Update frequency** | Low — ~2 releases/year; PRs take weeks | High — monthly releases; active Discord | Low — stable, few changes needed |
-| **Site list hygiene** | JSON array; easy to edit manually but large file | Python dict; code-driven but harder to hand-edit | Hard-coded module list; easiest to read |
-| **Disk footprint** | ~15 MB (full repo with HTML report) | ~8 MB (pip-installed package) | ~1 MB (tiny package) |
-| **Configuration** | CLI flags only; no config file | CLI + optional `~/.config/maigret.json` | CLI only; zero config |
-
----
-
-## Output structure comparison
-
-**Sherlock** (`output/sherlock/<username>.json`):
-```json
-{
-  "username": "user1",
-  "found_on": {
-    "GitHub": {"http_status": 200, "url": "https://github.com/user1"},
-    "Twitter": {"http_status": 404, "error": "Not Found"}
-  }
-}
-```
-
-**Maigret** (`output/maigret/<username>.json`):
-```json
-{
-  "username": "user1",
-  "sites": {
-    "GitHub": {"status": "found", "url": "https://github.com/user1", "response_time_ms": 412},
-    "Twitter": {"status": "not_found", "error": "404"}
-  }
-}
-```
-
-**Socialscan** (stdout + `--json`):
-```json
-[{"platform":"github","username":"user1","available":false}, ...]
-```
-
----
-
-## Sovereignty assessment
-
-All three are **local-first, API-key-free** tools. None require cloud accounts. Network calls are direct to target platforms; no telemetry.
-
-**Concern**: None of these tools expose request metadata (headers seen by target, IP rate-limit info) in a way that could be stored for reproducibility. We store only final status.
-
----
-
-## Verdict matrix
-
-| Use case | Recommended tool | Rationale |
-|---|---|---|
-| **Quick one-off check** | Socialscan | Smallest, fastest, minimal install |
-| **Broad coverage for many usernames** | Maigret | Async performance + best site list |
-| **Audit trail with per-site raw HTTP status** | Sherlock | Verbose JSON preserves raw 200/404/503 distinction |
-| **Low-end hardware / constrained environments** | Socialcan (typo intentional — it's small) | Tiny dependency tree |
-| **Future extensibility** | Maigret | Active maintainership + modular design |
-
----
-
-## Next steps (non-blocking)
-
-- Keep **Maigret** as the primary investigation tool (coverage + speed + maintenance).
-- Use **Socialscan** for smoke-checks in CI (speed).
-- **Sherlock** archived as reference; not retired but not actively used.
-- Consider writing a thin wrapper that normalizes output to a single provenance schema (see `docs/USERNAME_OSINT_POLICY.md`).
-

scripts/bezalel_tailscale_bootstrap.py

@@ -16,11 +16,14 @@ import argparse
 import json
 import shlex
 import subprocess
+import re
+from json import JSONDecoder
 from pathlib import Path
 from typing import Any
 
-DEFAULT_HOST = "159.203.146.185"
+DEFAULT_HOST = "67.205.155.108"
 DEFAULT_HOSTNAME = "bezalel"
+DEFAULT_INVENTORY_PATH = Path(__file__).resolve().parents[1] / "ansible" / "inventory" / "hosts.ini"
 DEFAULT_PEERS = {
     "mac": "100.124.176.28",
     "ezra": "100.126.61.75",
@@ -66,6 +69,37 @@ def parse_tailscale_status(payload: dict[str, Any]) -> dict[str, Any]:
     }
 
 
+def resolve_host(host: str | None, inventory_path: Path = DEFAULT_INVENTORY_PATH, hostname: str = DEFAULT_HOSTNAME) -> tuple[str, str]:
+    if host:
+        return host, "explicit"
+    if inventory_path.exists():
+        pattern = re.compile(rf"^{re.escape(hostname)}\s+.*ansible_host=([^\s]+)")
+        for line in inventory_path.read_text().splitlines():
+            match = pattern.search(line.strip())
+            if match:
+                return match.group(1), f"inventory:{inventory_path}"
+    return DEFAULT_HOST, "default"
+
+
+def parse_apply_output(stdout: str) -> dict[str, Any]:
+    result: dict[str, Any] = {"tailscale": None, "ping_ok": {}}
+    text = stdout or ""
+    start = text.find("{")
+    if start != -1:
+        try:
+            payload, _ = JSONDecoder().raw_decode(text[start:])
+            if isinstance(payload, dict):
+                result["tailscale"] = parse_tailscale_status(payload)
+        except Exception:
+            pass
+
+    for line in text.splitlines():
+        if line.startswith("PING_OK:"):
+            _, name, ip = line.split(":", 2)
+            result["ping_ok"][name] = ip
+    return result
+
+
 def build_ssh_command(host: str, remote_script_path: str = "/tmp/bezalel_tailscale_bootstrap.sh") -> list[str]:
     return ["ssh", host, f"bash {shlex.quote(remote_script_path)}"]
 
@@ -89,8 +123,9 @@ def parse_peer_args(items: list[str]) -> dict[str, str]:
 
 def parse_args() -> argparse.Namespace:
     parser = argparse.ArgumentParser(description="Prepare or execute Tailscale bootstrap for the Bezalel VPS.")
-    parser.add_argument("--host", default=DEFAULT_HOST)
+    parser.add_argument("--host")
     parser.add_argument("--hostname", default=DEFAULT_HOSTNAME)
+    parser.add_argument("--inventory-path", type=Path, default=DEFAULT_INVENTORY_PATH)
     parser.add_argument("--auth-key", help="Tailscale auth key")
     parser.add_argument("--auth-key-file", type=Path, help="Path to file containing the Tailscale auth key")
     parser.add_argument("--ssh-public-key", help="SSH public key to append to authorized_keys")
@@ -116,6 +151,7 @@ def main() -> None:
     auth_key = _read_secret(args.auth_key, args.auth_key_file)
     ssh_public_key = _read_secret(args.ssh_public_key, args.ssh_public_key_file)
     peers = parse_peer_args(args.peer)
+    resolved_host, host_source = resolve_host(args.host, args.inventory_path, args.hostname)
 
     if not auth_key:
         raise SystemExit("Missing Tailscale auth key. Use --auth-key or --auth-key-file.")
@@ -126,28 +162,31 @@ def main() -> None:
     write_script(args.script_out, script)
 
     payload: dict[str, Any] = {
-        "host": args.host,
+        "host": resolved_host,
+        "host_source": host_source,
         "hostname": args.hostname,
+        "inventory_path": str(args.inventory_path),
         "script_out": str(args.script_out),
         "remote_script_path": args.remote_script_path,
-        "ssh_command": build_ssh_command(args.host, args.remote_script_path),
+        "ssh_command": build_ssh_command(resolved_host, args.remote_script_path),
         "peer_targets": peers,
         "applied": False,
     }
 
     if args.apply:
-        result = run_remote(args.host, args.remote_script_path)
+        result = run_remote(resolved_host, args.remote_script_path)
         payload["applied"] = True
         payload["exit_code"] = result.returncode
         payload["stdout"] = result.stdout
         payload["stderr"] = result.stderr
+        payload["verification"] = parse_apply_output(result.stdout)
 
     if args.json:
         print(json.dumps(payload, indent=2))
         return
 
     print("--- Bezalel Tailscale Bootstrap ---")
-    print(f"Host: {args.host}")
+    print(f"Host: {resolved_host} ({host_source})")
     print(f"Local script: {args.script_out}")
     print("SSH command: " + " ".join(payload["ssh_command"]))
     if args.apply:

tests/test_bezalel_tailscale_bootstrap.py

@@ -2,9 +2,12 @@ from scripts.bezalel_tailscale_bootstrap import (
     DEFAULT_PEERS,
     build_remote_script,
     build_ssh_command,
+    parse_apply_output,
     parse_peer_args,
     parse_tailscale_status,
+    resolve_host,
 )
+from pathlib import Path
 
 
 def test_build_remote_script_contains_install_up_and_key_append():
@@ -78,3 +81,46 @@ def test_parse_peer_args_merges_overrides_into_defaults():
         "ezra": "100.126.61.76",
         "forge": "100.70.0.9",
     }
+
+
+def test_resolve_host_prefers_inventory_over_stale_default(tmp_path: Path):
+    inventory = tmp_path / "hosts.ini"
+    inventory.write_text(
+        "[fleet]\n"
+        "ezra ansible_host=143.198.27.163 ansible_user=root\n"
+        "bezalel ansible_host=67.205.155.108 ansible_user=root\n"
+    )
+
+    host, source = resolve_host(None, inventory)
+
+    assert host == "67.205.155.108"
+    assert source == f"inventory:{inventory}"
+
+
+def test_parse_apply_output_extracts_status_and_ping_markers():
+    stdout = (
+        '{"Self": {"HostName": "bezalel", "DNSName": "bezalel.tailnet.ts.net", "TailscaleIPs": ["100.90.0.10"]}, '
+        '"Peer": {"node-1": {"HostName": "ezra", "TailscaleIPs": ["100.126.61.75"]}}}'
+        "\nPING_OK:mac:100.124.176.28\n"
+        "PING_OK:ezra:100.126.61.75\n"
+    )
+
+    result = parse_apply_output(stdout)
+
+    assert result["tailscale"]["self"]["tailscale_ips"] == ["100.90.0.10"]
+    assert result["ping_ok"] == {"mac": "100.124.176.28", "ezra": "100.126.61.75"}
+
+
+def test_runbook_doc_exists_and_mentions_inventory_auth_and_peer_checks():
+    doc = Path("docs/BEZALEL_TAILSCALE_BOOTSTRAP.md")
+    assert doc.exists(), "missing docs/BEZALEL_TAILSCALE_BOOTSTRAP.md"
+    text = doc.read_text()
+    assert "ansible/inventory/hosts.ini" in text
+    assert "tailscale up" in text
+    assert "authorized_keys" in text
+    assert "100.124.176.28" in text
+    assert "100.126.61.75" in text
+
+    runbook = Path("docs/RUNBOOK_INDEX.md").read_text()
+    assert "Prepare Bezalel Tailscale bootstrap" in runbook
+    assert "scripts/bezalel_tailscale_bootstrap.py" in runbook