Add OpenClaw governance review patch

Add OpenClaw x AtoCore V1 governance docs
chore(ledger): Wave 2 ingestion + codex audit response session log
2026-04-23 16:02:53 +00:00 · 2026-04-23 15:59:49 +00:00 · 2026-04-12 07:57:32 -04:00 · 2026-04-12 07:37:14 -04:00 · 2026-04-12 07:35:09 -04:00 · 2026-04-12 07:31:34 -04:00
43 changed files with 6697 additions and 40 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -1,5 +1,13 @@
 # AGENTS.md
 ## Session protocol (read first, every session)
 **Before doing anything else, read `DEV-LEDGER.md` at the repo root.** It is the one-file source of truth for "what is currently true" — live SHA, active plan, open review findings, recent decisions. The narrative docs under `docs/` may lag; the ledger does not.
 **Before ending a session, append a Session Log line to `DEV-LEDGER.md`** with what you did and which commit range it covers, and bump the Orientation section if anything there changed.
 This rule applies equally to Claude, Codex, and any future agent working in this repo.
 ## Project role
 This repository is AtoCore, the runtime and machine-memory layer of the Ato ecosystem.
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -0,0 +1,30 @@
 # CLAUDE.md — project instructions for AtoCore
 ## Session protocol
 Before doing anything else in this repo, read `DEV-LEDGER.md` at the repo root. It is the shared operating memory between Claude, Codex, and the human operator — live Dalidou SHA, active plan, open P1/P2 review findings, recent decisions, and session log. The narrative docs under `docs/` sometimes lag; the ledger does not.
 Before ending a session, append a Session Log line to `DEV-LEDGER.md` covering:
 - which commits you produced (sha range)
 - what changed at a high level
 - any harness / test count deltas
 - anything you overclaimed and later corrected
 Bump the **Orientation** section if `live_sha`, `main_tip`, `test_count`, or `harness` changed.
 `AGENTS.md` at the repo root carries the broader project principles (storage separation, deployment model, coding guidance). Read it when you need the "why" behind a constraint.
 ## Deploy workflow
 ```bash
 git push origin main && ssh papa@dalidou "bash /srv/storage/atocore/app/deploy/dalidou/deploy.sh"
 ```
 The deploy script self-verifies via `/health` build_sha — if it exits non-zero, do not assume the change is live.
 ## Working model
 - Claude builds; Codex audits. No parallel work on the same files.
 - P1 review findings block further `main` commits until acknowledged in the ledger's **Open Review Findings** table.
 - Codex branches must fork from `origin/main` (no orphan commits that require `--allow-unrelated-histories`).
--- a/DEV-LEDGER.md
+++ b/DEV-LEDGER.md
@@ -0,0 +1,191 @@
 # AtoCore Dev Ledger
 > Shared operating memory between humans, Claude, and Codex.
 > **Every session MUST read this file at start and append a Session Log entry before ending.**
 > Section headers are stable - do not rename them. Trim Session Log and Recent Decisions to the last 20 entries at session end; older history lives in `git log` and `docs/`.
 ## Orientation
 - **live_sha** (Dalidou `/health` build_sha): `39d73e9`
 - **last_updated**: 2026-04-12 by Claude (Wave 2 ingestion + R6 fix deployed)
 - **main_tip**: `39d73e9`
 - **test_count**: 280 passing
 - **harness**: `16/18 PASS` (p06-firmware-interface = R7 ranking tie; p06-tailscale = chunk bleed)
 - **active_memories**: 36 (p06-polisher 16, p05-interferometer 6, p04-gigabit 5, atocore 5, other 4)
 - **project_state_entries**: p04=6, p05=7, p06=7 (Wave 2 added 8 new entries)
 - **off_host_backup**: `papa@192.168.86.39:/home/papa/atocore-backups/` via cron env `ATOCORE_BACKUP_RSYNC`, verified
 ## Active Plan
 **Mini-phase**: Extractor improvement (eval-driven) + retrieval harness expansion.
 **Duration**: 8 days, hard gates at each day boundary.
 **Plan author**: Codex (2026-04-11). **Executor**: Claude. **Audit**: Codex.
 ### Preflight (before Day 1)
 Stop if any of these fail:
 - `git rev-parse HEAD` on `main` matches the expected branching tip
 - Live `/health` on Dalidou reports the SHA you think is deployed
 - `python scripts/retrieval_eval.py --json` still passes at the current baseline
 - `batch-extract` over the known 42-capture slice reproduces the current low-yield baseline
 - A frozen sample set exists for extractor labeling so the target does not move mid-phase
 Success: baseline eval output saved, baseline extract output saved, working branch created from `origin/main`.
 ### Day 1 - Labeled extractor eval set
 Pick 30 real captures: 10 that should produce 0 candidates, 10 that should plausibly produce 1, 10 ambiguous/hard. Store as a stable artifact (interaction id, expected count, expected type, notes). Add a runner that scores extractor output against labels.
 Success: 30 labeled interactions in a stable artifact, one-command precision/recall output.
 Fail-early: if labeling 30 takes more than a day because the concept is unclear, tighten the extraction target before touching code.
 ### Day 2 - Measure current extractor
 Run the rule-based extractor on all 30. Record yield, TP, FP, FN. Bucket misses by class (conversational preference, decision summary, status/constraint, meta chatter).
 Success: short scorecard with counts by miss type, top 2 miss classes obvious.
 Fail-early: if the labeled set shows fewer than 5 plausible positives total, the corpus is too weak - relabel before tuning.
 ### Day 3 - Smallest rule expansion for top miss class
 Add 1-2 narrow, explainable rules for the worst miss class. Add unit tests from real paraphrase examples in the labeled set. Then rerun eval.
 Success: recall up on the labeled set, false positives do not materially rise, new tests cover the new cue class.
 Fail-early: if one rule expansion raises FP above ~20% of extracted candidates, revert or narrow before adding more.
 ### Day 4 - Decision gate: more rules or LLM-assisted prototype
 If rule expansion reaches a **meaningfully reviewable queue**, keep going with rules. Otherwise prototype an LLM-assisted extraction mode behind a flag.
 "Meaningfully reviewable queue":
 - >= 15-25% candidate yield on the 30 labeled captures
 - FP rate low enough that manual triage feels tolerable
 - >= 2 real non-synthetic candidates worth review
 Hard stop: if candidate yield is still under 10% after this point, stop rule tinkering and switch to architecture review (LLM-assisted OR narrower extraction scope).
 ### Day 5 - Stabilize and document
 Add remaining focused rules or the flagged LLM-assisted path. Write down in-scope and out-of-scope utterance kinds.
 Success: labeled eval green against target threshold, extractor scope explainable in <= 5 bullets.
 ### Day 6 - Retrieval harness expansion (6 -> 15-20 fixtures)
 Grow across p04/p05/p06. Include short ambiguous prompts, cross-project collision cases, expected project-state wins, expected project-memory wins, and 1-2 "should fail open / low confidence" cases.
 Success: >= 15 fixtures, each active project has easy + medium + hard cases.
 Fail-early: if fixtures are mostly obvious wins, add harder adversarial cases before claiming coverage.
 ### Day 7 - Regression pass and calibration
 Run harness on current code vs live Dalidou. Inspect failures (ranking, ingestion gap, project bleed, budget). Make at most ONE ranking/budget tweak if the harness clearly justifies it. Do not mix harness expansion and ranking changes in a single commit unless tightly coupled.
 Success: harness still passes or improves after extractor work; any ranking tweak is justified by a concrete fixture delta.
 Fail-early: if > 20-25% of harness fixtures regress after extractor changes, separate concerns before merging.
 ### Day 8 - Merge and close
 Clean commit sequence. Save before/after metrics (extractor scorecard, harness results). Update docs only with claims the metrics support.
 Merge order: labeled corpus + runner -> extractor improvements + tests -> harness expansion -> any justified ranking tweak -> docs sync last.
 Success: point to a before/after delta for both extraction and retrieval; docs do not overclaim.
 ### Hard Gates (stop/rethink points)
 - Extractor yield < 10% after 30 labeled interactions -> stop, reconsider rule-only extraction
 - FP rate > 20% on labeled set -> narrow rules before adding more
 - Harness expansion finds < 3 genuinely hard cases -> harness still too soft
 - Ranking change improves one project but regresses another -> do not merge without explicit tradeoff note
 ### Branching
 One branch `codex/extractor-eval-loop` for Day 1-5, a second `codex/retrieval-harness-expansion` for Day 6-7. Keeps extraction and retrieval judgments auditable.
 ## Review Protocol
 - Codex records review findings in **Open Review Findings**.
 - Claude must read **Open Review Findings** at session start before coding.
 - Codex owns finding text. Claude may update operational fields only:
  - `status`
  - `owner`
  - `resolved_by`
 - If Claude disagrees with a finding, do not rewrite it. Mark it `declined` and explain why in the **Session Log**.
 - Any commit or session that addresses a finding should reference the finding id in the commit message or **Session Log**.
 - `P1` findings block further commits in the affected area until they are at least acknowledged and explicitly tracked.
 - Findings may be code-level, claim-level, or ops-level. If the implementation boundary changes, retarget the finding instead of silently closing it.
 ## Open Review Findings
 | id  | finder | severity | file:line                          | summary                                                                 | status       | owner  | opened_at  | resolved_by |
 |-----|--------|----------|------------------------------------|-------------------------------------------------------------------------|--------------|--------|------------|-------------|
 | R1  | Codex  | P1       | deploy/hooks/capture_stop.py:76-85 | Live Claude capture still omits `extract`, so "loop closed both sides" remains overstated in practice even though the API supports it | acknowledged | Claude | 2026-04-11 |             |
 | R2  | Codex  | P1       | src/atocore/context/builder.py     | Project memories excluded from pack                                     | fixed        | Claude | 2026-04-11 | 8ea53f4     |
 | R3  | Claude | P2       | src/atocore/memory/extractor.py    | Rule cues (`## Decision:`) never fire on conversational LLM text        | open         | Claude | 2026-04-11 |             |
 | R4  | Codex  | P2       | DEV-LEDGER.md:11                   | Orientation `main_tip` was stale versus `HEAD` / `origin/main`          | fixed        | Codex  | 2026-04-11 | 81307ce     |
 | R5  | Codex  | P1       | src/atocore/interactions/service.py:157-174 | The deployed extraction path still calls only the rule extractor; the new LLM extractor is eval/script-only, so Day 4 "gate cleared" is true as a benchmark result but not as an operational extraction path | acknowledged | Claude | 2026-04-12 |             |
 | R6  | Codex  | P1       | src/atocore/memory/extractor_llm.py:258-276 | LLM extraction accepts model-supplied `project` verbatim with no fallback to `interaction.project`; live triage promoted a clearly p06 memory (offline/network rule) as project=`""`, which explains the p06-offline-design harness miss and falsifies the current "all 3 failures are budget-contention" claim | fixed        | Claude | 2026-04-12 | this commit |
 | R7  | Codex  | P2       | src/atocore/memory/service.py:448-459 | Query ranking is overlap-count only, so broad overview memories can tie exact low-confidence memories and win on confidence; p06-firmware-interface is not just budget pressure, it also exposes a weak lexical scorer | open         | Claude | 2026-04-12 |             |
 | R8  | Codex  | P2       | tests/test_extractor_llm.py:1-7    | LLM extractor tests stop at parser/failure contracts; there is no automated coverage for the script-only persistence/review path that produced the 16 promoted memories, including project-scope preservation | open         | Claude | 2026-04-12 |             |
 ## Recent Decisions
 - **2026-04-12** Day 4 gate cleared: LLM-assisted extraction via `claude -p` (OAuth, no API key) is the path forward. Rule extractor stays as default for structural cues. *Proposed by:* Claude. *Ratified by:* Antoine.
 - **2026-04-12** First live triage: 16 promoted, 35 rejected from 51 LLM-extracted candidates. 31% accept rate. Active memory count 20->36. *Executed by:* Claude. *Ratified by:* Antoine.
 - **2026-04-12** No API keys allowed in AtoCore — LLM-assisted features use OAuth via `claude -p` or equivalent CLI-authenticated paths. *Proposed by:* Antoine.
 - **2026-04-12** Multi-model extraction direction: extraction/triage should be model-agnostic, with Codex/Gemini/Ollama as second-pass reviewers for robustness. *Proposed by:* Antoine.
 - **2026-04-11** Adopt this ledger as shared operating memory between Claude and Codex. *Proposed by:* Antoine. *Ratified by:* Antoine.
 - **2026-04-11** Accept Codex's 8-day mini-phase plan verbatim as Active Plan. *Proposed by:* Codex. *Ratified by:* Antoine.
 - **2026-04-11** Review findings live in `DEV-LEDGER.md` with Codex owning finding text and Claude updating status fields only. *Proposed by:* Codex. *Ratified by:* Antoine.
 - **2026-04-11** Project memories land in the pack under `--- Project Memories ---` at 25% budget ratio, gated on canonical project hint. *Proposed by:* Claude.
 - **2026-04-11** Extraction stays off the capture hot path. Batch / manual only. *Proposed by:* Antoine.
 - **2026-04-11** 4-step roadmap: extractor -> harness expansion -> Wave 2 ingestion -> OpenClaw finish. Steps 1+2 as one mini-phase. *Ratified by:* Antoine.
 - **2026-04-11** Codex branches must fork from `main`, not be orphan commits. *Proposed by:* Claude. *Agreed by:* Codex.
 ## Session Log
 - **2026-04-23 Codex** Phase 2 policy/doc cleanup for the OpenClaw x AtoCore operating model. Normalized the 5 Phase 1 docs to clean ASCII, removed Screenpipe from V1 active scope, added `docs/openclaw-atocore-v1-proof-runbook.md`, and added a non-applied shared-client consolidation preview at `docs/openclaw-atocore-shared-client-consolidation-preview.md`. Also updated OpenClaw governance text in `/home/papa/clawd/AGENTS.md` and `/home/papa/clawd/skills/atocore-context/SKILL.md` so Discord-originated AtoCore actions are read-only by default and mutating actions require explicit current-thread/session approval. No code/runtime/schema changes, no deploy, no tests run.
 - **2026-04-23 Codex** Phase 1 OpenClaw × AtoCore operating-model audit/design/doc pass only. Read AGENTS/CLAUDE/DEV-LEDGER plus requested integration docs, verified OpenClaw helper surface vs shared operator client, confirmed live fail-open read path, confirmed discrawl presence, and confirmed Screenpipe was not installed locally. Wrote 5 new docs: `docs/openclaw-atocore-audit-note.md`, `docs/openclaw-atocore-v1-architecture.md`, `docs/openclaw-atocore-write-policy-matrix.md`, `docs/openclaw-atocore-promotion-pipeline.md`, `docs/openclaw-atocore-nightly-screener-runbook.md`. No code/runtime/skill changes, no deploy, no tests run.
 - **2026-04-12 Claude** Wave 2 trusted operational ingestion + codex audit response. Read 6 vault docs, created 8 new Trusted Project State entries (p04 +2, p05 +3, p06 +3). Fixed R6 (project fallback in LLM extractor) per codex audit. Fixed misscoped p06 offline memory on live Dalidou. Merged codex/audit-2026-04-12. Switched default LLM model from haiku to sonnet. Harness 15/18 -> 16/18. Tests 278 -> 280. main_tip 146f2e4 -> 39d73e9.
 - **2026-04-12 Codex (audit branch `codex/audit-2026-04-12`)** audited `c5bad99..146f2e4` against code, live Dalidou, and the 36 active memories. Confirmed: `claude -p` invocation is not shell-injection-prone (`subprocess.run(args)` with no shell), off-host backup wiring matches the ledger, and R1 remains unresolved in practice. Added R5-R8. Corrected Orientation `main_tip` (`146f2e4`, not `5c69f77`) and tightened the harness note: p06-firmware-interface is a ranking-tie issue, p06-offline-design comes from a project-scope miss in live triage, and p06-tailscale is retrieved-chunk bleed rather than memory-band budget contention.
 - **2026-04-12 Claude** `06792d8..5c69f77` Day 5-8 close. Documented extractor scope (5 in-scope, 6 out-of-scope categories). Expanded harness from 6 to 18 fixtures (p04 +1, p05 +1, p06 +7, adversarial +2). Per-entry memory cap at 250 chars fixed 1 of 4 budget-contention failures. Final harness: 15/18 PASS. Mini-phase complete. Before/after: rule extractor 0% recall -> LLM 100%; harness 6/6 -> 15/18; active memories 20 -> 36.
 - **2026-04-12 Claude** `330ecfb..06792d8` (merged eval-loop branch + triage). Day 1-4 of the mini-phase completed in one session. Day 2 baseline: rule extractor 0% recall, 5 distinct miss classes. Day 4 gate cleared: LLM extractor (claude -p haiku, OAuth) hit 100% recall, 2.55 yield/interaction. Refactored from anthropic SDK to subprocess after "no API key" rule. First live triage: 51 candidates -> 16 promoted, 35 rejected. Active memories 20->36. p06-polisher went from 2 to 16 memories (firmware/telemetry architecture set). POST /memory now accepts status field. Test count 264->278.
 - **2026-04-11 Claude** `claude/extractor-eval-loop @ 7d8d599` — Day 1+2 of the mini-phase. Froze a 64-interaction snapshot (`scripts/eval_data/interactions_snapshot_2026-04-11.json`) and labeled 20 by length-stratified random sample (5 positive, 15 zero; 7 total expected candidates). Built `scripts/extractor_eval.py` as a file-based eval runner. **Day 2 baseline: rule extractor hit 0% yield / 0% recall / 0% precision on the labeled set; 5 false negatives across 5 distinct miss classes (recommendation_prose, architectural_change_summary, spec_update_announcement, layered_recommendation, alignment_assertion).** This is the Day 4 hard-stop signal arriving two days early — a single rule expansion cannot close a 5-way miss, and widening rules blindly will collapse precision. The Day 4 decision gate is escalated to Antoine for ratification before Day 3 touches any extractor code. No extractor code on main has changed.
 - **2026-04-11 Codex (ledger audit)** fixed stale `main_tip`, retargeted R1 from the API surface to the live Claude Stop hook, and formalized the review write protocol so Claude can consume findings without rewriting them.
 - **2026-04-11 Claude** `b3253f3..59331e5` (1 commit). Wired the DEV-LEDGER, added session protocol to AGENTS.md, created project-local CLAUDE.md, deleted stale `codex/port-atocore-ops-client` remote branch. No code changes, no redeploy needed.
 - **2026-04-11 Claude** `c5bad99..b3253f3` (11 commits + 1 merge). Length-aware reinforcement, project memories in pack, query-relevance memory ranking, hyphenated-identifier tokenizer, retrieval eval harness seeded, off-host backup wired end-to-end, docs synced, codex integration-pass branch merged. Harness went 0->6/6 on live Dalidou.
 - **2026-04-11 Codex (async review)** identified 2 P1s against a stale checkout. R1 was fair (extraction not automated), R2 was outdated (project memories already landed on main). Delivered the 8-day execution plan now in Active Plan.
 - **2026-04-06 Antoine** created `codex/atocore-integration-pass` with the `t420-openclaw/` workspace (merged 2026-04-11).
 ## Working Rules
 - Claude builds; Codex audits. No parallel work on the same files.
 - Codex branches fork from `main`: `git fetch origin && git checkout -b codex/<topic> origin/main`.
 - P1 findings block further main commits until acknowledged in Open Review Findings.
 - Every session appends at least one Session Log line and bumps Orientation.
 - Trim Session Log and Recent Decisions to the last 20 at session end.
 - Docs in `docs/` may overclaim stale status; the ledger is the one-file source of truth for "what is true right now."
 ## Quick Commands
 ```bash
 # Check live state
 ssh papa@dalidou "curl -s http://localhost:8100/health"
 # Run the retrieval harness
 python scripts/retrieval_eval.py            # human-readable
 python scripts/retrieval_eval.py --json     # machine-readable
 # Deploy a new main tip
 git push origin main && ssh papa@dalidou "bash /srv/storage/atocore/app/deploy/dalidou/deploy.sh"
 # Reflection-loop ops
 python scripts/atocore_client.py batch-extract '' '' 200 false   # preview
 python scripts/atocore_client.py batch-extract '' '' 200 true    # persist
 python scripts/atocore_client.py triage
 ```
--- a/deploy/dalidou/cron-backup.sh
+++ b/deploy/dalidou/cron-backup.sh
@@ -0,0 +1,85 @@
 #!/usr/bin/env bash
 #
 # deploy/dalidou/cron-backup.sh
 # ------------------------------
 # Daily backup + retention cleanup via the AtoCore API.
 #
 # Intended to run from cron on Dalidou:
 #
 #   # Daily at 03:00 UTC
 #   0 3 * * * /srv/storage/atocore/app/deploy/dalidou/cron-backup.sh >> /var/log/atocore-backup.log 2>&1
 #
 # What it does:
 #   1. Creates a runtime backup (db + registry, no chroma by default)
 #   2. Runs retention cleanup with --confirm to delete old snapshots
 #   3. Logs results to stdout (captured by cron into the log file)
 #
 # Fail-open: exits 0 even on API errors so cron doesn't send noise
 # emails. Check /var/log/atocore-backup.log for diagnostics.
 #
 # Environment variables:
 #   ATOCORE_URL             default http://127.0.0.1:8100
 #   ATOCORE_BACKUP_CHROMA   default false (set to "true" for cold chroma copy)
 #   ATOCORE_BACKUP_DIR      default /srv/storage/atocore/backups
 #   ATOCORE_BACKUP_RSYNC    optional rsync destination for off-host copies
 #                           (e.g. papa@laptop:/home/papa/atocore-backups/)
 #                           When set, the local snapshots tree is rsynced to
 #                           the destination after cleanup. Unset = skip.
 #                           SSH key auth must already be configured from this
 #                           host to the destination.
 set -euo pipefail
 ATOCORE_URL="${ATOCORE_URL:-http://127.0.0.1:8100}"
 INCLUDE_CHROMA="${ATOCORE_BACKUP_CHROMA:-false}"
 BACKUP_DIR="${ATOCORE_BACKUP_DIR:-/srv/storage/atocore/backups}"
 RSYNC_TARGET="${ATOCORE_BACKUP_RSYNC:-}"
 TIMESTAMP="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
 log() { printf '[%s] %s\n' "$TIMESTAMP" "$*"; }
 log "=== AtoCore daily backup starting ==="
 # Step 1: Create backup
 log "Step 1: creating backup (chroma=$INCLUDE_CHROMA)"
 BACKUP_RESULT=$(curl -sf -X POST \
    -H "Content-Type: application/json" \
    -d "{\"include_chroma\": $INCLUDE_CHROMA}" \
    "$ATOCORE_URL/admin/backup" 2>&1) || {
    log "ERROR: backup creation failed: $BACKUP_RESULT"
    exit 0
 }
 log "Backup created: $BACKUP_RESULT"
 # Step 2: Retention cleanup (confirm=true to actually delete)
 log "Step 2: running retention cleanup"
 CLEANUP_RESULT=$(curl -sf -X POST \
    -H "Content-Type: application/json" \
    -d '{"confirm": true}' \
    "$ATOCORE_URL/admin/backup/cleanup" 2>&1) || {
    log "ERROR: cleanup failed: $CLEANUP_RESULT"
    exit 0
 }
 log "Cleanup result: $CLEANUP_RESULT"
 # Step 3: Off-host rsync (optional). Fail-open: log but don't abort
 # the cron so a laptop being offline at 03:00 UTC never turns the
 # local backup path red.
 if [[ -n "$RSYNC_TARGET" ]]; then
    log "Step 3: rsyncing snapshots to $RSYNC_TARGET"
    if [[ ! -d "$BACKUP_DIR/snapshots" ]]; then
        log "WARN: $BACKUP_DIR/snapshots does not exist, skipping rsync"
    else
        RSYNC_OUTPUT=$(rsync -a --delete \
            -e "ssh -o ConnectTimeout=10 -o BatchMode=yes -o StrictHostKeyChecking=accept-new" \
            "$BACKUP_DIR/snapshots/" "$RSYNC_TARGET" 2>&1) && {
            log "Rsync complete"
        } || {
            log "WARN: rsync to $RSYNC_TARGET failed (offline or auth?): $RSYNC_OUTPUT"
        }
    fi
 else
    log "Step 3: ATOCORE_BACKUP_RSYNC not set, skipping off-host copy"
 fi
 log "=== AtoCore daily backup complete ==="
--- a/deploy/hooks/capture_stop.py
+++ b/deploy/hooks/capture_stop.py
@@ -3,7 +3,7 @@
 Reads the Stop hook JSON from stdin, extracts the last user prompt
 from the transcript JSONL, and POSTs to the AtoCore /interactions
-endpoint in conservative mode (reinforce=false, no extraction).
+endpoint with reinforcement enabled (no extraction).
 Fail-open: always exits 0, logs errors to stderr only.
@@ -81,7 +81,7 @@ def _capture() -> None:
        "client": "claude-code",
        "session_id": session_id,
        "project": project,
-        "reinforce": False,
+        "reinforce": True,
    }
    body = json.dumps(payload, ensure_ascii=True).encode("utf-8")
--- a/docs/master-plan-status.md
+++ b/docs/master-plan-status.md
@@ -32,7 +32,18 @@ read-only additive mode.
 ### Baseline Complete
 - Phase 9 - Reflection (all three foundation commits landed:
-  A capture, B reinforcement, C candidate extraction + review queue)
+  A capture, B reinforcement, C candidate extraction + review queue).
  As of 2026-04-11 the capture → reinforce half runs automatically on
  every Stop-hook capture (length-aware token-overlap matcher handles
  paragraph-length memories), and project-scoped memories now reach
  the context pack via a dedicated `--- Project Memories ---` band
  between identity/preference and retrieved chunks. The extract half
  is still a manual / batch flow by design (`scripts/atocore_client.py
  batch-extract` + `triage`). First live batch-extract run over 42
  captured interactions produced 1 candidate (rule extractor is
  conservative and keys on structural cues like `## Decision:`
  headings that rarely appear in conversational LLM responses) —
  extractor tuning is a known follow-up.
 ### Not Yet Complete In The Intended Sense
@@ -167,7 +178,9 @@ These remain intentionally deferred.
 - automatic write-back from OpenClaw into AtoCore
 - automatic memory promotion
- reflection loop integration
+- ~~reflection loop integration~~ — baseline now in (capture→reinforce
  auto, extract batch/manual). Extractor tuning and scheduled batch
  extraction still open.
 - replacing OpenClaw's own memory system
 - live machine-DB sync between machines
 - full ontology / graph expansion before the current baseline is stable
--- a/docs/next-steps.md
+++ b/docs/next-steps.md
@@ -137,7 +137,12 @@ P06:
 - automatic write-back from OpenClaw into AtoCore
 - automatic memory promotion
- reflection loop integration
+- ~~reflection loop integration~~ — baseline now landed (2026-04-11):
  Stop hook runs reinforce automatically, project memories are folded
  into the context pack, batch-extract and triage CLIs exist. What
  remains deferred: scheduled/automatic batch extraction and extractor
  rule tuning (rule-based extractor produced 1 candidate from 42 real
  captures — needs new cues for conversational LLM content).
 - replacing OpenClaw's own memory system
 - syncing the live machine DB between machines
@@ -159,6 +164,116 @@ The next batch is successful if:
 - project ingestion remains controlled rather than noisy
 - the canonical Dalidou instance stays stable
 ## Retrieval Quality Review — 2026-04-11
 First sweep with real project-hinted queries on Dalidou. Used
 `POST /context/build` against p04, p05, p06 with representative
 questions and inspected `formatted_context`.
 Findings:
 - **Trusted Project State is surfacing correctly.** The DECISION and
  REQUIREMENT categories appear at the top of the pack and include
  the expected key facts (e.g. p04 "Option B conical-back mirror
  architecture"). This is the strongest signal in the pack today.
 - **Chunk retrieval is relevant on-topic but broad.** Top chunks for
  the p04 architecture query are PDR intro, CAD assembly overview,
  and the index — all on the right project but none of them directly
  answer the "why was Option B chosen" question. The authoritative
  answer sits in Project State, not in the chunks.
 - **Active memories are NOT reaching the pack.** The context builder
  surfaces Trusted Project State and retrieved chunks but does not
  include the 21 active project/knowledge memories. Reinforcement
  (Phase 9 Commit B) bumps memory confidence without the memory ever
  being read back into a prompt — the reflection loop has no outlet
  on the retrieval side. This is a design gap, not a bug: needs a
  decision on whether memories should feed into context assembly,
  and if so at what trust level (below project_state, above chunks).
 - **Cross-project bleed is low.** The p04 query did pull one p05
  chunk (CGH_Design_Input_for_AOM) as the bottom hit but the top-4
  were all p04.
 Proposed follow-ups (not yet scheduled):
 1. ~~Decide whether memories should be folded into `formatted_context`
   and under what section header.~~ DONE 2026-04-11 (commits 8ea53f4,
   5913da5, 1161645). A `--- Project Memories ---` band now sits
   between identity/preference and retrieved chunks, gated on a
   canonical project hint to prevent cross-project bleed. Budget
   ratio 0.25 (tuned empirically — paragraph memories are ~400 chars
   and earlier 0.15 ratio starved the first entry by one char).
   Verified live: p04 architecture query surfaces the Option B memory.
 2. Re-run the same three queries after any builder change and compare
   `formatted_context` diffs — still open, and is the natural entry
   point for the retrieval eval harness on the roadmap.
 ## Reflection Loop Live Check — 2026-04-11
 First real run of `batch-extract` across 42 captured Claude Code
 interactions on Dalidou produced exactly **1 candidate**, and that
 candidate was a synthetic test capture from earlier in the session
 (rejected). Finding:
 - The rule-based extractor in `src/atocore/memory/extractor.py` keys
  on explicit structural cues (decision headings like
  `## Decision: ...`, preference sentences, etc.). Real Claude Code
  responses are conversational and almost never contain those cues.
 - This means the capture → extract half of the reflection loop is
  effectively inert against organic LLM sessions until either the
  rules are broadened (new cue families: "we chose X because...",
  "the selected approach is...", etc.) or an LLM-assisted extraction
  path is added alongside the rule-based one.
 - Capture → reinforce is working correctly on live data (length-aware
  matcher verified on live paraphrase of a p04 memory).
 Follow-up candidates:
 1. ~~Extractor rule expansion~~ — Day 2 baseline showed 0% recall
   across 5 distinct miss classes; rule expansion cannot close a
   5-way miss. Deprioritized.
 2. ~~LLM-assisted extractor~~ — DONE 2026-04-12. `extractor_llm.py`
   shells out to `claude -p` (Haiku, OAuth, no API key). First live
   run: 100% recall, 2.55 yield/interaction on a 20-interaction
   labeled set. First triage: 51 candidates → 16 promoted, 35
   rejected (31% accept rate). Active memories 20 → 36.
 3. ~~Retrieval eval harness~~ — DONE 2026-04-11 (scripts/retrieval_eval.py,
   6/6 passing). Expansion to 15-20 fixtures is mini-phase Day 6.
 ## Extractor Scope — 2026-04-12
 What the LLM-assisted extractor (`src/atocore/memory/extractor_llm.py`)
 extracts from conversational Claude Code captures:
 **In scope:**
 - Architectural commitments (e.g. "Z-axis is engage/retract, not
  continuous position")
 - Ratified decisions with project scope (e.g. "USB SSD mandatory on
  RPi for telemetry storage")
 - Durable engineering facts (e.g. "telemetry data rate ~29 MB/hour")
 - Working rules and adaptation patterns (e.g. "extraction stays off
  the capture hot path")
 - Interface invariants (e.g. "controller-job.v1 in, run-log.v1 out;
  no firmware change needed")
 **Out of scope (intentionally rejected by triage):**
 - Transient roadmap / plan steps that will be stale in a week
 - Operational instructions ("run this command to deploy")
 - Process rules that live in DEV-LEDGER.md / AGENTS.md, not in memory
 - Implementation details that are too granular (individual field names
  when the parent concept is already captured)
 - Already-fixed review findings (P1/P2 that no longer apply)
 - Duplicates of existing active memories with wrong project tags
 **Trust model:**
 - Extraction stays off the capture hot path (batch / manual only)
 - All candidates land as `status=candidate`, never auto-promoted
 - Human or auto-triage reviews before promotion to active
 - Future direction: multi-model extraction + triage (Codex/Gemini as
  second-pass reviewers for robustness against single-model bias)
 ## Long-Run Goal
 The long-run target is:
--- a/docs/openclaw-atocore-audit-note.md
+++ b/docs/openclaw-atocore-audit-note.md
@@ -0,0 +1,317 @@
 # OpenClaw x AtoCore V1 Audit Note
 ## Scope
 This note is the Phase 1 audit for a safe OpenClaw x AtoCore operating model.
 It covers only what was directly verified in `/home/papa/ATOCore` and `/home/papa/clawd` on 2026-04-23, plus explicit assumptions called out as assumptions.
 This phase does not change code, runtime behavior, skills, helpers, or automation.
 ## Files requested and verified
 The following requested AtoCore files were present and reviewed:
 - `docs/openclaw-integration-contract.md`
 - `docs/architecture/llm-client-integration.md`
 - `docs/architecture/representation-authority.md`
 - `docs/operating-model.md`
 - `docs/current-state.md`
 - `docs/master-plan-status.md`
 - `docs/operations.md`
 - `AGENTS.md`
 - `CLAUDE.md`
 - `DEV-LEDGER.md`
 No requested files were missing.
 ## What was directly verified
 ### 1. OpenClaw instruction surface
 In `/home/papa/clawd/AGENTS.md`, OpenClaw is currently instructed to:
 - use the `atocore-context` skill for project-dependent work
 - treat AtoCore as additive and fail-open
 - prefer `auto-context` for project knowledge questions
 - prefer `project-state` for trusted current truth
 - use `refresh-project` if the human explicitly asked to refresh or ingest project changes
 - use `discrawl` automatically when Antoine asks about prior Discord discussions
 This is already close to the intended additive read path, but it also exposes mutating project operations in a general operator workflow.
 ### 2. OpenClaw helper skill surface
 The current helper skill is:
 - `/home/papa/clawd/skills/atocore-context/SKILL.md`
 - `/home/papa/clawd/skills/atocore-context/scripts/atocore.sh`
 The skill describes AtoCore as a read-only additive context service, but the helper script currently exposes the following commands:
 - `health`
 - `sources`
 - `stats`
 - `projects`
 - `project-template`
 - `detect-project`
 - `auto-context`
 - `debug-context`
 - `propose-project`
 - `register-project`
 - `update-project`
 - `refresh-project`
 - `project-state`
 - `query`
 - `context-build`
 - `ingest-sources`
 That means the helper is not actually read-only. It can drive registry mutation and ingestion-related operations.
 ### 3. AtoCore shared operator client surface
 The shared operator client in `/home/papa/ATOCore/scripts/atocore_client.py` exposes a broader surface than the OpenClaw helper, including:
 - all of the project and context operations above
 - `project-state-set`
 - `project-state-invalidate`
 - `capture`
 - `extract`
 - `reinforce-interaction`
 - `list-interactions`
 - `get-interaction`
 - `queue`
 - `promote`
 - `reject`
 - `batch-extract`
 - `triage`
 This matches the architectural intent in `docs/architecture/llm-client-integration.md`: a shared operator client should be the canonical reusable surface for multiple frontends.
 ### 4. Actual layering status today
 The intended layering is documented in `docs/architecture/llm-client-integration.md` as:
 - AtoCore HTTP API
 - shared operator client
 - thin per-agent frontends
 But the current OpenClaw helper is still its own Bash implementation. It does not shell out to the shared operator client today.
 So the shared-client pattern is documented, but not yet applied to OpenClaw.
 ### 5. AtoCore availability and fail-open behavior
 The OpenClaw helper successfully reached the live AtoCore instance during this audit.
 Verified live behavior:
 - `health` worked
 - `projects` worked
 - the helper still has fail-open logic when network access fails
 This part is consistent with the stated additive and fail-open stance.
 ### 6. Discrawl availability
 The `discrawl` CLI is installed locally and available.
 Verified during audit:
 - binary present
 - version `0.3.0`
 - OpenClaw workspace instructions explicitly route project-history recall through `discrawl`
 This supports the desired framing of Discord and Discrawl as an evidence stream.
 ### 7. Screenpipe status
 `screenpipe` was not present as a local command in this environment during the audit.
 For V1, Screenpipe is deferred and out of scope. No active Screenpipe input lane was verified or adopted in the final V1 policy.
 ## Current implementation shape
 ### What OpenClaw can do safely right now
 The current safe, directly verified OpenClaw -> AtoCore path is:
 - project detection
 - context build
 - query and retrieval
 - project-state read
 - service inspection
 - fail-open fallback
 That is the mature part of the integration.
 ### What OpenClaw can also do today, but should be treated as controlled operator actions
 The current helper also exposes:
 - project proposal preview
 - project registration
 - project update
 - project refresh
 - ingest-sources
 These should not be treated as background or conversational automation. They are operator actions and need explicit approval policy.
 ### What exists in AtoCore but is not exposed through the OpenClaw helper
 The shared operator client already supports:
 - interaction capture
 - candidate extraction
 - queue review
 - promote or reject
 - trusted project-state write and invalidate
 The current OpenClaw helper does not expose that surface.
 This is important for V1 design: the write-capable lanes already exist in AtoCore, but they are not yet safely shaped for Discord-originated automation.
 ## Conflicts with the target V1 stance
 The following conflicts are real and should be named explicitly.
 ### Conflict 1 - the OpenClaw helper is described as read-only, but it is not read-only
 `SKILL.md` frames the integration as read-only additive context.
 `atocore.sh` exposes mutating operations:
 - `register-project`
 - `update-project`
 - `refresh-project`
 - `ingest-sources`
 That mismatch needs a policy fix in Phase 2. For Phase 1 it must be documented as a conflict.
 ### Conflict 2 - OpenClaw duplicates client logic instead of using the shared operator client
 The architecture docs prefer a shared operator client reused across frontends.
 The OpenClaw helper currently reimplements request logic and project detection in Bash.
 That is a direct conflict with the preferred shared-client pattern.
 ### Conflict 3 - mutating project operations are too close to the conversational surface
 The helper makes registry and ingestion operations reachable from the OpenClaw side without a dedicated Discord-specific approval gate.
 Even if the human explicitly asks for a refresh, the current shape does not yet distinguish between:
 - a direct trusted operator action in a controlled session
 - a Discord-originated conversational path that should require an explicit human approval step before mutation
 The Phase 2 V1 policy needs that distinction.
 ### Conflict 4 - current docs overstate or blur write capabilities
 `docs/current-state.md` says OpenClaw can seed AtoCore through project-scoped memory entries and staged document ingestion.
 That was not directly verified through the current OpenClaw helper surface in `/home/papa/clawd`.
 The helper script does not expose:
 - `capture`
 - `extract`
 - `promote`
 - `reject`
 - `project-state-set`
 So there is at least a documentation and runtime-surface mismatch.
 ### Conflict 5 - there was no single OpenClaw-facing evidence lane description before this doc set
 The target architecture needs a clean distinction between:
 - raw evidence
 - reviewable candidates
 - active memories and entities
 - trusted project_state
 Today that distinction exists conceptually across several AtoCore docs, but before this Phase 1 doc set there was no single OpenClaw-facing operating model that told an operator exactly where Discord and Discrawl signals are allowed to land.
 That is the main gap this doc set closes.
 ## What is already aligned with the target V1 stance
 Several important pieces are already aligned.
 ### Aligned 1 - additive plus fail-open
 Both AtoCore and OpenClaw docs consistently say AtoCore should be additive and fail-open from the OpenClaw side.
 That is the right baseline and was verified live.
 ### Aligned 2 - project_state is already treated as special and curated
 AtoCore architecture docs already treat `project_state` as the highest-trust curated layer.
 This supports the rule that raw signals must not directly auto-write trusted project state.
 ### Aligned 3 - canonical-home thinking already exists
 `docs/architecture/representation-authority.md` already establishes that each fact type needs one canonical home.
 That is exactly the right foundation for the Discord and Discrawl design.
 ### Aligned 4 - reflection and candidate lifecycle already exists in AtoCore
 The shared operator client and AtoCore docs already have a candidate workflow:
 - capture
 - extract
 - queue
 - promote or reject
 That means V1 does not need to invent a new trust model. It needs to apply the existing one correctly to Discord and Discrawl signals.
 ## Recommended V1 operating interpretation
 Until implementation work begins, the safest V1 operating interpretation is:
 1. Discord and Discrawl are evidence sources, not truth sources.
 2. OpenClaw is the orchestrator and operator, not canonical storage.
 3. AtoCore memories may hold reviewed episodic, personal, and loose project signal.
 4. Future AtoCore entities should hold reviewed structured decisions, requirements, and constraints.
 5. `project_state` remains manual or tightly gated only.
 6. Registry mutation, refresh, ingestion, and candidate promotion or rejection require explicit human approval on Discord-originated paths.
 7. The shared operator client should become the only write-capable operator surface reused by OpenClaw and other frontends.
 8. Screenpipe remains deferred and out of V1 scope.
 ## Assumption log
 The following points were not directly verified and must stay labeled as assumptions.
 1. Screenpipe integration shape is unverified and deferred.
   - The `screenpipe` command was not present locally.
   - No verified Screenpipe pipeline files were found in the inspected workspaces.
   - V1 therefore excludes Screenpipe from active policy and runtime scope.
 2. No direct Discord -> AtoCore auto-mutation path was verified in code.
   - The OpenClaw workspace clearly contains read and query context behavior and a Discrawl retrieval rule.
   - It does not clearly expose a verified Discord-triggered path that auto-calls `project-state-set`, `promote`, `reject`, or `register-project`.
   - The risk is therefore policy and proximity of commands, not a proven live mutation bug.
 3. OpenClaw runtime use of the shared operator client was not verified because it is not implemented yet.
   - The shared client exists in the AtoCore repo.
   - The OpenClaw helper is still its own Bash implementation.
 4. A dedicated evidence store was not verified as a first-class AtoCore schema layer.
   - Existing AtoCore surfaces clearly support interactions and candidate memories.
   - This V1 model therefore uses evidence artifacts, interactions, and archive bundles as an architectural lane, without claiming a new implemented table already exists.
 5. Future entities remain future.
   - The entity layer is architected in AtoCore docs.
   - This audit did not verify a production entity promotion flow being used by OpenClaw.
 ## Bottom line
 The good news is that the trust foundations already exist.
 The main conclusion is that the current system is closest to a safe V1 when interpreted this way:
 - keep AtoCore additive and fail-open
 - treat Discord and Discrawl as evidence only
 - route reviewed signal into memory candidates first
 - reserve `project_state` for explicit curation only
 - move OpenClaw toward the shared operator client instead of maintaining a separate write-capable helper surface
 - keep Screenpipe out of V1
 That gives a coherent path to Phase 2 without pretending the current implementation is already there.
--- a/docs/openclaw-atocore-clawd-governance-review.patch
+++ b/docs/openclaw-atocore-clawd-governance-review.patch
@@ -0,0 +1,224 @@
 commit 80bd99aaea1bcab2ea5ea732df2f749e84d84318
 Author: Anto01 <antoine.letarte@gmail.com>
 Date:   Thu Apr 23 15:59:59 2026 +0000
    Tighten OpenClaw AtoCore governance policy
 diff --git a/AGENTS.md b/AGENTS.md
 index 1da3385..ea4d103 100644
 --- a/AGENTS.md
 +++ b/AGENTS.md
@@ -105,7 +105,7 @@ Reactions are lightweight social signals. Humans use them constantly — they sa
 ## Tools
 -When a task is contextual and project-dependent, use the `atocore-context` skill to query Dalidou-hosted AtoCore for trusted project state, retrieval, context-building, registered project refresh, or project registration discovery when that will improve accuracy. Treat AtoCore as additive and fail-open; do not replace OpenClaw's own memory with it. Prefer `projects` and `refresh-project <id>` when a known project needs a clean source refresh, and use `project-template` when proposing a new project registration, and `propose-project ...` when you want a normalized preview before editing the registry manually.
 +When a task is contextual and project-dependent, use the `atocore-context` skill to query Dalidou-hosted AtoCore for trusted project-state reads, retrieval, and context-building when that will improve accuracy. Treat AtoCore as additive and fail-open; do not replace OpenClaw's own memory with it.
 ### Organic AtoCore Routing
@@ -116,14 +116,60 @@ Use AtoCore first when the prompt:
 - asks about architecture, constraints, status, requirements, vendors, planning, prior decisions, or current project truth
 - would benefit from cross-source context instead of only the local repo
 -Preferred flow:
 +Preferred read path:
 1. `auto-context "<prompt>" 3000` for most project knowledge questions
 2. `project-state <project>` when the user is clearly asking for trusted current truth
 -3. `refresh-project <id>` before answering if the user explicitly asked to refresh or ingest project changes
 +3. fall back to normal OpenClaw tools and memory if AtoCore returns `no_project_match` or is unavailable
 Do not force AtoCore for purely local coding actions like fixing a function, editing one file, or running tests, unless broader project context is likely to matter.
 -If `auto-context` returns `no_project_match` or AtoCore is unavailable, continue normally with OpenClaw's own tools and memory.
 +### AtoCore Governance
 +
 +Default Discord posture for AtoCore is read-only and additive.
 +
 +Discord-originated or Discrawl-originated context may inform:
 +- evidence collection
 +- retrieval
 +- context building
 +- candidate review preparation
 +
 +It must not directly perform AtoCore mutating actions.
 +
 +Mutating AtoCore actions include:
 +- `register-project`
 +- `update-project`
 +- `refresh-project`
 +- `ingest-sources`
 +- `project-state-set`
 +- `project-state-invalidate`
 +- `promote`
 +- `reject`
 +- any future trusted-state or review mutation
 +
 +These actions require explicit human approval for the specific action in the current thread or session.
 +Do not infer approval from:
 +- prior Discord discussion
 +- Discrawl archive recall
 +- screener output
 +- vague intent like "we should probably refresh this"
 +
 +Hard rules:
 +- no direct Discord -> `project_state`
 +- no direct Discord -> register / update / refresh / ingest / promote / reject
 +- no hidden mutation inside screening or review-prep flows
 +- PKM notes are not the main operator instruction surface for AtoCore behavior
 +
 +### Discord Archive Retrieval (discrawl)
 +
 +When Antoine asks in natural language about prior project discussions, decisions, thread history, answers, or whether something was already discussed in Discord, use the local `discrawl` archive automatically.
 +
 +Rules:
 +- Antoine should not need to remember or type `discrawl` commands.
 +- Treat Discord history as a normal background retrieval source, like memory or project docs.
 +- Use `discrawl` silently when it will materially improve recall or confidence.
 +- Prefer this for prompts like "what did we decide", "did we discuss", "summarize the thread", "what were the open questions", or anything clearly anchored in prior Discord conversation.
 +- If both AtoCore and Discord history are relevant, use both and synthesize.
 +- If `discrawl` is stale or unavailable, say so briefly and continue with the best available context.
 Skills provide your tools. When you need one, check its `SKILL.md`. Keep local notes (camera names, SSH details, voice preferences) in `TOOLS.md`.
 diff --git a/skills/atocore-context/SKILL.md b/skills/atocore-context/SKILL.md
 index e42a7b7..fa23207 100644
 --- a/skills/atocore-context/SKILL.md
 +++ b/skills/atocore-context/SKILL.md
@@ -1,12 +1,11 @@
 ---
 name: atocore-context
 -description: Use Dalidou-hosted AtoCore as a read-only external context service for project state, retrieval, and context-building without touching OpenClaw's own memory.
 +description: Use Dalidou-hosted AtoCore as an additive external context service for project-state reads, retrieval, and context-building without replacing OpenClaw's own memory.
 ---
 # AtoCore Context
 -Use this skill when you need trusted project context, retrieval help, or AtoCore
 -health/status from the canonical Dalidou instance.
 +Use this skill when you need trusted project context, retrieval help, or AtoCore health and status from the canonical Dalidou instance.
 ## Purpose
@@ -14,7 +13,7 @@ AtoCore is an additive external context service.
 - It does not replace OpenClaw's own memory.
 - It should be used for contextual work, not trivial prompts.
 -- It is read-only in this first integration batch.
 +- The default posture is read-only and fail-open.
 - If AtoCore is unavailable, continue normally.
 ## Canonical Endpoint
@@ -31,27 +30,22 @@ Override with:
 ATOCORE_BASE_URL=http://host:port
 ```
 -## Safe Usage
 +## V1 scope
 -Use AtoCore for:
 -- project-state checks
 +Use this skill in V1 for:
 +
 +- project-state reads
 - automatic project detection for normal project questions
 -- retrieval over ingested project/ecosystem docs
 +- retrieval over ingested project and ecosystem docs
 - context-building for complex project prompts
 - verifying current AtoCore hosting and architecture state
 -- listing registered projects and refreshing a known project source set
 -- inspecting the project registration template before proposing a new project entry
 -- generating a proposal preview for a new project registration without writing it
 -- registering an approved project entry when explicitly requested
 -- updating an existing registered project when aliases or description need refinement
 +- inspecting project registrations and proposal previews when operator review is needed
 -Do not use AtoCore for:
 -- automatic memory write-back
 -- replacing OpenClaw memory
 -- silent ingestion of broad new corpora without approval
 -- mutating the registry automatically without human approval
 +Screenpipe is out of V1 scope. Do not treat it as an active input lane or dependency for this skill.
 +
 +## Read path commands
 -## Commands
 +These are the normal additive commands:
 ```bash
 ~/clawd/skills/atocore-context/scripts/atocore.sh health
@@ -62,15 +56,56 @@ Do not use AtoCore for:
 ~/clawd/skills/atocore-context/scripts/atocore.sh detect-project "what's the interferometer error budget?"
 ~/clawd/skills/atocore-context/scripts/atocore.sh auto-context "what's the interferometer error budget?" 3000
 ~/clawd/skills/atocore-context/scripts/atocore.sh debug-context
 -~/clawd/skills/atocore-context/scripts/atocore.sh propose-project p07-example "p07,example-project" vault incoming/projects/p07-example "Example project" "Primary staged project docs"
 -~/clawd/skills/atocore-context/scripts/atocore.sh register-project p07-example "p07,example-project" vault incoming/projects/p07-example "Example project" "Primary staged project docs"
 -~/clawd/skills/atocore-context/scripts/atocore.sh update-project p05 "Curated staged docs for the P05 interferometer architecture, vendors, and error-budget project."
 -~/clawd/skills/atocore-context/scripts/atocore.sh refresh-project p05
 ~/clawd/skills/atocore-context/scripts/atocore.sh project-state atocore
 ~/clawd/skills/atocore-context/scripts/atocore.sh query "What is AtoDrive?"
 ~/clawd/skills/atocore-context/scripts/atocore.sh context-build "Need current AtoCore architecture" atocore 3000
 ```
 +## Approved operator actions only
 +
 +The helper currently exposes some mutating commands, but they are not normal background behavior.
 +Treat them as approved operator actions only:
 +
 +```bash
 +~/clawd/skills/atocore-context/scripts/atocore.sh propose-project ...
 +~/clawd/skills/atocore-context/scripts/atocore.sh register-project ...
 +~/clawd/skills/atocore-context/scripts/atocore.sh update-project ...
 +~/clawd/skills/atocore-context/scripts/atocore.sh refresh-project ...
 +~/clawd/skills/atocore-context/scripts/atocore.sh ingest-sources
 +```
 +
 +Do not use these from a Discord-originated path unless the human explicitly approves the specific action in the current thread or session.
 +
 +## Explicit approval rule
 +
 +Explicit approval means all of the following:
 +
 +- the human directly instructs the specific mutating action
 +- the instruction is in the current thread or current session
 +- the approval is for that specific action
 +- the approval is not inferred from Discord evidence, Discrawl recall, screener output, or vague intent
 +
 +Examples of explicit approval:
 +
 +- "refresh p05 now"
 +- "register this project"
 +- "update the aliases"
 +
 +Non-examples:
 +
 +- "we should probably refresh this"
 +- archived discussion suggesting a refresh
 +- a screener note recommending promotion or ingestion
 +
 +## Do not use AtoCore for
 +
 +- automatic memory write-back
 +- replacing OpenClaw memory
 +- silent ingestion of broad new corpora without approval
 +- automatic registry mutation
 +- direct Discord-originated mutation of trusted or operator state
 +- direct Discord-originated promote or reject actions
 +
 ## Contract
 - prefer AtoCore only when additional context is genuinely useful
@@ -79,10 +114,6 @@ Do not use AtoCore for:
 - cite when information came from AtoCore rather than local OpenClaw memory
 - for normal project knowledge questions, prefer `auto-context "<prompt>" 3000` before answering
 - use `detect-project "<prompt>"` when you want to inspect project inference explicitly
 -- use `debug-context` right after `auto-context` or `context-build` when you want
 -  to inspect the exact last AtoCore context pack
 -- prefer `projects` plus `refresh-project <id>` over long ad hoc ingest instructions when the project is already registered
 -- use `project-template` when preparing a new project registration proposal
 -- use `propose-project ...` to draft a normalized entry and review collisions first
 -- use `register-project ...` only after the proposal has been reviewed and approved
 -- use `update-project ...` when a registered project's description or aliases need refinement before refresh
 +- use `debug-context` right after `auto-context` or `context-build` when you want to inspect the exact last AtoCore context pack
 +- use `project-template` and `propose-project ...` when preparing a reviewed registration proposal
 +- use `register-project ...`, `update-project ...`, `refresh-project ...`, and `ingest-sources` only after explicit approval
--- a/docs/openclaw-atocore-nightly-screener-runbook.md
+++ b/docs/openclaw-atocore-nightly-screener-runbook.md
@@ -0,0 +1,354 @@
 # OpenClaw x AtoCore Nightly Screener Runbook
 ## Purpose
 The nightly screener is the V1 bridge between broad evidence capture and narrow trusted state.
 Its job is to:
 - gather raw evidence from approved V1 sources
 - reduce noise
 - produce reviewable candidate material
 - prepare operator review work
 - never silently create trusted truth
 ## Scope
 The nightly screener is a screening and preparation job.
 It is not a trusted-state writer.
 It is not a registry operator.
 It is not a hidden reviewer.
 V1 active inputs are:
 - Discord and Discrawl evidence
 - OpenClaw interaction evidence
 - PKM, repos, and KB references
 - read-only AtoCore context for comparison and deduplication
 ## Explicit approval rule
 If the screener output points at a mutating operator action, that action still requires:
 - direct human instruction
 - in the current thread or current session
 - for that specific action
 - with no inference from evidence or screener output alone
 The screener may recommend review. It may not manufacture approval.
 ## Inputs
 The screener may consume the following inputs when available.
 ### 1. Discord and Discrawl evidence
 Examples:
 - recent archived Discord messages
 - thread excerpts relevant to known projects
 - conversation clusters around decisions, requirements, constraints, or repeated questions
 ### 2. OpenClaw interaction evidence
 Examples:
 - captured interactions
 - recent operator conversations relevant to projects
 - already-logged evidence bundles
 ### 3. Read-only AtoCore context inputs
 Examples:
 - project registry lookup for project matching
 - project_state read for comparison only
 - memory or entity lookups for deduplication only
 These reads may help the screener rank or classify candidates, but they must not be used as a write side effect.
 ### 4. Optional canonical-source references
 Examples:
 - PKM notes
 - repo docs
 - KB-export summaries
 These may be consulted to decide whether a signal appears to duplicate or contradict already-canonical truth.
 ## Outputs
 The screener should produce output in four buckets.
 ### 1. Nightly screener report
 A compact report describing:
 - inputs seen
 - items skipped
 - candidate counts
 - project match confidence distribution
 - failures or unavailable sources
 - items requiring human review
 ### 2. Evidence bundle or manifest
 A structured bundle of the source snippets that justified each candidate or unresolved item.
 This is the reviewer's provenance package.
 ### 3. Candidate manifests
 Separate candidate manifests for:
 - memory candidates
 - entity candidates later
 - unresolved "needs canonical-source update first" items
 ### 4. Operator action queue
 A short list of items needing explicit human action, such as:
 - review these candidates
 - decide whether to refresh project X
 - decide whether to curate project_state
 - decide whether a Discord-originated claim should first be reflected in PKM, repo, or KB
 ## Required non-output
 The screener must not directly produce any of the following:
 - active memories without review
 - active entities without review
 - project_state writes
 - registry mutation
 - refresh operations
 - ingestion operations
 - promote or reject decisions
 ## Nightly procedure
 ### Step 1 - load last-run checkpoint
 Read the last successful screener checkpoint so the run knows:
 - what time range to inspect
 - what evidence was already processed
 - which items were already dropped or bundled
 If no checkpoint exists, use a conservative bounded time window and mark the run as bootstrap mode.
 ### Step 2 - gather evidence
 Collect available evidence from each configured source.
 Per-source rule:
 - source unavailable -> note it, continue
 - source empty -> note it, continue
 - source noisy -> keep raw capture bounded and deduplicated
 ### Step 3 - normalize and deduplicate
 For each collected item:
 - normalize timestamps, source ids, and project hints
 - remove exact duplicates
 - group repeated or near-identical evidence when practical
 - keep provenance pointers intact
 The goal is to avoid flooding review with repeated copies of the same conversation.
 ### Step 4 - attempt project association
 For each evidence item, try to associate it with:
 - a registered project id, or
 - `unassigned` if confidence is low
 Rules:
 - high confidence match -> attach project id
 - low confidence match -> mark as uncertain
 - no good match -> leave unassigned
 Do not force a project assignment just to make the output tidier.
 ### Step 5 - classify signal type
 Classify each normalized item into one of these buckets:
 - noise / ignore
 - evidence only
 - memory candidate
 - entity candidate
 - needs canonical-source update first
 - needs explicit operator decision
 If the classification is uncertain, choose the lower-trust bucket.
 ### Step 6 - compare against higher-trust layers
 For non-noise items, compare against the current higher-trust landscape.
 Check for:
 - already-active equivalent memory
 - already-active equivalent entity later
 - existing project_state answer
 - obvious duplication of canonical source truth
 - obvious contradiction with canonical source truth
 This comparison is read-only.
 It is used only to rank and annotate output.
 ### Step 7 - build candidate bundles
 For each candidate:
 - include the candidate text or shape
 - include provenance snippets
 - include source type
 - include project association confidence
 - include reason for candidate classification
 - include conflict or duplicate notes if found
 ### Step 8 - build unresolved operator queue
 Some items should not become candidates yet.
 Examples:
 - "This looks like current truth but should first be updated in PKM, repo, or KB."
 - "This Discord-originated request asks for refresh or ingest."
 - "This might be a decision, but confidence is too low."
 These belong in a small operator queue, not in trusted state.
 ### Step 9 - persist report artifacts only
 Persist only:
 - screener report
 - evidence manifests
 - candidate manifests
 - checkpoint metadata
 If candidate persistence into AtoCore is enabled later, it still remains a candidate-only path and must not skip review.
 ### Step 10 - exit fail-open
 If the screener could not reach AtoCore or some source system:
 - write the failure or skip into the report
 - keep the checkpoint conservative
 - do not fake success
 - do not silently mutate anything elsewhere
 ## Failure modes
 ### Failure mode 1 - AtoCore unavailable
 Behavior:
 - continue in fail-open mode if possible
 - write a report that the run was evidence-only or degraded
 - do not attempt write-side recovery actions
 ### Failure mode 2 - Discrawl unavailable or stale
 Behavior:
 - note Discord archive input unavailable or stale
 - continue with other sources
 - do not invent Discord evidence summaries
 ### Failure mode 3 - candidate explosion
 Behavior:
 - rank candidates
 - keep only a bounded top set for review
 - put the remainder into a dropped or deferred manifest
 - do not overwhelm the reviewer queue
 ### Failure mode 4 - low-confidence project mapping
 Behavior:
 - leave items unassigned or uncertain
 - do not force them into a project-specific truth lane
 ### Failure mode 5 - contradiction with trusted truth
 Behavior:
 - flag the contradiction in the report
 - keep the evidence or candidate for review if useful
 - do not overwrite project_state
 ### Failure mode 6 - direct operator-action request found in evidence
 Examples:
 - "register this project"
 - "refresh this source"
 - "promote this memory"
 Behavior:
 - place the item into the operator action queue
 - require explicit human approval
 - do not perform the mutation as part of the screener
 ## Review handoff format
 Each screener run should hand off a compact review package containing:
 1. a run summary
 2. candidate counts by type and project
 3. top candidates with provenance
 4. unresolved items needing explicit operator choice
 5. unavailable-source notes
 6. checkpoint status
 The handoff should be short enough for a human to review without reading the entire raw archive.
 ## Safety rules
 The screener must obey these rules every night.
 1. No direct project_state writes.
 2. No direct registry mutation.
 3. No direct refresh or ingest.
 4. No direct promote or reject.
 5. No treating Discord or Discrawl as trusted truth.
 6. No hiding source uncertainty.
 7. No inventing missing integrations.
 8. No bringing deferred sources into V1 through policy drift or hidden dependency.
 ## Minimum useful run
 A useful screener run can still succeed even if it only does this:
 - gathers available Discord and OpenClaw evidence
 - filters obvious noise
 - produces a small candidate manifest
 - notes unavailable archive inputs if any
 - leaves trusted state untouched
 That is still a correct V1 run.
 ## Deferred from V1
 Screenpipe is deferred from V1. It is not an active input, not a required dependency, and not part of the runtime behavior of this V1 screener.
 ## Bottom line
 The nightly screener is not the brain of the system.
 It is the filter.
 Its purpose is to make human review easier while preserving the trust hierarchy:
 - broad capture in
 - narrow reviewed truth out
 - no hidden mutations in the middle
--- a/docs/openclaw-atocore-promotion-pipeline.md
+++ b/docs/openclaw-atocore-promotion-pipeline.md
@@ -0,0 +1,360 @@
 # OpenClaw x AtoCore V1 Promotion Pipeline
 ## Purpose
 This document defines the V1 promotion pipeline for signals coming from Discord, Discrawl, OpenClaw, PKM, and repos.
 The rule is simple:
 - raw capture is evidence
 - screening turns evidence into candidate material
 - review promotes candidates into canonical homes
 - trusted state is curated explicitly, not inferred automatically
 ## V1 scope
 V1 active inputs are:
 - Discord live conversation
 - Discrawl archive retrieval
 - OpenClaw interaction logs and evidence bundles
 - PKM notes
 - repos, KB exports, and repo docs
 Read-only AtoCore context may be consulted for comparison and deduplication.
 ## Explicit approval rule
 When this pipeline refers to approval or review for a mutating action, it means:
 - the human directly instructs the specific action
 - the instruction is in the current thread or current session
 - the approval is for that specific action
 - the approval is not inferred from evidence, archives, or screener output
 ## Pipeline summary
 ```text
 raw capture
  -> evidence bundle
  -> nightly screening
  -> candidate queue
  -> human review
  -> canonical home
  -> optional trusted-state curation
 ```
 ## Stage 0 - raw capture
 ### Inputs
 Raw capture may come from:
 - Discord live conversation
 - Discrawl archive retrieval
 - OpenClaw interaction logs
 - PKM notes
 - repos / KB exports / repo docs
 ### Rule at this stage
 Nothing captured here is trusted truth yet.
 Everything is either:
 - raw evidence, or
 - a pointer to an already-canonical source
 ## Stage 1 - evidence bundle
 The first durable V1 destination for raw signals is the evidence lane.
 Examples of evidence bundle forms:
 - AtoCore interaction records
 - Discrawl retrieval result sets
 - nightly screener input bundles
 - local archived artifacts or manifests
 - optional source snapshots used only for review preparation
 ### What evidence is for
 Evidence exists so the operator can later answer:
 - what did we actually see?
 - where did this claim come from?
 - what context supported the candidate?
 - what should the reviewer inspect before promoting anything?
 ### What evidence is not for
 Evidence is not:
 - active memory
 - active entity
 - trusted project_state
 - registry truth
 ## Stage 2 - screening
 The nightly screener or an explicit review flow reads evidence and classifies it.
 ### Screening outputs
 Each observed signal should be classified into one of these lanes:
 1. Ignore / noise
   - chatter
   - duplicate archive material
   - ambiguous fragments
   - low-signal scraps
 2. Keep as evidence only
   - useful context, but too ambiguous or too raw to promote
 3. Memory candidate
   - stable enough to review as episodic, personal, or loose project signal
 4. Entity candidate
   - structured enough to review as a future decision, requirement, constraint, or validation fact
 5. Needs canonical-source update first
   - appears to assert current trusted truth but should first be reflected in the real canonical home, such as PKM, repo, or KB tool
 ### Key screening rule
 If the screener cannot confidently tell whether a signal is:
 - raw evidence,
 - a loose durable memory,
 - or a structured project truth,
 then it must pick the lower-trust lane.
 In V1, uncertainty resolves downward.
 ## Stage 3 - candidate queue
 Only screened outputs may enter the candidate queue.
 ### Memory-candidate lane
 Use this lane for reviewed-signal candidates such as:
 - preferences
 - episodic facts
 - identity facts
 - loose stable project signal that is useful to remember but not yet a formal structured entity
 Examples:
 - "Antoine prefers operator summaries without extra ceremony."
 - "The team discussed moving OpenClaw toward a shared operator client."
 - "Discord history is useful as evidence but not as direct truth."
 ### Entity-candidate lane
 Use this lane for future structured facts such as:
 - decisions
 - requirements
 - constraints
 - validation claims
 Examples:
 - "Decision: use the shared operator client instead of duplicated frontend logic."
 - "Constraint: Discord-originated paths must not directly mutate project_state."
 ### What cannot enter directly from raw capture
 The following must not be created directly from raw Discord or Discrawl evidence without a screening step:
 - active memories
 - active entities
 - project_state entries
 - registry mutations
 - promote or reject decisions
 ## Stage 4 - human review
 This is the load-bearing stage.
 A human reviewer, mediated by OpenClaw and eventually using the shared operator client, decides whether the candidate:
 - should be promoted
 - should be rejected
 - should stay pending
 - should first be rewritten into the actual canonical source
 - should become project_state only after stronger curation
 ### Review questions
 For every candidate, the reviewer should ask:
 1. Is this actually stable enough to preserve?
 2. Is this fact ambiguous, historical, or current?
 3. What is the one canonical home for this fact type?
 4. Is memory the right home, or should this be an entity later?
 5. Is project_state justified, or is this still only evidence or candidate material?
 6. Does the source prove current truth, or only past conversation?
 ## Stage 5 - canonical promotion
 After review, the signal can move into exactly one canonical home.
 ## Promotion rules by fact shape
 ### A. Personal, episodic, or loose project signal
 Promotion destination:
 - AtoCore memory
 Use when the fact is durable and useful, but not a formal structured engineering record.
 ### B. Structured engineering fact
 Promotion destination:
 - future AtoCore entity
 Use when the fact is really a:
 - decision
 - requirement
 - constraint
 - validation claim
 ### C. Current trusted project answer
 Promotion destination:
 - AtoCore project_state
 But only after explicit curation.
 A candidate does not become project_state just because it looks important.
 The reviewer must decide that it now represents the trusted current answer.
 ### D. Human or tool source truth
 Promotion destination:
 - PKM / repo / KB tool of origin
 If a Discord-originated signal claims current truth but the canonical home is not AtoCore memory or entity, the right move may be:
 1. update the canonical source first
 2. then optionally refresh or ingest, with explicit approval if the action is mutating
 3. then optionally curate a project_state answer
 This prevents Discord from becoming the hidden source of truth.
 ## Stage 6 - optional trusted-state curation
 `project_state` is not the general destination for important facts.
 It is the curated destination for current trusted project answers.
 Examples that may justify explicit project_state curation:
 - current selected architecture
 - current next milestone
 - current status summary
 - current trusted decision outcome
 Examples that usually do not justify immediate project_state curation:
 - a raw Discord debate
 - a speculative suggestion
 - a historical conversation retrieved through Discrawl
 ## Discord-originated pipeline examples
 ### Example 1 - raw discussion about operator-client refactor
 1. Discord message enters the evidence lane.
 2. Nightly screener marks it as either evidence-only or decision candidate.
 3. Human review checks whether it is an actual decision or just discussion.
 4. If stable and approved, it becomes a memory or future entity.
 5. It reaches project_state only if explicitly curated as the trusted current answer.
 ### Example 2 - Discord thread says "refresh this project now"
 1. Discord message is evidence of operator intent.
 2. It does not auto-trigger refresh.
 3. OpenClaw asks for or recognizes explicit human approval.
 4. Approved operator action invokes the shared operator client.
 5. Refresh result may later influence candidates or trusted state, but the raw Discord message never performed the mutation by itself.
 ### Example 3 - archived thread says a requirement might be current
 1. Discrawl retrieval enters the evidence lane.
 2. Screener marks it as evidence-only or a requirement candidate.
 3. Human review checks the canonical source alignment.
 4. If accepted later, it becomes an entity candidate or active entity.
 5. project_state remains a separate explicit curation step.
 ## Promotion invariants
 The pipeline must preserve these invariants.
 ### Invariant 1 - raw evidence is not trusted truth
 No raw Discord or Discrawl signal can directly become trusted project_state.
 ### Invariant 2 - unreviewed signals can at most become candidates
 Automatic processing stops at evidence or candidate creation.
 ### Invariant 3 - each fact has one canonical home
 A fact may be supported by many evidence items, but after review it belongs in one canonical place.
 ### Invariant 4 - operator mutations require explicit approval
 Registry mutation, refresh, ingest, promote, reject, and project_state writes are operator actions.
 ### Invariant 5 - OpenClaw orchestrates; it does not become storage
 OpenClaw should coordinate the pipeline, not silently become the canonical data layer.
 ## Decision table
 | Observed signal type | Default pipeline outcome | Canonical destination if accepted |
 |---|---|---|
 | Ambiguous or raw conversation | Evidence only | none |
 | Historical archive context | Evidence only or candidate | memory or entity only after review |
 | Personal preference | Memory candidate | AtoCore memory |
 | Episodic fact | Memory candidate | AtoCore memory |
 | Loose stable project signal | Memory candidate | AtoCore memory |
 | Structured decision / requirement / constraint | Entity candidate | future AtoCore entity |
 | Claimed current trusted answer | Needs explicit curation | project_state, but only after review |
 | Tool-origin engineering fact | Canonical source update first | repo / KB / PKM tool of origin |
 ## What the pipeline deliberately prevents
 This V1 pipeline deliberately prevents these bad paths:
 - Discord -> project_state directly
 - Discrawl archive -> project_state directly
 - Discord -> registry mutation directly
 - Discord -> refresh or ingest directly without explicit approval
 - raw chat -> promote or reject directly
 - OpenClaw turning evidence into truth without a review gate
 ## Deferred from V1
 Screenpipe is deferred from V1. It is not an active input lane in this pipeline and it is not a runtime dependency of this pipeline. If it is revisited later, it should be handled in a separate future design and not treated as an implicit part of this pipeline.
 ## Bottom line
 The promotion pipeline is intentionally conservative.
 Its job is not to maximize writes.
 Its job is to preserve trust while still letting Discord, Discrawl, OpenClaw, PKM, and repos contribute useful signal.
 That means the safe default path is:
 - capture broadly
 - trust narrowly
 - promote deliberately
--- a/docs/openclaw-atocore-shared-client-consolidation-preview.md
+++ b/docs/openclaw-atocore-shared-client-consolidation-preview.md
@@ -0,0 +1,96 @@
 # OpenClaw x AtoCore Shared-Client Consolidation Preview
 ## Status
 Proposal only. Not applied.
 ## Why this exists
 The current OpenClaw helper script duplicates AtoCore-calling logic that already exists in the shared operator client:
 - request handling
 - fail-open behavior
 - project detection
 - project lifecycle command surface
 The preferred direction is to consolidate OpenClaw toward the shared operator client pattern documented in `docs/architecture/llm-client-integration.md`.
 ## Goal
 Keep the OpenClaw skill and operator policy in OpenClaw, but stop maintaining a separate Bash implementation of the AtoCore client surface when the shared client already exists in `/home/papa/ATOCore/scripts/atocore_client.py`.
 ## Non-goals for this preview
 - no implementation in this phase
 - no runtime change in this phase
 - no new helper command in this phase
 - no change to approval policy in this preview
 ## Preview diff
 This is a conceptual diff preview only.
 It is not applied.
 ```diff
 --- a/skills/atocore-context/scripts/atocore.sh
 +++ b/skills/atocore-context/scripts/atocore.sh
@@
 -#!/usr/bin/env bash
 -set -euo pipefail
 -
 -BASE_URL="${ATOCORE_BASE_URL:-http://dalidou:8100}"
 -TIMEOUT="${ATOCORE_TIMEOUT_SECONDS:-30}"
 -REFRESH_TIMEOUT="${ATOCORE_REFRESH_TIMEOUT_SECONDS:-1800}"
 -FAIL_OPEN="${ATOCORE_FAIL_OPEN:-true}"
 -
 -request() {
 -  # local curl-based request logic
 -}
 -
 -detect_project() {
 -  # local project detection logic
 -}
 -
 -case "$cmd" in
 -  health) request GET /health ;;
 -  projects) request GET /projects ;;
 -  auto-context) ... ;;
 -  register-project) ... ;;
 -  refresh-project) ... ;;
 -  ingest-sources) ... ;;
 -esac
 +#!/usr/bin/env bash
 +set -euo pipefail
 +
 +CLIENT="${ATOCORE_SHARED_CLIENT:-/home/papa/ATOCore/scripts/atocore_client.py}"
 +
 +if [[ ! -f "$CLIENT" ]]; then
 +  echo "Shared AtoCore client not found: $CLIENT" >&2
 +  exit 1
 +fi
 +
 +exec python3 "$CLIENT" "$@"
 ```
 ## Recommended implementation shape later
 If and when this is implemented, the safer shape is:
 1. keep policy and approval guidance in OpenClaw instructions and skill text
 2. delegate actual AtoCore client behavior to the shared operator client
 3. avoid adding any new helper command unless explicitly approved
 4. keep read-path and approved-operator-path distinctions in the OpenClaw guidance layer
 ## Risk notes
 Potential follow-up concerns to handle before applying:
 - path dependency on `/home/papa/ATOCore/scripts/atocore_client.py`
 - what should happen if the AtoCore repo is unavailable from the OpenClaw machine
 - whether a thin compatibility wrapper is needed for help text or argument normalization
 - ensuring OpenClaw policy still blocks unapproved Discord-originated mutations even if the shared client exposes them
 ## Bottom line
 The duplication is real and consolidation is still the right direction.
 But in this phase it remains a proposal only.
--- a/docs/openclaw-atocore-v1-architecture.md
+++ b/docs/openclaw-atocore-v1-architecture.md
@@ -0,0 +1,362 @@
 # OpenClaw x AtoCore V1 Architecture
 ## Purpose
 This document defines the safe V1 operating model for how Discord, Discrawl, OpenClaw, PKM, repos, and AtoCore work together.
 The goal is to let these systems contribute useful signal into AtoCore without turning AtoCore into a raw dump and without blurring trust boundaries.
 ## V1 scope
 V1 active inputs are:
 - Discord and Discrawl evidence
 - OpenClaw interaction evidence
 - PKM, repos, and KB sources
 - read-only AtoCore context for comparison and deduplication
 ## Core stance
 The V1 stance is simple:
 - Discord and Discrawl are evidence streams.
 - OpenClaw is the operator and orchestrator.
 - PKM, repos, and KB tools remain the canonical human and tool truth.
 - AtoCore memories hold reviewed episodic, personal, and loose project signal.
 - AtoCore project_state holds the current trusted project answer, manually or tightly gated only.
 - Future AtoCore entities hold reviewed structured decisions, requirements, constraints, and related facts.
 ## Architectural principles
 1. AtoCore remains additive and fail-open from the OpenClaw side.
 2. Every fact type has exactly one canonical home.
 3. Raw evidence is not trusted truth.
 4. Unreviewed signals become evidence or candidates, not active truth.
 5. Discord-originated paths never directly mutate project_state, registry state, refresh state, ingestion state, or review decisions without explicit human approval.
 6. OpenClaw is not canonical storage. It retrieves, compares, summarizes, requests approval, and performs approved operator actions.
 7. The shared operator client is the canonical mutating operator surface. Frontends should reuse it instead of reimplementing AtoCore-calling logic.
 ## Explicit approval rule
 In this V1 policy, explicit approval means all of the following:
 - the human directly instructs the specific mutating action
 - the instruction appears in the current thread or current session
 - the approval is for that specific action, not vague intent
 - the approval is not inferred from Discord evidence, Discrawl recall, screener output, or general discussion
 Examples of explicit approval:
 - "refresh p05 now"
 - "register this project"
 - "promote that candidate"
 - "write this to project_state"
 Examples that are not explicit approval:
 - "we should probably refresh this sometime"
 - "I think this is the current answer"
 - archived discussion saying a mutation might be useful
 - a screener report recommending a mutation
 ## System roles
 ### Discord
 Discord is a live conversational source.
 It contains fresh context, discussion, uncertainty, and project language grounded in real work.
 It is not authoritative by itself.
 Discord-originated material should be treated as:
 - raw evidence
 - candidate material after screening
 - possible justification for a later human-reviewed promotion into a canonical home
 Discord should never be treated as direct trusted project truth just because someone said it in chat.
 ### Discrawl
 Discrawl is a retrieval and archive layer over Discord history.
 It turns prior conversation into searchable evidence.
 That is useful for recall, context building, and finding prior decisions or open questions.
 Discrawl is still evidence, not authority.
 A retrieved Discord thread may show what people thought or said. It does not by itself become trusted project_state.
 ### OpenClaw
 OpenClaw is the orchestrator and operator.
 It is where the human interacts, where approvals happen, and where cross-source reasoning happens.
 OpenClaw's job is to:
 - retrieve
 - compare
 - summarize
 - ask for approval when mutation is requested
 - call the shared operator client for approved writes
 - fail open when AtoCore is unavailable
 OpenClaw is not the canonical place where project facts live long-term.
 ### PKM
 PKM is a canonical human-authored prose source.
 It is where notes, thinking, and ongoing project writing live.
 PKM is the canonical home for:
 - project prose notes
 - working notes
 - long-form summaries
 - journal-style project history
 PKM is not the place where OpenClaw should be taught how to operate AtoCore. Operator instructions belong in repo docs and OpenClaw instructions and skills.
 ### Repos and KB tools
 Repos and KB tools are canonical human and tool truth for code and structured engineering artifacts.
 They are the canonical home for:
 - source code
 - repo design docs
 - structured tool outputs
 - KB-CAD and KB-FEM facts where those systems are the tool of origin
 ### AtoCore memories
 AtoCore memories are for reviewed, durable machine-usable signal that is still loose enough to belong in memory rather than in a stricter structured layer.
 Examples:
 - episodic facts
 - preferences
 - identity facts
 - reviewed loose project facts
 AtoCore memories are not a place to dump raw Discord capture.
 ### AtoCore project_state
 AtoCore project_state is the trusted current answer layer.
 It is the place for questions like:
 - what is the current selected architecture?
 - what is the current next focus?
 - what is the trusted status answer right now?
 Because this layer answers current-truth questions, it must remain manually curated or tightly gated.
 ### Future AtoCore entities
 Future entities are the canonical home for structured engineering facts that deserve stronger representation than freeform memory.
 Examples:
 - decisions
 - requirements
 - constraints
 - validation claims
 - structured relationships later
 These should be promoted from evidence or candidates only after review.
 ## Logical flow
 ```text
 Discord live chat --.
 Discrawl archive ----+--> evidence bundle / interactions / screener input
 OpenClaw evidence ---'
                           |
                           v
                    nightly screener
                           |
                  .--------+--------.
                  v                 v
           memory candidates   entity candidates (later)
                  |                 |
                  '--------+--------'
                           v
                   human review in OpenClaw
                           |
         .-----------------+-----------------.
         v                 v                 v
    active memory     active entity    explicit curation
                                                 |
                                                 v
                                            project_state
 ```
 The load-bearing rule is that review happens before trust.
 ## Canonical-home table
 Every named fact type below has exactly one canonical home.
 | Fact type | Canonical home | Why |
 |---|---|---|
 | Raw Discord message | Discord / Discrawl archive | It is conversational evidence, not normalized truth |
 | Archived Discord thread history | Discrawl archive | It is the retrieval form of Discord evidence |
 | OpenClaw operator instructions | OpenClaw repo docs / skills / instructions | Operating behavior should live in code-adjacent instructions, not PKM |
 | Project prose notes | PKM | Human-authored project prose belongs in PKM |
 | Source code | Repo | Code truth lives in version control |
 | Repo design or architecture doc | Repo | The documentation belongs with the code or system it describes |
 | Structured KB-CAD / KB-FEM fact | KB tool of origin | Tool-managed structured engineering facts belong in their tool of origin |
 | Personal identity fact | AtoCore memory (`identity`) | AtoCore memory is the durable machine-usable home |
 | Preference fact | AtoCore memory (`preference`) | Same reason |
 | Episodic fact | AtoCore memory (`episodic`) | It is durable recall, not project_state |
 | Loose reviewed project signal | AtoCore memory (`project`) | Good fit for reviewed but not fully structured project signal |
 | Engineering decision | Future AtoCore entity (`Decision`) | Decisions need structured lifecycle and supersession |
 | Requirement | Future AtoCore entity (`Requirement`) | Requirements need structured management |
 | Constraint | Future AtoCore entity (`Constraint`) | Constraints need structured management |
 | Current trusted project answer | AtoCore `project_state` | This layer is explicitly for current trusted truth |
 | Project registration metadata | AtoCore project registry | Registry state is its own canonical operator layer |
 | Review action (promote / reject / invalidate) | AtoCore audit trail / operator action log | Review decisions are operator events, not source facts |
 ## What this means for Discord-originated facts
 A Discord-originated signal can end in more than one place, but not directly.
 ### If the signal is conversational, ambiguous, or historical
 It stays in the evidence lane:
 - Discord
 - Discrawl archive
 - optional screener artifact
 - optional candidate queue
 It does not become trusted project_state.
 ### If the signal is a stable personal or episodic fact
 It may be promoted to AtoCore memory after review.
 Examples:
 - "Antoine prefers concise operator summaries."
 - "We decided in discussion to keep AtoCore additive."
 These belong in reviewed memory, not in project_state.
 ### If the signal expresses a structured engineering fact
 It may become an entity candidate and later an active entity.
 Examples:
 - a requirement
 - a decision
 - a constraint
 Again, not directly from raw chat. The chat is evidence for the candidate.
 ### If the signal is the current trusted answer
 It still should not jump directly from Discord into project_state.
 Instead, a human should explicitly curate it into project_state after checking it against the right canonical home.
 That canonical home may be:
 - PKM for prose and project notes
 - repo for code and design docs
 - KB tools for structured engineering facts
 - active entity if the engineering layer is the canonical home
 ## Approval boundaries
 ### Reads
 The following may be invoked automatically when useful:
 - `health`
 - `projects`
 - `detect-project`
 - `auto-context`
 - `query`
 - `project-state` read
 - Discrawl retrieval
 These are additive and fail-open.
 ### Mutations requiring explicit human approval
 The following are operator actions, not conversational automation:
 - `register-project`
 - `update-project`
 - `refresh-project`
 - `ingest-sources`
 - `project-state-set`
 - `project-state-invalidate`
 - `capture` when used as a durable write outside conservative logging policy
 - `extract` with persistence
 - `promote`
 - `reject`
 - future entity promotion or rejection
 For Discord-originated paths, approval must satisfy the explicit approval rule above.
 ## Shared operator client rule
 The preferred V1 architecture is:
 - AtoCore HTTP API as system interface
 - shared operator client as reusable mutating surface
 - OpenClaw as a thin frontend and operator around that client
 That avoids duplicating:
 - project detection logic
 - request logic
 - failure handling
 - mutation surface behavior
 - approval wrappers
 OpenClaw should keep its own high-level operating instructions, but it should not keep growing a parallel AtoCore mutation implementation.
 ## V1 boundary summary
 ### Allowed automatic behavior
 - read-only retrieval
 - context build
 - Discrawl recall
 - evidence collection
 - nightly screening into reviewable output
 - fail-open fallback when AtoCore is unavailable
 ### Allowed only after explicit human review or approval
 - candidate persistence from evidence
 - candidate promotion or rejection
 - project refresh or ingestion
 - registry mutation
 - trusted project_state writes
 ### Not allowed as automatic behavior
 - direct Discord -> project_state writes
 - direct Discord -> register / update / refresh / ingest / promote / reject
 - hidden mutation inside the screener
 - treating PKM as the main operator-instruction layer for AtoCore behavior
 ## Deferred from V1
 Screenpipe is deferred.
 It is not an active input lane in V1 and it must not become a runtime, skill, or policy dependency in V1.
 If it is revisited later, it must be treated as a separate future design decision, not as an implicit V1 extension.
 ## Bottom line
 The safe V1 architecture is not "everything can write into AtoCore."
 It is a layered system where:
 - evidence comes in broadly
 - trust rises slowly
 - canonical homes stay singular
 - OpenClaw remains the operator
 - AtoCore remains the additive machine-memory and trusted-state layer
 - the shared operator client becomes the one reusable write-capable surface
--- a/docs/openclaw-atocore-v1-proof-runbook.md
+++ b/docs/openclaw-atocore-v1-proof-runbook.md
@@ -0,0 +1,207 @@
 # OpenClaw x AtoCore V1 Proof Runbook
 ## Purpose
 This is the concise proof and operator runbook for the final V1 policy.
 It shows, in concrete paths, that:
 - a Discord-originated signal cannot reach `project_state` without candidate or review gating
 - Discord cannot directly execute `register-project`, `update-project`, `refresh-project`, `ingest-sources`, `promote`, or `reject` without explicit approval
 ## Explicit approval definition
 For V1, explicit approval means:
 - the human directly instructs the specific mutating action
 - the instruction is in the current thread or current session
 - the approval is for that exact action
 - the approval is not inferred from evidence, archives, or screener output
 Examples:
 - "refresh p05 now"
 - "register this project"
 - "promote that candidate"
 - "write this to project_state"
 Non-examples:
 - "this looks like the current answer"
 - "we should probably refresh this"
 - an old Discord thread saying a refresh might help
 - a screener report recommending a mutation
 ## Proof 1 - Discord cannot directly reach project_state
 Blocked path:
 ```text
 Discord message
  -> evidence
  -> optional candidate
  -> review
  -> optional explicit curation
  -> project_state
 ```
 What is blocked:
 - Discord -> project_state directly
 - Discrawl archive -> project_state directly
 - screener output -> project_state directly
 What is allowed:
 1. Discord message enters the evidence lane.
 2. It may become a memory or entity candidate after screening.
 3. A human reviews the candidate.
 4. If the fact is truly the current trusted answer, the human may explicitly curate it into `project_state`.
 Conclusion:
 `project_state` is reachable only after review and explicit curation. There is no direct Discord-originated write path.
 ## Proof 2 - Discord cannot directly execute mutating operator actions
 Blocked direct actions:
 - `register-project`
 - `update-project`
 - `refresh-project`
 - `ingest-sources`
 - `promote`
 - `reject`
 - `project-state-set`
 - `project-state-invalidate`
 Blocked path:
 ```text
 Discord message
  -> evidence or operator request context
  -X-> direct mutation
 ```
 Allowed path:
 ```text
 Discord message
  -> OpenClaw recognizes requested operator action
  -> explicit approval check
  -> approved operator action
  -> shared operator client or helper call
 ```
 Conclusion:
 Discord can request or justify a mutation, but it cannot perform it on its own.
 ## Proof 3 - Discrawl does not create approval
 Discrawl is evidence retrieval.
 It may surface:
 - prior discussions
 - earlier decisions
 - unresolved questions
 - prior suggestions to mutate state
 It does not create approval for mutation.
 Blocked path:
 ```text
 Discrawl recall
  -X-> refresh-project
  -X-> promote
  -X-> project_state write
 ```
 Allowed path:
 ```text
 Discrawl recall
  -> evidence for human review
  -> explicit approval in current thread/session if mutation is desired
  -> approved operator action
 ```
 Conclusion:
 Archive recall informs review. It does not authorize writes.
 ## Proof 4 - Screener has no hidden mutation lane
 The screener may:
 - gather evidence
 - classify evidence
 - prepare candidates
 - prepare operator queues
 - report contradictions or missing context
 The screener may not:
 - write `project_state`
 - mutate registry state
 - refresh or ingest directly
 - promote or reject directly
 Blocked path:
 ```text
 screener output
  -X-> hidden mutation
 ```
 Allowed path:
 ```text
 screener output
  -> review queue or operator queue
  -> explicit approval if mutation is wanted
  -> approved operator action
 ```
 Conclusion:
 The screener is a filter, not a hidden writer.
 ## Minimal operator decision table
 | Situation | Allowed next step | Blocked next step |
 |---|---|---|
 | Discord says "this is the current answer" | evidence, then review, then possible explicit curation | direct `project_state` write |
 | Discord says "refresh p05" without direct instruction | ask for explicit approval | direct `refresh-project` |
 | Discord says "refresh p05 now" | approved operator action may run | none, if approval is explicit |
 | Discrawl finds an old thread asking for registration | use as review context only | direct `register-project` |
 | Screener recommends promotion | ask for explicit review decision | direct `promote` |
 ## Practical runbook
 ### Case A - current-truth claim from Discord
 1. Treat the message as evidence.
 2. Check the canonical home.
 3. If needed, prepare a candidate or review note.
 4. Do not write `project_state` unless the human explicitly approves that curation step.
 ### Case B - requested refresh from Discord
 1. Determine whether the message is a direct instruction or only discussion.
 2. If not explicit, ask for approval.
 3. Only perform `refresh-project` after explicit approval in the current thread or session.
 ### Case C - candidate promotion request
 1. Candidate exists or is proposed.
 2. Review the evidence and the candidate text.
 3. Only perform `promote` or `reject` after explicit review decision.
 ## Bottom line
 The V1 rule is easy to test:
 If the path starts from Discord or Discrawl and ends in trusted or operator state, there must be a visible approval or review step in the middle.
 If that visible step is missing, the action is not allowed.
--- a/docs/openclaw-atocore-write-policy-matrix.md
+++ b/docs/openclaw-atocore-write-policy-matrix.md
@@ -0,0 +1,184 @@
 # OpenClaw x AtoCore V1 Write-Policy Matrix
 ## Purpose
 This matrix defines what each source is allowed to write to each target in V1.
 Policy meanings:
 - `auto-write` = allowed automatically without a human approval gate
 - `candidate-only` = may create reviewable candidate material, but not active truth
 - `human-review` = allowed only after explicit human review or explicit human approval
 - `never-auto-write` = never allowed as an automatic write path
 ## Explicit approval rule
 In this matrix, `human-review` is concrete, not vague.
 For Discord-originated or Discrawl-originated paths it means:
 - the human directly instructs the specific mutating action
 - the instruction is in the current thread or current session
 - the approval is for that specific action
 - the approval is not inferred from evidence, archives, screener output, or general discussion
 Examples of explicit approval:
 - "refresh p05 now"
 - "register this project"
 - "promote this candidate"
 - "write this to project_state"
 Non-examples:
 - "this looks important"
 - "we should probably refresh this"
 - archived discussion that once mentioned a similar mutation
 - a screener note recommending promotion
 ## V1 scope note
 V1 active inputs are:
 - Discord and Discrawl
 - OpenClaw interaction evidence
 - PKM, repos, and KB sources
 - read-only AtoCore context for comparison and deduplication
 ## Targets
 The targets below are the only ones that matter for this policy.
 - Evidence artifacts
 - Memory candidates
 - Active memories
 - Entity candidates
 - Active entities
 - Trusted project_state
 - Registry / refresh / ingest mutations
 - Review actions
 ## Matrix
 | Source | Target | Policy | Notes / gate |
 |---|---|---|---|
 | Discord live message | Evidence artifacts | auto-write | Safe evidence capture or archive only |
 | Discord live message | Memory candidates | candidate-only | Only after screening or extraction; never direct active write |
 | Discord live message | Active memories | human-review | Promote only after review of the candidate and evidence |
 | Discord live message | Entity candidates | candidate-only | Only when structured signal is extracted from evidence |
 | Discord live message | Active entities | human-review | Review required before promotion |
 | Discord live message | Trusted project_state | human-review | Only via explicit curation; never directly from raw chat |
 | Discord live message | Registry / refresh / ingest mutations | human-review | Requires explicit approval in the current thread or session |
 | Discord live message | Review actions | human-review | Discord cannot silently promote or reject on its own |
 | Discrawl archive result | Evidence artifacts | auto-write | Archive or search result is evidence by design |
 | Discrawl archive result | Memory candidates | candidate-only | Extract reviewed signal from archived conversation |
 | Discrawl archive result | Active memories | human-review | Promotion required |
 | Discrawl archive result | Entity candidates | candidate-only | Archived discussion may justify candidate creation |
 | Discrawl archive result | Active entities | human-review | Promotion required |
 | Discrawl archive result | Trusted project_state | human-review | Must be explicitly curated; never inferred directly from archive |
 | Discrawl archive result | Registry / refresh / ingest mutations | human-review | Archive recall cannot directly mutate operator state |
 | Discrawl archive result | Review actions | human-review | Archive evidence informs review; it does not perform review |
 | OpenClaw read/query flow | Evidence artifacts | auto-write | Conservative interaction or evidence logging is acceptable |
 | OpenClaw read/query flow | Memory candidates | candidate-only | Only through explicit extraction path |
 | OpenClaw read/query flow | Active memories | human-review | Requires operator review |
 | OpenClaw read/query flow | Entity candidates | candidate-only | Future extraction path |
 | OpenClaw read/query flow | Active entities | human-review | Requires operator review |
 | OpenClaw read/query flow | Trusted project_state | never-auto-write | Read/query flow must stay additive |
 | OpenClaw read/query flow | Registry / refresh / ingest mutations | never-auto-write | Read/query automation must not mutate operator state |
 | OpenClaw read/query flow | Review actions | never-auto-write | Read automation cannot silently promote or reject |
 | OpenClaw approved operator action | Evidence artifacts | auto-write | May create operator or audit artifacts |
 | OpenClaw approved operator action | Memory candidates | human-review | Candidate persistence is itself an approved operator action |
 | OpenClaw approved operator action | Active memories | human-review | Promotion allowed only through reviewed operator action |
 | OpenClaw approved operator action | Entity candidates | human-review | Same rule for future entities |
 | OpenClaw approved operator action | Active entities | human-review | Promotion allowed only through reviewed operator action |
 | OpenClaw approved operator action | Trusted project_state | human-review | Allowed only as explicit curation |
 | OpenClaw approved operator action | Registry / refresh / ingest mutations | human-review | Explicit approval required |
 | OpenClaw approved operator action | Review actions | human-review | Explicit review required |
 | PKM note | Evidence artifacts | human-review | Snapshotting into evidence is optional, not the primary path |
 | PKM note | Memory candidates | candidate-only | Extraction from PKM is allowed into the candidate lane |
 | PKM note | Active memories | human-review | Promotion required |
 | PKM note | Entity candidates | candidate-only | Extract structured signal into the candidate lane |
 | PKM note | Active entities | human-review | Promotion required |
 | PKM note | Trusted project_state | human-review | Only via explicit curation of current truth |
 | PKM note | Registry / refresh / ingest mutations | human-review | A human may choose to refresh based on PKM changes |
 | PKM note | Review actions | human-review | PKM may support the decision, but not execute it automatically |
 | Repo / KB source | Evidence artifacts | human-review | Optional audit or screener snapshot only |
 | Repo / KB source | Memory candidates | candidate-only | Extract loose durable signal if useful |
 | Repo / KB source | Active memories | human-review | Promotion required |
 | Repo / KB source | Entity candidates | candidate-only | Strong future path for structured facts |
 | Repo / KB source | Active entities | human-review | Promotion required |
 | Repo / KB source | Trusted project_state | human-review | Explicit curation only |
 | Repo / KB source | Registry / refresh / ingest mutations | human-review | A human may refresh or ingest based on source changes |
 | Repo / KB source | Review actions | human-review | Source can justify review; it does not perform review |
 | AtoCore active memory | Evidence artifacts | never-auto-write | Active memory is already above the evidence layer |
 | AtoCore active memory | Memory candidates | never-auto-write | Do not recursively re-candidate active memory |
 | AtoCore active memory | Active memories | never-auto-write | Already active |
 | AtoCore active memory | Entity candidates | human-review | Graduation proposal only with review |
 | AtoCore active memory | Active entities | human-review | Requires graduation plus promotion |
 | AtoCore active memory | Trusted project_state | human-review | A human may explicitly curate current truth from memory |
 | AtoCore active memory | Registry / refresh / ingest mutations | never-auto-write | Memory must not mutate registry or ingestion state |
 | AtoCore active memory | Review actions | human-review | Human reviewer decides |
 | AtoCore active entity | Evidence artifacts | never-auto-write | Already above the evidence layer |
 | AtoCore active entity | Memory candidates | never-auto-write | Do not backflow structured truth into memory candidates automatically |
 | AtoCore active entity | Active memories | never-auto-write | Canonical home is the entity, not a new memory |
 | AtoCore active entity | Entity candidates | never-auto-write | Already active |
 | AtoCore active entity | Active entities | never-auto-write | Already active |
 | AtoCore active entity | Trusted project_state | human-review | Explicit curation may publish the current trusted answer |
 | AtoCore active entity | Registry / refresh / ingest mutations | never-auto-write | Entities do not operate the registry |
 | AtoCore active entity | Review actions | human-review | Human reviewer decides |
 ## Discord-originated trace examples
 ### Example 1 - conversational decision in Discord
 Allowed path:
 1. Discord live message -> Evidence artifacts (`auto-write`)
 2. Evidence artifacts -> Memory candidates or Entity candidates (`candidate-only`)
 3. Candidate -> Active memory or Active entity (`human-review`)
 4. If it becomes the current trusted answer, a human may explicitly curate it into Trusted project_state (`human-review`)
 There is no direct Discord -> project_state automatic path.
 ### Example 2 - archived Discord thread via Discrawl
 Allowed path:
 1. Discrawl result -> Evidence artifacts (`auto-write`)
 2. Discrawl result -> Memory candidates or Entity candidates (`candidate-only`)
 3. Human review decides promotion
 4. Optional explicit curation into project_state later
 Again, there is no direct archive -> trusted truth path.
 ### Example 3 - Discord request to refresh a project
 Allowed path:
 1. Discord message is evidence of requested operator intent
 2. No mutation happens automatically
 3. OpenClaw requires explicit approval in the current thread or session for `refresh-project`
 4. Only then may OpenClaw perform the approved operator action
 There is no direct Discord -> refresh path without explicit approval.
 ## V1 interpretation rules
 1. Evidence can flow in broadly.
 2. Truth can only rise through review.
 3. project_state is the narrowest lane.
 4. Registry and ingestion operations are operator actions, not evidence effects.
 5. Discord-originated paths can inform operator actions, but they cannot silently execute them.
 6. Deferred sources that are out of V1 scope have no automatic or manual role in this V1 matrix.
 ## Deferred from V1
 Screenpipe is deferred and intentionally omitted from this V1 matrix.
 ## Bottom line
 If a source is noisy, conversational, or archived, its maximum automatic privilege in V1 is:
 - evidence capture, or
 - candidate creation
 Everything above that requires explicit human review or explicit human approval.
--- a/scripts/atocore_client.py
+++ b/scripts/atocore_client.py
@@ -340,6 +340,22 @@ def build_parser() -> argparse.ArgumentParser:
    p = sub.add_parser("reject")
    p.add_argument("memory_id")
    # batch-extract: fan out /interactions/{id}/extract?persist=true across
    #   recent interactions. Idempotent — the extractor create_memory path
    #   silently skips duplicates, so re-running is safe.
    p = sub.add_parser("batch-extract")
    p.add_argument("since", nargs="?", default="")
    p.add_argument("project", nargs="?", default="")
    p.add_argument("limit", nargs="?", type=int, default=100)
    p.add_argument("persist", nargs="?", default="true")
    # triage: interactive candidate review loop. Fetches the queue, shows
    #   each candidate, accepts p/r/s (promote / reject / skip) / q (quit).
    p = sub.add_parser("triage")
    p.add_argument("memory_type", nargs="?", default="")
    p.add_argument("project", nargs="?", default="")
    p.add_argument("limit", nargs="?", type=int, default=50)
    return parser
@@ -474,10 +490,141 @@ def main() -> int:
                {},
            )
        )
    elif cmd == "batch-extract":
        print_json(run_batch_extract(args.since, args.project, args.limit, args.persist))
    elif cmd == "triage":
        return run_triage(args.memory_type, args.project, args.limit)
    else:
        return 1
    return 0
 def run_batch_extract(since: str, project: str, limit: int, persist_flag: str) -> dict:
    """Fetch recent interactions and run the extractor against each one.
    Returns an aggregated summary. Safe to re-run: the server-side
    persist path catches ValueError on duplicates and the endpoint
    reports per-interaction candidate counts either way.
    """
    persist = persist_flag.lower() in {"1", "true", "yes", "y"}
    query_parts: list[str] = []
    if project:
        query_parts.append(f"project={urllib.parse.quote(project)}")
    if since:
        query_parts.append(f"since={urllib.parse.quote(since)}")
    query_parts.append(f"limit={int(limit)}")
    query = "?" + "&".join(query_parts)
    listing = request("GET", f"/interactions{query}")
    interactions = listing.get("interactions", []) if isinstance(listing, dict) else []
    processed = 0
    total_candidates = 0
    total_persisted = 0
    errors: list[dict] = []
    per_interaction: list[dict] = []
    for item in interactions:
        iid = item.get("id") or ""
        if not iid:
            continue
        try:
            result = request(
                "POST",
                f"/interactions/{urllib.parse.quote(iid, safe='')}/extract",
                {"persist": persist},
            )
        except Exception as exc:  # pragma: no cover - network errors land here
            errors.append({"interaction_id": iid, "error": str(exc)})
            continue
        processed += 1
        count = int(result.get("candidate_count", 0) or 0)
        persisted_ids = result.get("persisted_ids") or []
        total_candidates += count
        total_persisted += len(persisted_ids)
        if count:
            per_interaction.append(
                {
                    "interaction_id": iid,
                    "candidate_count": count,
                    "persisted_count": len(persisted_ids),
                    "project": item.get("project") or "",
                }
            )
    return {
        "processed": processed,
        "total_candidates": total_candidates,
        "total_persisted": total_persisted,
        "persist": persist,
        "errors": errors,
        "interactions_with_candidates": per_interaction,
    }
 def run_triage(memory_type: str, project: str, limit: int) -> int:
    """Interactive review of candidate memories.
    Loads the queue once, walks through entries, prompts for
    (p)romote / (r)eject / (s)kip / (q)uit. Stateless between runs —
    re-running picks up whatever is still status=candidate.
    """
    query_parts = ["status=candidate"]
    if memory_type:
        query_parts.append(f"memory_type={urllib.parse.quote(memory_type)}")
    if project:
        query_parts.append(f"project={urllib.parse.quote(project)}")
    query_parts.append(f"limit={int(limit)}")
    listing = request("GET", "/memory?" + "&".join(query_parts))
    memories = listing.get("memories", []) if isinstance(listing, dict) else []
    if not memories:
        print_json({"status": "empty_queue", "count": 0})
        return 0
    promoted = 0
    rejected = 0
    skipped = 0
    stopped_early = False
    print(f"Triage queue: {len(memories)} candidate(s)\n", file=sys.stderr)
    for idx, mem in enumerate(memories, 1):
        mid = mem.get("id", "")
        print(f"[{idx}/{len(memories)}] {mem.get('memory_type','?')}  project={mem.get('project','')}  conf={mem.get('confidence','?')}", file=sys.stderr)
        print(f"  id: {mid}", file=sys.stderr)
        print(f"  {mem.get('content','')}", file=sys.stderr)
        try:
            choice = input("  (p)romote / (r)eject / (s)kip / (q)uit > ").strip().lower()
        except EOFError:
            stopped_early = True
            break
        if choice in {"q", "quit"}:
            stopped_early = True
            break
        if choice in {"p", "promote"}:
            request("POST", f"/memory/{urllib.parse.quote(mid, safe='')}/promote", {})
            promoted += 1
            print("  -> promoted", file=sys.stderr)
        elif choice in {"r", "reject"}:
            request("POST", f"/memory/{urllib.parse.quote(mid, safe='')}/reject", {})
            rejected += 1
            print("  -> rejected", file=sys.stderr)
        else:
            skipped += 1
            print("  -> skipped", file=sys.stderr)
    print_json(
        {
            "reviewed": promoted + rejected + skipped,
            "promoted": promoted,
            "rejected": rejected,
            "skipped": skipped,
            "stopped_early": stopped_early,
            "remaining_in_queue": len(memories) - (promoted + rejected + skipped) - (1 if stopped_early else 0),
        }
    )
    return 0
 if __name__ == "__main__":
    raise SystemExit(main())
--- a/scripts/eval_data/candidate_queue_snapshot.jsonl
+++ b/scripts/eval_data/candidate_queue_snapshot.jsonl
@@ -0,0 +1,51 @@
 {"id": "0dd85386-cace-4f9a-9098-c6732f3c64fa", "type": "project", "project": "atocore", "confidence": 0.5, "content": "AtoCore roadmap: (1) extractor improvement, (2) harness expansion, (3) Wave 2 ingestion, (4) OpenClaw finish; steps 1+2 are current mini-phase"}
 {"id": "8939b875-152c-4c90-8614-3cfdc64cd1d6", "type": "knowledge", "project": "atocore", "confidence": 0.5, "content": "AtoCore is FastAPI (Python 3.12, SQLite + ChromaDB) on Dalidou home server (dalidou:8100), repo C:\\Users\\antoi\\ATOCore, data /srv/storage/atocore/, ingests Obsidian vault + Google Drive into vector memory system."}
 {"id": "93e37d2a-b512-4a97-b230-e64ac913d087", "type": "knowledge", "project": "atocore", "confidence": 0.5, "content": "Deploy AtoCore: git push origin main, then ssh papa@dalidou and run /srv/storage/atocore/app/deploy/dalidou/deploy.sh"}
 {"id": "4b82fe01-4393-464a-b935-9ad5d112d3d8", "type": "adaptation", "project": "atocore", "confidence": 0.5, "content": "Do not add memory extraction to interaction capture hot path; keep extraction as separate batch/manual step. Reason: latency and queue noise before review rhythm is comfortable."}
 {"id": "c873ec00-063e-488c-ad32-1233290a3feb", "type": "project", "project": "atocore", "confidence": 0.5, "content": "As of 2026-04-11, approved roadmap in order: observe reinforcement, batch extraction, candidate triage, off-Dalidou backup, retrieval quality review."}
 {"id": "665cdd27-0057-4e73-82f5-5d4f47189b5d", "type": "project", "project": "atocore", "confidence": 0.5, "content": "AtoCore adopts DEV-LEDGER.md as shared operating memory with stable headers; updated at session boundaries"}
 {"id": "5f89c51d-7e8b-4fb9-830d-a35bb649f9f7", "type": "adaptation", "project": "atocore", "confidence": 0.5, "content": "Codex branches for AtoCore fork from main (never orphan); use naming pattern codex/<topic>"}
 {"id": "25ac367c-8bbe-4ba4-8d8e-d533db33f2d9", "type": "adaptation", "project": "atocore", "confidence": 0.5, "content": "In AtoCore, Claude builds and Codex audits; never work in parallel on same files"}
 {"id": "89446ebe-fd42-4177-80db-3657bc41d048", "type": "adaptation", "project": "atocore", "confidence": 0.5, "content": "In AtoCore, P1-severity findings in DEV-LEDGER.md block further main commits until acknowledged"}
 {"id": "1f077e98-f945-4480-96ab-110b0671ebc6", "type": "adaptation", "project": "atocore", "confidence": 0.5, "content": "Every AtoCore session appends to DEV-LEDGER.md Session Log and updates Orientation before ending"}
 {"id": "89f60018-c23b-4b2f-80ca-e6f7d02c5cd3", "type": "preference", "project": "atocore", "confidence": 0.5, "content": "User prefers receiving standalone testing prompts they can paste into Claude Code on target deployments rather than having the assistant run tests directly."}
 {"id": "2f69a6ed-6de2-4565-87df-1ea3e8c42963", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "USB SSD on RPi is mandatory for polishing telemetry storage; must be independent of network for data integrity during runs."}
 {"id": "6bcaebde-9e45-4de5-a220-65d9c4cd451e", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Use Tailscale mesh for RPi remote access to provide SSH, file transfer, and NAT traversal without port forwarding."}
 {"id": "82f17880-92da-485e-a24a-0599ab1836e7", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Auto-sync telemetry data via rsync over Tailscale after runs complete; fire-and-forget pattern with automatic retry on network interruption."}
 {"id": "2dd36f74-db47-4c72-a185-fec025d07d4f", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Real-time telemetry monitoring should target 10 Hz downsampling; full 100 Hz streaming over network is not necessary."}
 {"id": "7519d82b-8065-41f0-812e-9c1a3573d7b9", "type": "knowledge", "project": "p06-polisher", "confidence": 0.5, "content": "Polishing telemetry data rate is approximately 29 MB per hour (100 Hz × 20 channels × 4 bytes = 8 KB/s)."}
 {"id": "78678162-5754-478b-b1fc-e25f22e0ee03", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Machine spec (shareable) + Atomaste spec (internal) separate concerns. Machine spec hides program generation as 'separate scope' to protect IP/business strategy."}
 {"id": "6657b4ae-d4ec-4fec-a66f-2975cdb10d13", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Firmware interface contract is invariant: controller-job.v1 input, run-log.v1 + telemetry output. No firmware changes needed regardless of program generation implementation."}
 {"id": "6d6f4fe9-73e5-449f-a802-6dc0a974f87b", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Atomaste sim spec documents forward/return paths, calibration model (Preston k), translation loss, and service/IP strategy—details hidden from shareable machine spec."}
 {"id": "932f38df-58f3-49c2-9968-8d422dc54b42", "type": "project", "project": "", "confidence": 0.5, "content": "USB SSD mandatory for storage (not SD card); directory structure /data/runs/{id}/, /data/manual/{id}/; status.json for machine state"}
 {"id": "2b3178e8-fe38-4338-b2b0-75a01da18cea", "type": "project", "project": "", "confidence": 0.5, "content": "RPi joins Tailscale mesh for remote access over SSH VPN; no public IP or port forwarding; fully offline operation"}
 {"id": "254c394d-3f80-4b34-a891-9f1cbfec74d7", "type": "project", "project": "", "confidence": 0.5, "content": "Data synchronization via rsync over Tailscale, failure-tolerant and non-blocking; USB stick as manual fallback"}
 {"id": "ee626650-1ee0-439c-85c9-6d32a876f239", "type": "project", "project": "", "confidence": 0.5, "content": "Machine design principle: works fully offline and independently; network connection is for remote access only"}
 {"id": "34add99d-8d2e-4586-b002-fc7b7d22bcb3", "type": "project", "project": "", "confidence": 0.5, "content": "No cloud, no real-time streaming, no remote control features in design scope"}
 {"id": "993e0afe-9910-4984-b608-f5e9de7c0453", "type": "project", "project": "atocore", "confidence": 0.5, "content": "P1: Reflection loop integration incomplete—extraction remains manual (POST /interactions/{id}/extract), not auto-triggered with reinforcement. Live capture won't auto-populate candidate review queue."}
 {"id": "bdf488d7-9200-441e-afbf-5335020ea78b", "type": "project", "project": "atocore", "confidence": 0.5, "content": "P1: Project memories excluded from context injection; build_context() requests [\"identity\", \"preference\"] only. Reinforcement signal doesn't reach assembled context packs."}
 {"id": "188197af-a61d-4616-9e39-712aeaaadf61", "type": "project", "project": "atocore", "confidence": 0.5, "content": "Current batch-extract rules produce only 1 candidate from 42 real captures. Extractor needs conversational-cue detection or LLM-assisted path to improve yield."}
 {"id": "acffcaa4-5966-4ec1-a0b2-3b8dcebe75bd", "type": "project", "project": "atocore", "confidence": 0.5, "content": "Next priority: extractor rule expansion (cheapest validation of reflection loop), then Wave 2 trusted operational ingestion (master-plan priority). Defer retrieval eval harness focus."}
 {"id": "1b44a886-a5af-4426-bf10-a92baf3a6502", "type": "knowledge", "project": "atocore", "confidence": 0.5, "content": "Alias canonicalization fix (resolve_project_name() boundary) is consistently applied across project state, memories, interactions, and context lookup. Code review approved directionally."}
 {"id": "e8f4e704-367b-4759-b20c-da0ccf06cf7d", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Machine capabilities now define z_type: engage_retract and cam_type: mechanical_with_encoder instead of actuator-driven setpoints."}
 {"id": "ab2b607c-52b1-405f-a874-c6078393c21c", "type": "knowledge", "project": "", "confidence": 0.5, "content": "Codex is an audit agent; communicate with it via markdown prompts with numbered steps; it updates findings via commits to codex/* branches or direct messages."}
 {"id": "5a5fd29d-291f-4e22-88fe-825cf55f745a", "type": "preference", "project": "", "confidence": 0.5, "content": "Audit-first workflow recommended: have codex audit DEV-LEDGER.md and recent commits before execution; validates round-trip, catches errors early."}
 {"id": "4c238106-017e-4283-99a1-639497b6ddde", "type": "knowledge", "project": "", "confidence": 0.5, "content": "DEV-LEDGER.md at repo root is the shared coordination document with Orientation, Active Plan, and Open Review Findings sections."}
 {"id": "83aed988-4257-4220-b612-6c725d6cd95a", "type": "project", "project": "atocore", "confidence": 0.5, "content": "Roadmap: Extractor improvement → Harness expansion → Wave 2 trusted operational ingestion → Finish OpenClaw integration (in that order)"}
 {"id": "95d87d1a-5daa-414d-95ff-a344a62e0b6b", "type": "project", "project": "atocore", "confidence": 0.5, "content": "Phase 1 (Extractor): eval-driven loop—label captures, improve rules/add LLM mode, measure yield & FP, stop when queue reviewable (not coverage metrics)"}
 {"id": "7aafb588-51b0-4536-a414-ebaaea924b98", "type": "project", "project": "atocore", "confidence": 0.5, "content": "Phases 1 & 2 (Extractor + Harness) are a mini-phase; without harness, extractor improvements are blind edits"}
 {"id": "aa50c51a-27d7-4db9-b7a3-7ca75dba2118", "type": "knowledge", "project": "", "confidence": 0.5, "content": "Dalidou stores Claude Code interactions via a Stop hook that fires after each turn and POSTs to http://dalidou:8100/interactions with client=claude-code parameter"}
 {"id": "5951108b-3a5e-49d0-9308-dfab449664d3", "type": "adaptation", "project": "", "confidence": 0.5, "content": "Interaction capture system is passive and automatic; no manual action required, interactions accumulate automatically during normal Claude Code usage"}
 {"id": "9d2cbbe9-cf2e-4aab-9cb8-c4951da70826", "type": "project", "project": "", "confidence": 0.5, "content": "Session Log/Ledger system tracks work state across sessions so future sessions immediately know what is true and what is next; phases marked by git SHAs."}
 {"id": "db88eecf-e31a-4fee-b07d-0b51db7e315e", "type": "project", "project": "atocore", "confidence": 0.5, "content": "atocore uses multi-model coordination: Claude and codex share DEV-LEDGER.md (current state / active plan / P1+P2 findings / recent decisions / commit log) read at session start, appended at session end"}
 {"id": "8748f071-ff28-47a6-8504-65ca30a8336a", "type": "project", "project": "atocore", "confidence": 0.5, "content": "atocore starts with manual-event-loop (/audit or /status prompts) using DEV-LEDGER.md before upgrading to automated git hooks/CI review"}
 {"id": "f9210883-67a8-4dae-9f27-6b5ae7bd8a6b", "type": "project", "project": "atocore", "confidence": 0.5, "content": "atocore development involves coordinating between Claude and codex models with shared plan/review strategy and counter-validation to improve system quality"}
 {"id": "85f008b9-2d6d-49ad-81a1-e254dac2a2ac", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Z-axis is a binary engage/retract mechanism (z_engaged bool), not continuous position control; confirmation timeout z_engage_timeout_s required."}
 {"id": "0cc417ed-ac38-4231-9786-a9582ac6a60f", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Cam amplitude and offset are mechanically set by operator and read via encoders; no actuators control them, controller receives encoder telemetry only."}
 {"id": "2e001aaf-0c5c-4547-9b96-ebc4172b258d", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Cam parameters in controller are expected_cam_amplitude_deg and expected_cam_offset_deg (read-only reference for verification), not command setpoints."}
 {"id": "47778126-b0cf-41d9-9e21-f2418f53e792", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Manual mode UI displays cam encoder readings (cam_amplitude_deg, cam_offset_deg) as read-only for operator verification of mechanical setting."}
 {"id": "410e4a70-ae12-4de2-8f31-071ffee3cad4", "type": "project", "project": "p06-polisher", "confidence": 0.5, "content": "Manual session log records cam_setting measured at session start; run-log segment actual block includes cam_amplitude_deg_mean and cam_offset_deg_mean."}
 {"id": "e94f94f0-3538-40dd-aef2-0189eacc7eb7", "type": "knowledge", "project": "atocore", "confidence": 0.5, "content": "AtoCore deployments to dalidou use the script /srv/storage/atocore/app/deploy/dalidou/deploy.sh instead of manual docker commands"}
 {"id": "23fa6fdf-cfb9-4850-ad04-3ea56551c30a", "type": "project", "project": "", "confidence": 0.5, "content": "Retrieval/extraction evaluation follows 8-day mini-phase plan with hard gates to prevent scope drift. Preflight checks must validate git SHAs, baselines, and fixture stability before coding."}
 {"id": "3e1fad28-031b-4670-a9d0-0af2e8ba1361", "type": "project", "project": "", "confidence": 0.5, "content": "Day 1: Create labeled extractor eval set from 30 captures (10 zero-candidate, 10 single-candidate, 10 ambiguous) with metadata; create scoring tool to measure precision/recall."}
 {"id": "d49378a4-d03c-4730-be87-f0fcb2d199db", "type": "project", "project": "", "confidence": 0.5, "content": "Day 2: Measure current extractor against labeled set, recording yield, true/false positives, and false negatives by pattern."}
--- a/scripts/eval_data/extractor_labels_2026-04-11.json
+++ b/scripts/eval_data/extractor_labels_2026-04-11.json
@@ -0,0 +1,145 @@
 {
  "version": "0.1",
  "frozen_at": "2026-04-11",
  "snapshot_file": "scripts/eval_data/interactions_snapshot_2026-04-11.json",
  "labeled_count": 20,
  "plan_deviation": "Codex's plan called for 30 labeled interactions (10 zero / 10 plausible / 10 ambiguous). Actual corpus is heavily skewed toward instructional/status content; after reading 20 drawn by length-stratified random sample, the honest positive rate is ~25% (5/20). Labeling more would mostly add zeros; the Day 2 measurement is not bottlenecked on sample size.",
  "positive_count": 5,
  "labels": [
    {
      "id": "ab239158-d6ac-4c51-b6e4-dd4ccea384a2",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Instructional deploy guidance. No durable claim."
    },
    {
      "id": "da153f2a-b20a-4dee-8c72-431ebb71f08c",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "'Deploy still in progress.' Pure status."
    },
    {
      "id": "7d8371ee-c6d3-4dfe-a7b0-2d091f075c15",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Git command walkthrough. No durable claim."
    },
    {
      "id": "14bf3f90-e318-466e-81ac-d35522741ba5",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Ledger status update. Transient fact, not a durable memory candidate."
    },
    {
      "id": "8f855235-c38d-4c27-9f2b-8530ebe1a2d8",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Short-term recommendation ('merge to main and deploy'), not a standing decision."
    },
    {
      "id": "04a96eb5-cd00-4e9f-9252-b2cc919000a4",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Dev server config table. Operational detail, not a memory."
    },
    {
      "id": "79d606ed-8981-454a-83af-c25226b1b65c",
      "expected_count": 1,
      "expected_type": "adaptation",
      "expected_project": "",
      "expected_snippet": "shared DEV-LEDGER as operating memory",
      "miss_class": "recommendation_prose",
      "notes": "A recommendation that later became a ratified decision. Rule extractor would need a 'simplest version that could work today' / 'I'd start with' cue class."
    },
    {
      "id": "a6b0d279-c564-4bce-a703-e476f4a148ad",
      "expected_count": 2,
      "expected_type": "project",
      "expected_project": "p06-polisher",
      "expected_snippet": "z_engaged bool; cam amplitude set mechanically and read by encoders",
      "miss_class": "architectural_change_summary",
      "notes": "Two durable architectural facts about the polisher machine (Z-axis is engage/retract, cam is read-only). Extractor would need to recognize 'A is now B' / 'X removed, Y added' patterns."
    },
    {
      "id": "4e00e398-2e89-4653-8ee5-3f65c7f4d2d3",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Clarification question to user."
    },
    {
      "id": "a6a7816a-7590-4616-84f4-49d9054c2a91",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Instructional response offering two next moves."
    },
    {
      "id": "03527502-316a-4a3e-989c-00719392c7d1",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Troubleshooting a paste failure. Ephemeral."
    },
    {
      "id": "1fff59fc-545f-42df-9dd1-a0e6dec1b7ee",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Agreement + follow-up question. No durable claim."
    },
    {
      "id": "eb65dc18-0030-4720-ace7-f55af9df719d",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Explanation of how the capture hook works. Instructional."
    },
    {
      "id": "52c8c0f3-32fb-4b48-9065-73c778a08417",
      "expected_count": 1,
      "expected_type": "project",
      "expected_project": "p06-polisher",
      "expected_snippet": "USB SSD mandatory on RPi; Tailscale for remote access",
      "miss_class": "spec_update_announcement",
      "notes": "Concrete architectural commitments just added to the polisher spec. Phrased as '§17.1 Local Storage - USB SSD mandatory, not SD card.' The '§' section markers could be a new cue."
    },
    {
      "id": "32d40414-15af-47ee-944b-2cceae9574b8",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Session recap. Historical summary, not a durable memory."
    },
    {
      "id": "b6d2cdfc-37fb-459a-96bd-caefb9beaab4",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Deployment prompt for Dalidou. Operational, not a memory."
    },
    {
      "id": "ee03d823-931b-4d4e-9258-88b4ed5eeb07",
      "expected_count": 2,
      "expected_type": "knowledge",
      "expected_project": "p06-polisher",
      "expected_snippet": "USB SSD is non-negotiable for local storage; Tailscale mesh for SSH/file transfer",
      "miss_class": "layered_recommendation",
      "notes": "Layered infra recommendation with 'non-negotiable' / 'strongly recommended' strength markers. The 'non-negotiable' token could be a new cue class."
    },
    {
      "id": "dd234d9f-0d1c-47e8-b01c-eebcb568c7e7",
      "expected_count": 1,
      "expected_type": "project",
      "expected_project": "p06-polisher",
      "expected_snippet": "interface contract is identical regardless of who generates the programs; machine is a standalone box",
      "miss_class": "alignment_assertion",
      "notes": "Architectural invariant assertion. '**Alignment verified**' / 'nothing changes for X' style. Likely too subtle for rule matching without LLM assistance."
    },
    {
      "id": "1f95891a-cf37-400e-9d68-4fad8e04dcbb",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Huge session handoff prompt. Informational only."
    },
    {
      "id": "5580950f-d010-4544-be4b-b3071271a698",
      "expected_count": 0,
      "miss_class": "n/a",
      "notes": "Ledger schema sketch. Structural design proposal, later ratified — but the same idea was already captured as a ratified decision in the recent decisions section, so not worth re-extracting from this conversational form."
    }
  ]
 }
--- a/scripts/eval_data/extractor_llm_baseline_2026-04-11.json
+++ b/scripts/eval_data/extractor_llm_baseline_2026-04-11.json
@@ -0,0 +1,518 @@
 {
  "summary": {
    "total": 20,
    "exact_match": 6,
    "positive_expected": 5,
    "total_expected_candidates": 7,
    "total_actual_candidates": 51,
    "yield_rate": 2.55,
    "recall": 1.0,
    "precision": 0.357,
    "false_positive_interactions": 9,
    "false_negative_interactions": 0,
    "miss_classes": {},
    "mode": "llm"
  },
  "results": [
    {
      "id": "ab239158-d6ac-4c51-b6e4-dd4ccea384a2",
      "expected_count": 0,
      "actual_count": 1,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Instructional deploy guidance. No durable claim.",
      "actual_candidates": [
        {
          "memory_type": "knowledge",
          "content": "AtoCore deployments to dalidou use the script /srv/storage/atocore/app/deploy/dalidou/deploy.sh instead of manual docker commands",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "da153f2a-b20a-4dee-8c72-431ebb71f08c",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "'Deploy still in progress.' Pure status.",
      "actual_candidates": []
    },
    {
      "id": "7d8371ee-c6d3-4dfe-a7b0-2d091f075c15",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "Git command walkthrough. No durable claim.",
      "actual_candidates": []
    },
    {
      "id": "14bf3f90-e318-466e-81ac-d35522741ba5",
      "expected_count": 0,
      "actual_count": 4,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Ledger status update. Transient fact, not a durable memory candidate.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "Retrieval/extraction evaluation follows 8-day mini-phase plan with hard gates to prevent scope drift. Preflight checks must validate git SHAs, baselines, and fixture stability before coding.",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Day 1: Create labeled extractor eval set from 30 captures (10 zero-candidate, 10 single-candidate, 10 ambiguous) with metadata; create scoring tool to measure precision/recall.",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Day 2: Measure current extractor against labeled set, recording yield, true/false positives, and false negatives by pattern.",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Session Log/Ledger system tracks work state across sessions so future sessions immediately know what is true and what is next; phases marked by git SHAs.",
          "project": "",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "8f855235-c38d-4c27-9f2b-8530ebe1a2d8",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "Short-term recommendation ('merge to main and deploy'), not a standing decision.",
      "actual_candidates": []
    },
    {
      "id": "04a96eb5-cd00-4e9f-9252-b2cc919000a4",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "Dev server config table. Operational detail, not a memory.",
      "actual_candidates": []
    },
    {
      "id": "79d606ed-8981-454a-83af-c25226b1b65c",
      "expected_count": 1,
      "actual_count": 3,
      "ok": false,
      "miss_class": "recommendation_prose",
      "notes": "A recommendation that later became a ratified decision. Rule extractor would need a 'simplest version that could work today' / 'I'd start with' cue class.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "atocore uses multi-model coordination: Claude and codex share DEV-LEDGER.md (current state / active plan / P1+P2 findings / recent decisions / commit log) read at session start, appended at session end",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "atocore starts with manual-event-loop (/audit or /status prompts) using DEV-LEDGER.md before upgrading to automated git hooks/CI review",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "atocore development involves coordinating between Claude and codex models with shared plan/review strategy and counter-validation to improve system quality",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "a6b0d279-c564-4bce-a703-e476f4a148ad",
      "expected_count": 2,
      "actual_count": 6,
      "ok": false,
      "miss_class": "architectural_change_summary",
      "notes": "Two durable architectural facts about the polisher machine (Z-axis is engage/retract, cam is read-only). Extractor would need to recognize 'A is now B' / 'X removed, Y added' patterns.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "Z-axis is a binary engage/retract mechanism (z_engaged bool), not continuous position control; confirmation timeout z_engage_timeout_s required.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Cam amplitude and offset are mechanically set by operator and read via encoders; no actuators control them, controller receives encoder telemetry only.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Cam parameters in controller are expected_cam_amplitude_deg and expected_cam_offset_deg (read-only reference for verification), not command setpoints.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Manual mode UI displays cam encoder readings (cam_amplitude_deg, cam_offset_deg) as read-only for operator verification of mechanical setting.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Manual session log records cam_setting measured at session start; run-log segment actual block includes cam_amplitude_deg_mean and cam_offset_deg_mean.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Machine capabilities now define z_type: engage_retract and cam_type: mechanical_with_encoder instead of actuator-driven setpoints.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "4e00e398-2e89-4653-8ee5-3f65c7f4d2d3",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "Clarification question to user.",
      "actual_candidates": []
    },
    {
      "id": "a6a7816a-7590-4616-84f4-49d9054c2a91",
      "expected_count": 0,
      "actual_count": 3,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Instructional response offering two next moves.",
      "actual_candidates": [
        {
          "memory_type": "knowledge",
          "content": "Codex is an audit agent; communicate with it via markdown prompts with numbered steps; it updates findings via commits to codex/* branches or direct messages.",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "preference",
          "content": "Audit-first workflow recommended: have codex audit DEV-LEDGER.md and recent commits before execution; validates round-trip, catches errors early.",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "knowledge",
          "content": "DEV-LEDGER.md at repo root is the shared coordination document with Orientation, Active Plan, and Open Review Findings sections.",
          "project": "",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "03527502-316a-4a3e-989c-00719392c7d1",
      "expected_count": 0,
      "actual_count": 0,
      "ok": true,
      "miss_class": "n/a",
      "notes": "Troubleshooting a paste failure. Ephemeral.",
      "actual_candidates": []
    },
    {
      "id": "1fff59fc-545f-42df-9dd1-a0e6dec1b7ee",
      "expected_count": 0,
      "actual_count": 3,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Agreement + follow-up question. No durable claim.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "Roadmap: Extractor improvement → Harness expansion → Wave 2 trusted operational ingestion → Finish OpenClaw integration (in that order)",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Phase 1 (Extractor): eval-driven loop—label captures, improve rules/add LLM mode, measure yield & FP, stop when queue reviewable (not coverage metrics)",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Phases 1 & 2 (Extractor + Harness) are a mini-phase; without harness, extractor improvements are blind edits",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "eb65dc18-0030-4720-ace7-f55af9df719d",
      "expected_count": 0,
      "actual_count": 2,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Explanation of how the capture hook works. Instructional.",
      "actual_candidates": [
        {
          "memory_type": "knowledge",
          "content": "Dalidou stores Claude Code interactions via a Stop hook that fires after each turn and POSTs to http://dalidou:8100/interactions with client=claude-code parameter",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "Interaction capture system is passive and automatic; no manual action required, interactions accumulate automatically during normal Claude Code usage",
          "project": "",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "52c8c0f3-32fb-4b48-9065-73c778a08417",
      "expected_count": 1,
      "actual_count": 5,
      "ok": false,
      "miss_class": "spec_update_announcement",
      "notes": "Concrete architectural commitments just added to the polisher spec. Phrased as '§17.1 Local Storage - USB SSD mandatory, not SD card.' The '§' section markers could be a new cue.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "USB SSD mandatory for storage (not SD card); directory structure /data/runs/{id}/, /data/manual/{id}/; status.json for machine state",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "RPi joins Tailscale mesh for remote access over SSH VPN; no public IP or port forwarding; fully offline operation",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Data synchronization via rsync over Tailscale, failure-tolerant and non-blocking; USB stick as manual fallback",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Machine design principle: works fully offline and independently; network connection is for remote access only",
          "project": "",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "No cloud, no real-time streaming, no remote control features in design scope",
          "project": "",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "32d40414-15af-47ee-944b-2cceae9574b8",
      "expected_count": 0,
      "actual_count": 5,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Session recap. Historical summary, not a durable memory.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "P1: Reflection loop integration incomplete—extraction remains manual (POST /interactions/{id}/extract), not auto-triggered with reinforcement. Live capture won't auto-populate candidate review queue.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "P1: Project memories excluded from context injection; build_context() requests [\"identity\", \"preference\"] only. Reinforcement signal doesn't reach assembled context packs.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Current batch-extract rules produce only 1 candidate from 42 real captures. Extractor needs conversational-cue detection or LLM-assisted path to improve yield.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Next priority: extractor rule expansion (cheapest validation of reflection loop), then Wave 2 trusted operational ingestion (master-plan priority). Defer retrieval eval harness focus.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "knowledge",
          "content": "Alias canonicalization fix (resolve_project_name() boundary) is consistently applied across project state, memories, interactions, and context lookup. Code review approved directionally.",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "b6d2cdfc-37fb-459a-96bd-caefb9beaab4",
      "expected_count": 0,
      "actual_count": 1,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Deployment prompt for Dalidou. Operational, not a memory.",
      "actual_candidates": [
        {
          "memory_type": "preference",
          "content": "User prefers receiving standalone testing prompts they can paste into Claude Code on target deployments rather than having the assistant run tests directly.",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "ee03d823-931b-4d4e-9258-88b4ed5eeb07",
      "expected_count": 2,
      "actual_count": 5,
      "ok": false,
      "miss_class": "layered_recommendation",
      "notes": "Layered infra recommendation with 'non-negotiable' / 'strongly recommended' strength markers. The 'non-negotiable' token could be a new cue class.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "USB SSD on RPi is mandatory for polishing telemetry storage; must be independent of network for data integrity during runs.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Use Tailscale mesh for RPi remote access to provide SSH, file transfer, and NAT traversal without port forwarding.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Auto-sync telemetry data via rsync over Tailscale after runs complete; fire-and-forget pattern with automatic retry on network interruption.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Real-time telemetry monitoring should target 10 Hz downsampling; full 100 Hz streaming over network is not necessary.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "knowledge",
          "content": "Polishing telemetry data rate is approximately 29 MB per hour (100 Hz × 20 channels × 4 bytes = 8 KB/s).",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "dd234d9f-0d1c-47e8-b01c-eebcb568c7e7",
      "expected_count": 1,
      "actual_count": 3,
      "ok": false,
      "miss_class": "alignment_assertion",
      "notes": "Architectural invariant assertion. '**Alignment verified**' / 'nothing changes for X' style. Likely too subtle for rule matching without LLM assistance.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "Machine spec (shareable) + Atomaste spec (internal) separate concerns. Machine spec hides program generation as 'separate scope' to protect IP/business strategy.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Firmware interface contract is invariant: controller-job.v1 input, run-log.v1 + telemetry output. No firmware changes needed regardless of program generation implementation.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "Atomaste sim spec documents forward/return paths, calibration model (Preston k), translation loss, and service/IP strategy—details hidden from shareable machine spec.",
          "project": "p06-polisher",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "1f95891a-cf37-400e-9d68-4fad8e04dcbb",
      "expected_count": 0,
      "actual_count": 4,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Huge session handoff prompt. Informational only.",
      "actual_candidates": [
        {
          "memory_type": "knowledge",
          "content": "AtoCore is FastAPI (Python 3.12, SQLite + ChromaDB) on Dalidou home server (dalidou:8100), repo C:\\Users\\antoi\\ATOCore, data /srv/storage/atocore/, ingests Obsidian vault + Google Drive into vector memory system.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "knowledge",
          "content": "Deploy AtoCore: git push origin main, then ssh papa@dalidou and run /srv/storage/atocore/app/deploy/dalidou/deploy.sh",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "Do not add memory extraction to interaction capture hot path; keep extraction as separate batch/manual step. Reason: latency and queue noise before review rhythm is comfortable.",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "As of 2026-04-11, approved roadmap in order: observe reinforcement, batch extraction, candidate triage, off-Dalidou backup, retrieval quality review.",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    },
    {
      "id": "5580950f-d010-4544-be4b-b3071271a698",
      "expected_count": 0,
      "actual_count": 6,
      "ok": false,
      "miss_class": "n/a",
      "notes": "Ledger schema sketch. Structural design proposal, later ratified — but the same idea was already captured as a ratified decision in the recent decisions section, so not worth re-extracting from this conversational form.",
      "actual_candidates": [
        {
          "memory_type": "project",
          "content": "AtoCore adopts DEV-LEDGER.md as shared operating memory with stable headers; updated at session boundaries",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "Codex branches for AtoCore fork from main (never orphan); use naming pattern codex/<topic>",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "In AtoCore, Claude builds and Codex audits; never work in parallel on same files",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "In AtoCore, P1-severity findings in DEV-LEDGER.md block further main commits until acknowledged",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "adaptation",
          "content": "Every AtoCore session appends to DEV-LEDGER.md Session Log and updates Orientation before ending",
          "project": "atocore",
          "rule": "llm_extraction"
        },
        {
          "memory_type": "project",
          "content": "AtoCore roadmap: (1) extractor improvement, (2) harness expansion, (3) Wave 2 ingestion, (4) OpenClaw finish; steps 1+2 are current mini-phase",
          "project": "atocore",
          "rule": "llm_extraction"
        }
      ]
    }
  ]
 }
--- a/scripts/eval_data/interactions_snapshot_2026-04-11.json
+++ b/scripts/eval_data/interactions_snapshot_2026-04-11.json
--- a/scripts/eval_data/triage_verdict_2026-04-12.json
+++ b/scripts/eval_data/triage_verdict_2026-04-12.json
@@ -0,0 +1 @@
 {"promote": ["4b82fe01-4393-464a-b935-9ad5d112d3d8", "665cdd27-0057-4e73-82f5-5d4f47189b5d", "5f89c51d-7e8b-4fb9-830d-a35bb649f9f7", "25ac367c-8bbe-4ba4-8d8e-d533db33f2d9", "2f69a6ed-6de2-4565-87df-1ea3e8c42963", "6bcaebde-9e45-4de5-a220-65d9c4cd451e", "2dd36f74-db47-4c72-a185-fec025d07d4f", "7519d82b-8065-41f0-812e-9c1a3573d7b9", "78678162-5754-478b-b1fc-e25f22e0ee03", "6657b4ae-d4ec-4fec-a66f-2975cdb10d13", "ee626650-1ee0-439c-85c9-6d32a876f239", "1b44a886-a5af-4426-bf10-a92baf3a6502", "aa50c51a-27d7-4db9-b7a3-7ca75dba2118", "5951108b-3a5e-49d0-9308-dfab449664d3", "85f008b9-2d6d-49ad-81a1-e254dac2a2ac", "0cc417ed-ac38-4231-9786-a9582ac6a60f"], "reject": ["0dd85386-cace-4f9a-9098-c6732f3c64fa", "8939b875-152c-4c90-8614-3cfdc64cd1d6", "93e37d2a-b512-4a97-b230-e64ac913d087", "c873ec00-063e-488c-ad32-1233290a3feb", "89446ebe-fd42-4177-80db-3657bc41d048", "1f077e98-f945-4480-96ab-110b0671ebc6", "89f60018-c23b-4b2f-80ca-e6f7d02c5cd3", "82f17880-92da-485e-a24a-0599ab1836e7", "6d6f4fe9-73e5-449f-a802-6dc0a974f87b", "932f38df-58f3-49c2-9968-8d422dc54b42", "2b3178e8-fe38-4338-b2b0-75a01da18cea", "254c394d-3f80-4b34-a891-9f1cbfec74d7", "34add99d-8d2e-4586-b002-fc7b7d22bcb3", "993e0afe-9910-4984-b608-f5e9de7c0453", "bdf488d7-9200-441e-afbf-5335020ea78b", "188197af-a61d-4616-9e39-712aeaaadf61", "acffcaa4-5966-4ec1-a0b2-3b8dcebe75bd", "e8f4e704-367b-4759-b20c-da0ccf06cf7d", "ab2b607c-52b1-405f-a874-c6078393c21c", "5a5fd29d-291f-4e22-88fe-825cf55f745a", "4c238106-017e-4283-99a1-639497b6ddde", "83aed988-4257-4220-b612-6c725d6cd95a", "95d87d1a-5daa-414d-95ff-a344a62e0b6b", "7aafb588-51b0-4536-a414-ebaaea924b98", "9d2cbbe9-cf2e-4aab-9cb8-c4951da70826", "db88eecf-e31a-4fee-b07d-0b51db7e315e", "8748f071-ff28-47a6-8504-65ca30a8336a", "f9210883-67a8-4dae-9f27-6b5ae7bd8a6b", "2e001aaf-0c5c-4547-9b96-ebc4172b258d", "47778126-b0cf-41d9-9e21-f2418f53e792", "410e4a70-ae12-4de2-8f31-071ffee3cad4", "e94f94f0-3538-40dd-aef2-0189eacc7eb7", "23fa6fdf-cfb9-4850-ad04-3ea56551c30a", "3e1fad28-031b-4670-a9d0-0af2e8ba1361", "d49378a4-d03c-4730-be87-f0fcb2d199db"]}
--- a/scripts/extractor_eval.py
+++ b/scripts/extractor_eval.py
@@ -0,0 +1,274 @@
 """Extractor eval runner — scores the rule-based extractor against a
 labeled interaction corpus.
 Pulls full interaction content from a frozen snapshot, runs each through
 ``extract_candidates_from_interaction``, and compares the output to the
 expected counts from a labels file. Produces a per-label scorecard plus
 aggregate precision / recall / yield numbers.
 This harness deliberately stays file-based: snapshot + labels + this
 runner. No Dalidou HTTP dependency once the snapshot is frozen, so the
 eval is reproducible run-to-run even as live captures drift.
 Usage:
    python scripts/extractor_eval.py                # human report
    python scripts/extractor_eval.py --json         # machine-readable
    python scripts/extractor_eval.py \\
        --snapshot scripts/eval_data/interactions_snapshot_2026-04-11.json \\
        --labels   scripts/eval_data/extractor_labels_2026-04-11.json
 """
 from __future__ import annotations
 import argparse
 import io
 import json
 import sys
 from dataclasses import dataclass, field
 from pathlib import Path
 # Force UTF-8 on stdout so real LLM output (arrows, em-dashes, CJK)
 # doesn't crash the human report on Windows cp1252 consoles.
 if hasattr(sys.stdout, "buffer"):
    sys.stdout = io.TextIOWrapper(sys.stdout.buffer, encoding="utf-8", errors="replace", line_buffering=True)
 # Make src/ importable without requiring an install.
 _REPO_ROOT = Path(__file__).resolve().parent.parent
 sys.path.insert(0, str(_REPO_ROOT / "src"))
 from atocore.interactions.service import Interaction  # noqa: E402
 from atocore.memory.extractor import extract_candidates_from_interaction  # noqa: E402
 from atocore.memory.extractor_llm import extract_candidates_llm  # noqa: E402
 DEFAULT_SNAPSHOT = _REPO_ROOT / "scripts" / "eval_data" / "interactions_snapshot_2026-04-11.json"
 DEFAULT_LABELS = _REPO_ROOT / "scripts" / "eval_data" / "extractor_labels_2026-04-11.json"
@dataclass
 class LabelResult:
    id: str
    expected_count: int
    actual_count: int
    ok: bool
    miss_class: str
    notes: str
    actual_candidates: list[dict] = field(default_factory=list)
 def load_snapshot(path: Path) -> dict[str, dict]:
    data = json.loads(path.read_text(encoding="utf-8"))
    return {item["id"]: item for item in data.get("interactions", [])}
 def load_labels(path: Path) -> dict:
    return json.loads(path.read_text(encoding="utf-8"))
 def interaction_from_snapshot(snap: dict) -> Interaction:
    return Interaction(
        id=snap["id"],
        prompt=snap.get("prompt", "") or "",
        response=snap.get("response", "") or "",
        response_summary="",
        project=snap.get("project", "") or "",
        client=snap.get("client", "") or "",
        session_id=snap.get("session_id", "") or "",
        created_at=snap.get("created_at", "") or "",
    )
 def score(snapshot: dict[str, dict], labels_doc: dict, mode: str = "rule") -> list[LabelResult]:
    results: list[LabelResult] = []
    for label in labels_doc["labels"]:
        iid = label["id"]
        snap = snapshot.get(iid)
        if snap is None:
            results.append(
                LabelResult(
                    id=iid,
                    expected_count=int(label.get("expected_count", 0)),
                    actual_count=-1,
                    ok=False,
                    miss_class="not_in_snapshot",
                    notes=label.get("notes", ""),
                )
            )
            continue
        interaction = interaction_from_snapshot(snap)
        if mode == "llm":
            candidates = extract_candidates_llm(interaction)
        else:
            candidates = extract_candidates_from_interaction(interaction)
        actual_count = len(candidates)
        expected_count = int(label.get("expected_count", 0))
        results.append(
            LabelResult(
                id=iid,
                expected_count=expected_count,
                actual_count=actual_count,
                ok=(actual_count == expected_count),
                miss_class=label.get("miss_class", "n/a"),
                notes=label.get("notes", ""),
                actual_candidates=[
                    {
                        "memory_type": c.memory_type,
                        "content": c.content,
                        "project": c.project,
                        "rule": c.rule,
                    }
                    for c in candidates
                ],
            )
        )
    return results
 def aggregate(results: list[LabelResult]) -> dict:
    total = len(results)
    exact_match = sum(1 for r in results if r.ok)
    true_positive = sum(1 for r in results if r.expected_count > 0 and r.actual_count > 0)
    false_positive_interactions = sum(
        1 for r in results if r.expected_count == 0 and r.actual_count > 0
    )
    false_negative_interactions = sum(
        1 for r in results if r.expected_count > 0 and r.actual_count == 0
    )
    positive_expected = sum(1 for r in results if r.expected_count > 0)
    total_expected_candidates = sum(r.expected_count for r in results)
    total_actual_candidates = sum(max(r.actual_count, 0) for r in results)
    yield_rate = total_actual_candidates / total if total else 0.0
    # Recall over interaction count that had at least one expected candidate:
    recall = true_positive / positive_expected if positive_expected else 0.0
    # Precision over interaction count that produced any candidate:
    precision_denom = true_positive + false_positive_interactions
    precision = true_positive / precision_denom if precision_denom else 0.0
    # Miss class breakdown
    miss_classes: dict[str, int] = {}
    for r in results:
        if r.expected_count > 0 and r.actual_count == 0:
            key = r.miss_class or "unlabeled"
            miss_classes[key] = miss_classes.get(key, 0) + 1
    return {
        "total": total,
        "exact_match": exact_match,
        "positive_expected": positive_expected,
        "total_expected_candidates": total_expected_candidates,
        "total_actual_candidates": total_actual_candidates,
        "yield_rate": round(yield_rate, 3),
        "recall": round(recall, 3),
        "precision": round(precision, 3),
        "false_positive_interactions": false_positive_interactions,
        "false_negative_interactions": false_negative_interactions,
        "miss_classes": miss_classes,
    }
 def print_human(results: list[LabelResult], summary: dict) -> None:
    print("=== Extractor eval ===")
    print(
        f"labeled={summary['total']}  "
        f"exact_match={summary['exact_match']}  "
        f"positive_expected={summary['positive_expected']}"
    )
    print(
        f"yield={summary['yield_rate']}  "
        f"recall={summary['recall']}  "
        f"precision={summary['precision']}"
    )
    print(
        f"false_positives={summary['false_positive_interactions']}  "
        f"false_negatives={summary['false_negative_interactions']}"
    )
    print()
    print("miss class breakdown (FN):")
    if summary["miss_classes"]:
        for k, v in sorted(summary["miss_classes"].items(), key=lambda kv: -kv[1]):
            print(f"  {v:3d}  {k}")
    else:
        print("  (none)")
    print()
    print("per-interaction:")
    for r in results:
        marker = "OK  " if r.ok else "MISS"
        iid_short = r.id[:8]
        print(f"  {marker}  {iid_short}  expected={r.expected_count}  actual={r.actual_count}  class={r.miss_class}")
        if r.actual_candidates:
            for c in r.actual_candidates:
                preview = (c["content"] or "")[:80]
                print(f"         [{c['memory_type']}] {preview}")
 def print_json(results: list[LabelResult], summary: dict) -> None:
    payload = {
        "summary": summary,
        "results": [
            {
                "id": r.id,
                "expected_count": r.expected_count,
                "actual_count": r.actual_count,
                "ok": r.ok,
                "miss_class": r.miss_class,
                "notes": r.notes,
                "actual_candidates": r.actual_candidates,
            }
            for r in results
        ],
    }
    json.dump(payload, sys.stdout, indent=2)
    sys.stdout.write("\n")
 def main() -> int:
    parser = argparse.ArgumentParser(description="AtoCore extractor eval")
    parser.add_argument("--snapshot", type=Path, default=DEFAULT_SNAPSHOT)
    parser.add_argument("--labels", type=Path, default=DEFAULT_LABELS)
    parser.add_argument("--json", action="store_true", help="emit machine-readable JSON")
    parser.add_argument(
        "--output",
        type=Path,
        default=None,
        help="write JSON result to this file (bypasses log/stdout interleaving)",
    )
    parser.add_argument(
        "--mode",
        choices=["rule", "llm"],
        default="rule",
        help="which extractor to score (default: rule)",
    )
    args = parser.parse_args()
    snapshot = load_snapshot(args.snapshot)
    labels = load_labels(args.labels)
    results = score(snapshot, labels, mode=args.mode)
    summary = aggregate(results)
    summary["mode"] = args.mode
    if args.output is not None:
        payload = {
            "summary": summary,
            "results": [
                {
                    "id": r.id,
                    "expected_count": r.expected_count,
                    "actual_count": r.actual_count,
                    "ok": r.ok,
                    "miss_class": r.miss_class,
                    "notes": r.notes,
                    "actual_candidates": r.actual_candidates,
                }
                for r in results
            ],
        }
        args.output.write_text(json.dumps(payload, indent=2, ensure_ascii=False), encoding="utf-8")
        print(f"wrote {args.output}  ({summary['mode']}: recall={summary['recall']} precision={summary['precision']})")
    elif args.json:
        print_json(results, summary)
    else:
        print_human(results, summary)
    return 0 if summary["false_negative_interactions"] == 0 and summary["false_positive_interactions"] == 0 else 1
 if __name__ == "__main__":
    raise SystemExit(main())
--- a/scripts/persist_llm_candidates.py
+++ b/scripts/persist_llm_candidates.py
@@ -0,0 +1,89 @@
 """Persist LLM-extracted candidates from a baseline JSON to Dalidou.
 One-shot script: reads a saved extractor eval output file, filters to
 candidates the LLM actually produced, and POSTs each to the Dalidou
 memory API with ``status=candidate``. Deduplicates against already-
 existing candidate content so the script is safe to re-run.
 Usage:
    python scripts/persist_llm_candidates.py \\
        scripts/eval_data/extractor_llm_baseline_2026-04-11.json
 Then triage via:
    python scripts/atocore_client.py triage
 """
 from __future__ import annotations
 import json
 import os
 import sys
 import urllib.error
 import urllib.parse
 import urllib.request
 BASE_URL = os.environ.get("ATOCORE_BASE_URL", "http://dalidou:8100")
 TIMEOUT = int(os.environ.get("ATOCORE_TIMEOUT_SECONDS", "10"))
 def post_json(path: str, body: dict) -> dict:
    data = json.dumps(body).encode("utf-8")
    req = urllib.request.Request(
        url=f"{BASE_URL}{path}",
        method="POST",
        headers={"Content-Type": "application/json"},
        data=data,
    )
    with urllib.request.urlopen(req, timeout=TIMEOUT) as resp:
        return json.loads(resp.read().decode("utf-8"))
 def main() -> int:
    if len(sys.argv) < 2:
        print(f"usage: {sys.argv[0]} <baseline_json>", file=sys.stderr)
        return 1
    data = json.loads(open(sys.argv[1], encoding="utf-8").read())
    results = data.get("results", [])
    persisted = 0
    skipped = 0
    errors = 0
    for r in results:
        for c in r.get("actual_candidates", []):
            content = (c.get("content") or "").strip()
            if not content:
                continue
            mem_type = c.get("memory_type", "knowledge")
            project = c.get("project", "")
            confidence = c.get("confidence", 0.5)
            try:
                resp = post_json("/memory", {
                    "memory_type": mem_type,
                    "content": content,
                    "project": project,
                    "confidence": float(confidence),
                    "status": "candidate",
                })
                persisted += 1
                print(f"  + {resp.get('id','?')[:8]}  [{mem_type}]  {content[:80]}")
            except urllib.error.HTTPError as exc:
                if exc.code == 400:
                    skipped += 1
                else:
                    errors += 1
                    print(f"  ! error {exc.code}: {content[:60]}", file=sys.stderr)
            except Exception as exc:
                errors += 1
                print(f"  ! {exc}: {content[:60]}", file=sys.stderr)
    print(f"\npersisted={persisted}  skipped={skipped}  errors={errors}")
    return 0
 if __name__ == "__main__":
    raise SystemExit(main())
--- a/scripts/retrieval_eval.py
+++ b/scripts/retrieval_eval.py
@@ -0,0 +1,194 @@
 """Retrieval quality eval harness.
 Runs a fixed set of project-hinted questions against
 ``POST /context/build`` on a live AtoCore instance and scores the
 resulting ``formatted_context`` against per-question expectations.
 The goal is a diffable scorecard that tells you, run-to-run,
 whether a retrieval / builder / ingestion change moved the needle.
 Design notes
 ------------
 - Fixtures live in ``scripts/retrieval_eval_fixtures.json`` so new
  questions can be added without touching Python. Each fixture
  names the project, the prompt, and a checklist of substrings that
  MUST appear in ``formatted_context`` (``expect_present``) and
  substrings that MUST NOT appear (``expect_absent``). The absent
  list catches cross-project bleed and stale content.
 - The checklist is deliberately substring-based (not regex, not
  embedding-similarity) so a failure is always a trivially
  reproducible "this string is not in that string". Richer scoring
  can come later once we know the harness is useful.
 - The harness is external to the app runtime and talks to AtoCore
  over HTTP, so it works against dev, staging, or prod. It follows
  the same environment-variable contract as ``atocore_client.py``
  (``ATOCORE_BASE_URL``, ``ATOCORE_TIMEOUT_SECONDS``).
 - Exit code 0 on all-pass, 1 on any fixture failure. Intended for
  manual runs today; a future cron / CI hook can consume the
  JSON output via ``--json``.
 Usage
 -----
    python scripts/retrieval_eval.py            # human-readable report
    python scripts/retrieval_eval.py --json     # machine-readable
    python scripts/retrieval_eval.py --fixtures path/to/custom.json
 """
 from __future__ import annotations
 import argparse
 import json
 import os
 import sys
 import urllib.error
 import urllib.parse
 import urllib.request
 from dataclasses import dataclass, field
 from pathlib import Path
 DEFAULT_BASE_URL = os.environ.get("ATOCORE_BASE_URL", "http://dalidou:8100")
 DEFAULT_TIMEOUT = int(os.environ.get("ATOCORE_TIMEOUT_SECONDS", "30"))
 DEFAULT_BUDGET = 3000
 DEFAULT_FIXTURES = Path(__file__).parent / "retrieval_eval_fixtures.json"
@dataclass
 class Fixture:
    name: str
    project: str
    prompt: str
    budget: int = DEFAULT_BUDGET
    expect_present: list[str] = field(default_factory=list)
    expect_absent: list[str] = field(default_factory=list)
    notes: str = ""
@dataclass
 class FixtureResult:
    fixture: Fixture
    ok: bool
    missing_present: list[str]
    unexpected_absent: list[str]
    total_chars: int
    error: str = ""
 def load_fixtures(path: Path) -> list[Fixture]:
    data = json.loads(path.read_text(encoding="utf-8"))
    if not isinstance(data, list):
        raise ValueError(f"{path} must contain a JSON array of fixtures")
    fixtures: list[Fixture] = []
    for i, raw in enumerate(data):
        if not isinstance(raw, dict):
            raise ValueError(f"fixture {i} is not an object")
        fixtures.append(
            Fixture(
                name=raw["name"],
                project=raw.get("project", ""),
                prompt=raw["prompt"],
                budget=int(raw.get("budget", DEFAULT_BUDGET)),
                expect_present=list(raw.get("expect_present", [])),
                expect_absent=list(raw.get("expect_absent", [])),
                notes=raw.get("notes", ""),
            )
        )
    return fixtures
 def run_fixture(fixture: Fixture, base_url: str, timeout: int) -> FixtureResult:
    payload = {
        "prompt": fixture.prompt,
        "project": fixture.project or None,
        "budget": fixture.budget,
    }
    req = urllib.request.Request(
        url=f"{base_url}/context/build",
        method="POST",
        headers={"Content-Type": "application/json"},
        data=json.dumps(payload).encode("utf-8"),
    )
    try:
        with urllib.request.urlopen(req, timeout=timeout) as resp:
            body = json.loads(resp.read().decode("utf-8"))
    except urllib.error.URLError as exc:
        return FixtureResult(
            fixture=fixture,
            ok=False,
            missing_present=list(fixture.expect_present),
            unexpected_absent=[],
            total_chars=0,
            error=f"http_error: {exc}",
        )
    formatted = body.get("formatted_context") or ""
    missing = [s for s in fixture.expect_present if s not in formatted]
    unexpected = [s for s in fixture.expect_absent if s in formatted]
    return FixtureResult(
        fixture=fixture,
        ok=not missing and not unexpected,
        missing_present=missing,
        unexpected_absent=unexpected,
        total_chars=len(formatted),
    )
 def print_human_report(results: list[FixtureResult]) -> None:
    total = len(results)
    passed = sum(1 for r in results if r.ok)
    print(f"Retrieval eval: {passed}/{total} fixtures passed")
    print()
    for r in results:
        marker = "PASS" if r.ok else "FAIL"
        print(f"[{marker}] {r.fixture.name}  project={r.fixture.project}  chars={r.total_chars}")
        if r.error:
            print(f"       error: {r.error}")
        for miss in r.missing_present:
            print(f"       missing expected: {miss!r}")
        for bleed in r.unexpected_absent:
            print(f"       unexpected present: {bleed!r}")
        if r.fixture.notes and not r.ok:
            print(f"       notes: {r.fixture.notes}")
 def print_json_report(results: list[FixtureResult]) -> None:
    payload = {
        "total": len(results),
        "passed": sum(1 for r in results if r.ok),
        "fixtures": [
            {
                "name": r.fixture.name,
                "project": r.fixture.project,
                "ok": r.ok,
                "total_chars": r.total_chars,
                "missing_present": r.missing_present,
                "unexpected_absent": r.unexpected_absent,
                "error": r.error,
            }
            for r in results
        ],
    }
    json.dump(payload, sys.stdout, indent=2)
    sys.stdout.write("\n")
 def main() -> int:
    parser = argparse.ArgumentParser(description="AtoCore retrieval quality eval harness")
    parser.add_argument("--base-url", default=DEFAULT_BASE_URL)
    parser.add_argument("--timeout", type=int, default=DEFAULT_TIMEOUT)
    parser.add_argument("--fixtures", type=Path, default=DEFAULT_FIXTURES)
    parser.add_argument("--json", action="store_true", help="emit machine-readable JSON")
    args = parser.parse_args()
    fixtures = load_fixtures(args.fixtures)
    results = [run_fixture(f, args.base_url, args.timeout) for f in fixtures]
    if args.json:
        print_json_report(results)
    else:
        print_human_report(results)
    return 0 if all(r.ok for r in results) else 1
 if __name__ == "__main__":
    raise SystemExit(main())
--- a/scripts/retrieval_eval_fixtures.json
+++ b/scripts/retrieval_eval_fixtures.json
@@ -0,0 +1,225 @@
 [
  {
    "name": "p04-architecture-decision",
    "project": "p04-gigabit",
    "prompt": "what mirror architecture was selected for GigaBIT M1 and why",
    "expect_present": [
      "--- Trusted Project State ---",
      "Option B",
      "conical",
      "--- Project Memories ---"
    ],
    "expect_absent": [
      "p06-polisher",
      "folded-beam"
    ],
    "notes": "Canonical p04 decision — should surface both Trusted Project State and the project-memory band"
  },
  {
    "name": "p04-constraints",
    "project": "p04-gigabit",
    "prompt": "what are the key GigaBIT M1 program constraints",
    "expect_present": [
      "--- Trusted Project State ---",
      "Zerodur",
      "1.2"
    ],
    "expect_absent": [
      "polisher suite"
    ],
    "notes": "Key constraints are in Trusted Project State and in the mission-framing memory"
  },
  {
    "name": "p04-short-ambiguous",
    "project": "p04-gigabit",
    "prompt": "current status",
    "expect_present": [
      "--- Trusted Project State ---"
    ],
    "expect_absent": [],
    "notes": "Short ambiguous prompt — at minimum project state should surface. Hard case: the prompt is generic enough that chunks may not rank well."
  },
  {
    "name": "p05-configuration",
    "project": "p05-interferometer",
    "prompt": "what is the selected interferometer configuration",
    "expect_present": [
      "folded-beam",
      "CGH"
    ],
    "expect_absent": [
      "Option B",
      "conical back",
      "polisher suite"
    ],
    "notes": "P05 architecture memory covers folded-beam + CGH. GigaBIT M1 legitimately appears in p05 source docs."
  },
  {
    "name": "p05-vendor-signal",
    "project": "p05-interferometer",
    "prompt": "what is the current vendor signal for the interferometer procurement",
    "expect_present": [
      "4D",
      "Zygo"
    ],
    "expect_absent": [
      "polisher"
    ],
    "notes": "Vendor memory mentions 4D as strongest technical candidate and Zygo Verifire SV as value path"
  },
  {
    "name": "p05-cgh-calibration",
    "project": "p05-interferometer",
    "prompt": "how does CGH calibration work for the interferometer",
    "expect_present": [
      "CGH"
    ],
    "expect_absent": [
      "polisher-sim",
      "polisher-post"
    ],
    "notes": "CGH is a core p05 concept. Should surface via chunks and possibly the architecture memory. Must not bleed p06 polisher-suite terms."
  },
  {
    "name": "p06-suite-split",
    "project": "p06-polisher",
    "prompt": "how is the polisher software suite split across layers",
    "expect_present": [
      "polisher-sim",
      "polisher-post",
      "polisher-control"
    ],
    "expect_absent": [
      "GigaBIT"
    ],
    "notes": "The three-layer split is in multiple p06 memories"
  },
  {
    "name": "p06-control-rule",
    "project": "p06-polisher",
    "prompt": "what is the polisher control design rule",
    "expect_present": [
      "interlocks"
    ],
    "expect_absent": [
      "interferometer"
    ],
    "notes": "Control design rule memory mentions interlocks and state transitions"
  },
  {
    "name": "p06-firmware-interface",
    "project": "p06-polisher",
    "prompt": "what is the firmware interface contract for the polisher machine",
    "expect_present": [
      "controller-job"
    ],
    "expect_absent": [
      "interferometer",
      "GigaBIT"
    ],
    "notes": "New p06 memory from the first triage: firmware interface contract is invariant controller-job.v1 in, run-log.v1 out"
  },
  {
    "name": "p06-z-axis",
    "project": "p06-polisher",
    "prompt": "how does the polisher Z-axis work",
    "expect_present": [
      "engage"
    ],
    "expect_absent": [
      "interferometer"
    ],
    "notes": "New p06 memory: Z-axis is binary engage/retract, not continuous position. The word 'engage' should appear."
  },
  {
    "name": "p06-cam-mechanism",
    "project": "p06-polisher",
    "prompt": "how is cam amplitude controlled on the polisher",
    "expect_present": [
      "encoder"
    ],
    "expect_absent": [
      "GigaBIT"
    ],
    "notes": "New p06 memory: cam set mechanically by operator, read by encoders. The word 'encoder' should appear."
  },
  {
    "name": "p06-telemetry-rate",
    "project": "p06-polisher",
    "prompt": "what is the expected polishing telemetry data rate",
    "expect_present": [
      "29 MB"
    ],
    "expect_absent": [
      "interferometer"
    ],
    "notes": "New p06 knowledge memory: approximately 29 MB per hour at 100 Hz"
  },
  {
    "name": "p06-offline-design",
    "project": "p06-polisher",
    "prompt": "does the polisher machine need network to operate",
    "expect_present": [
      "offline"
    ],
    "expect_absent": [
      "CGH"
    ],
    "notes": "New p06 memory: machine works fully offline and independently; network is for remote access only"
  },
  {
    "name": "p06-short-ambiguous",
    "project": "p06-polisher",
    "prompt": "current status",
    "expect_present": [
      "--- Trusted Project State ---"
    ],
    "expect_absent": [],
    "notes": "Short ambiguous prompt — project state should surface at minimum"
  },
  {
    "name": "cross-project-no-bleed",
    "project": "p04-gigabit",
    "prompt": "what telemetry rate should we target",
    "expect_present": [],
    "expect_absent": [
      "29 MB",
      "polisher"
    ],
    "notes": "Adversarial: telemetry rate is a p06 fact. A p04 query for 'telemetry rate' must NOT surface p06 memories. Tests cross-project gating."
  },
  {
    "name": "no-project-hint",
    "project": "",
    "prompt": "tell me about the current projects",
    "expect_present": [],
    "expect_absent": [
      "--- Project Memories ---"
    ],
    "notes": "Without a project hint, project memories must not appear (cross-project bleed guard). Chunks may appear if any match."
  },
  {
    "name": "p06-usb-ssd",
    "project": "p06-polisher",
    "prompt": "what storage solution is specified for the polisher RPi",
    "expect_present": [
      "USB SSD"
    ],
    "expect_absent": [
      "interferometer"
    ],
    "notes": "New p06 memory from triage: USB SSD mandatory, not SD card"
  },
  {
    "name": "p06-tailscale",
    "project": "p06-polisher",
    "prompt": "how do we access the polisher machine remotely",
    "expect_present": [
      "Tailscale"
    ],
    "expect_absent": [
      "GigaBIT"
    ],
    "notes": "New p06 memory: Tailscale mesh for RPi remote access"
  }
 ]
--- a/src/atocore/api/routes.py
+++ b/src/atocore/api/routes.py
@@ -49,6 +49,7 @@ from atocore.memory.service import (
 )
 from atocore.observability.logger import get_logger
 from atocore.ops.backup import (
    cleanup_old_backups,
    create_runtime_backup,
    list_runtime_backups,
    validate_backup,
@@ -140,6 +141,7 @@ class MemoryCreateRequest(BaseModel):
    content: str
    project: str = ""
    confidence: float = 1.0
    status: str = "active"
 class MemoryUpdateRequest(BaseModel):
@@ -343,6 +345,7 @@ def api_create_memory(req: MemoryCreateRequest) -> dict:
            content=req.content,
            project=req.project,
            confidence=req.confidence,
            status=req.status,
        )
    except ValueError as e:
        raise HTTPException(status_code=400, detail=str(e))
@@ -511,6 +514,7 @@ class InteractionRecordRequest(BaseModel):
    chunks_used: list[str] = []
    context_pack: dict | None = None
    reinforce: bool = True
    extract: bool = False
@router.post("/interactions")
@@ -536,6 +540,7 @@ def api_record_interaction(req: InteractionRecordRequest) -> dict:
            chunks_used=req.chunks_used,
            context_pack=req.context_pack,
            reinforce=req.reinforce,
            extract=req.extract,
        )
    except ValueError as e:
        raise HTTPException(status_code=400, detail=str(e))
@@ -731,6 +736,25 @@ def api_list_backups() -> dict:
    }
 class BackupCleanupRequest(BaseModel):
    confirm: bool = False
@router.post("/admin/backup/cleanup")
 def api_cleanup_backups(req: BackupCleanupRequest | None = None) -> dict:
    """Apply retention policy to old backup snapshots.
    Dry-run by default. Pass ``confirm: true`` to actually delete.
    Retention: last 7 daily, last 4 weekly (Sundays), last 6 monthly (1st).
    """
    payload = req or BackupCleanupRequest()
    try:
        return cleanup_old_backups(confirm=payload.confirm)
    except Exception as e:
        log.error("admin_cleanup_failed", error=str(e))
        raise HTTPException(status_code=500, detail=f"Cleanup failed: {e}")
@router.get("/admin/backup/{stamp}/validate")
 def api_validate_backup(stamp: str) -> dict:
    """Validate that a previously created backup is structurally usable."""
--- a/src/atocore/context/builder.py
+++ b/src/atocore/context/builder.py
@@ -30,6 +30,12 @@ SYSTEM_PREFIX = (
 #   identity: 5%, preferences: 5%, project state: 20%, retrieval: 60%+
 PROJECT_STATE_BUDGET_RATIO = 0.20
 MEMORY_BUDGET_RATIO = 0.10  # 5% identity + 5% preference
 # Project-scoped memories (project/knowledge/episodic) are the outlet
 # for the Phase 9 reflection loop on the retrieval side. Budget sits
 # between identity/preference and retrieved chunks so a reinforced
 # memory can actually reach the model.
 PROJECT_MEMORY_BUDGET_RATIO = 0.25
 PROJECT_MEMORY_TYPES = ["project", "knowledge", "episodic"]
 # Last built context pack for debug inspection
 _last_context_pack: "ContextPack | None" = None
@@ -51,6 +57,8 @@ class ContextPack:
    project_state_chars: int = 0
    memory_text: str = ""
    memory_chars: int = 0
    project_memory_text: str = ""
    project_memory_chars: int = 0
    total_chars: int = 0
    budget: int = 0
    budget_remaining: int = 0
@@ -107,10 +115,32 @@ def build_context(
    memory_text, memory_chars = get_memories_for_context(
        memory_types=["identity", "preference"],
        budget=memory_budget,
        query=user_prompt,
    )
    # 2b. Get project-scoped memories (third precedence). Only
    # populated when a canonical project is in scope — cross-project
    # memory bleed would rot the pack. Active-only filtering is
    # handled by the shared min_confidence=0.5 gate inside
    # get_memories_for_context.
    project_memory_text = ""
    project_memory_chars = 0
    if canonical_project:
        project_memory_budget = min(
            int(budget * PROJECT_MEMORY_BUDGET_RATIO),
            max(budget - project_state_chars - memory_chars, 0),
        )
        project_memory_text, project_memory_chars = get_memories_for_context(
            memory_types=PROJECT_MEMORY_TYPES,
            project=canonical_project,
            budget=project_memory_budget,
            header="--- Project Memories ---",
            footer="--- End Project Memories ---",
            query=user_prompt,
        )
    # 3. Calculate remaining budget for retrieval
-    retrieval_budget = budget - project_state_chars - memory_chars
+    retrieval_budget = budget - project_state_chars - memory_chars - project_memory_chars
    # 4. Retrieve candidates
    candidates = (
@@ -130,11 +160,14 @@ def build_context(
    selected = _select_within_budget(scored, max(retrieval_budget, 0))
    # 7. Format full context
-    formatted = _format_full_context(project_state_text, memory_text, selected)
+    formatted = _format_full_context(
        project_state_text, memory_text, project_memory_text, selected
    )
    if len(formatted) > budget:
        formatted, selected = _trim_context_to_budget(
            project_state_text,
            memory_text,
            project_memory_text,
            selected,
            budget,
        )
@@ -144,6 +177,7 @@ def build_context(
    project_state_chars = len(project_state_text)
    memory_chars = len(memory_text)
    project_memory_chars = len(project_memory_text)
    retrieval_chars = sum(c.char_count for c in selected)
    total_chars = len(formatted)
    duration_ms = int((time.time() - start) * 1000)
@@ -154,6 +188,8 @@ def build_context(
        project_state_chars=project_state_chars,
        memory_text=memory_text,
        memory_chars=memory_chars,
        project_memory_text=project_memory_text,
        project_memory_chars=project_memory_chars,
        total_chars=total_chars,
        budget=budget,
        budget_remaining=budget - total_chars,
@@ -171,6 +207,7 @@ def build_context(
        chunks_used=len(selected),
        project_state_chars=project_state_chars,
        memory_chars=memory_chars,
        project_memory_chars=project_memory_chars,
        retrieval_chars=retrieval_chars,
        total_chars=total_chars,
        budget_remaining=budget - total_chars,
@@ -250,6 +287,7 @@ def _select_within_budget(
 def _format_full_context(
    project_state_text: str,
    memory_text: str,
    project_memory_text: str,
    chunks: list[ContextChunk],
 ) -> str:
    """Format project state + memories + retrieved chunks into full context block."""
@@ -265,7 +303,12 @@ def _format_full_context(
        parts.append(memory_text)
        parts.append("")
-    # 3. Retrieved chunks (lowest trust)
+    # 3. Project-scoped memories (third trust level)
    if project_memory_text:
        parts.append(project_memory_text)
        parts.append("")
    # 4. Retrieved chunks (lowest trust)
    if chunks:
        parts.append("--- AtoCore Retrieved Context ---")
        if project_state_text:
@@ -277,7 +320,7 @@ def _format_full_context(
            parts.append(chunk.content)
            parts.append("")
        parts.append("--- End Context ---")
-    elif not project_state_text and not memory_text:
+    elif not project_state_text and not memory_text and not project_memory_text:
        parts.append("--- AtoCore Context ---\nNo relevant context found.\n--- End Context ---")
    return "\n".join(parts)
@@ -299,6 +342,7 @@ def _pack_to_dict(pack: ContextPack) -> dict:
        "project_hint": pack.project_hint,
        "project_state_chars": pack.project_state_chars,
        "memory_chars": pack.memory_chars,
        "project_memory_chars": pack.project_memory_chars,
        "chunks_used": len(pack.chunks_used),
        "total_chars": pack.total_chars,
        "budget": pack.budget,
@@ -306,6 +350,7 @@ def _pack_to_dict(pack: ContextPack) -> dict:
        "duration_ms": pack.duration_ms,
        "has_project_state": bool(pack.project_state_text),
        "has_memories": bool(pack.memory_text),
        "has_project_memories": bool(pack.project_memory_text),
        "chunks": [
            {
                "source_file": c.source_file,
@@ -335,26 +380,45 @@ def _truncate_text_block(text: str, budget: int) -> tuple[str, int]:
 def _trim_context_to_budget(
    project_state_text: str,
    memory_text: str,
    project_memory_text: str,
    chunks: list[ContextChunk],
    budget: int,
 ) -> tuple[str, list[ContextChunk]]:
-    """Trim retrieval first, then memory, then project state until formatted context fits."""
+    """Trim retrieval → project memories → identity/preference → project state."""
    kept_chunks = list(chunks)
-    formatted = _format_full_context(project_state_text, memory_text, kept_chunks)
+    formatted = _format_full_context(
        project_state_text, memory_text, project_memory_text, kept_chunks
    )
    while len(formatted) > budget and kept_chunks:
        kept_chunks.pop()
-        formatted = _format_full_context(project_state_text, memory_text, kept_chunks)
+        formatted = _format_full_context(
            project_state_text, memory_text, project_memory_text, kept_chunks
        )
    if len(formatted) <= budget:
        return formatted, kept_chunks
    # Drop project memories next (they were the most recently added
    # tier and carry less trust than identity/preference).
    project_memory_text, _ = _truncate_text_block(
        project_memory_text,
        max(budget - len(project_state_text) - len(memory_text), 0),
    )
    formatted = _format_full_context(
        project_state_text, memory_text, project_memory_text, kept_chunks
    )
    if len(formatted) <= budget:
        return formatted, kept_chunks
    memory_text, _ = _truncate_text_block(memory_text, max(budget - len(project_state_text), 0))
-    formatted = _format_full_context(project_state_text, memory_text, kept_chunks)
+    formatted = _format_full_context(
        project_state_text, memory_text, project_memory_text, kept_chunks
    )
    if len(formatted) <= budget:
        return formatted, kept_chunks
    project_state_text, _ = _truncate_text_block(project_state_text, budget)
-    formatted = _format_full_context(project_state_text, "", [])
+    formatted = _format_full_context(project_state_text, "", "", [])
    if len(formatted) > budget:
        formatted, _ = _truncate_text_block(formatted, budget)
    return formatted, []
--- a/src/atocore/interactions/service.py
+++ b/src/atocore/interactions/service.py
@@ -63,6 +63,7 @@ def record_interaction(
    chunks_used: list[str] | None = None,
    context_pack: dict | None = None,
    reinforce: bool = True,
    extract: bool = False,
 ) -> Interaction:
    """Persist a single interaction to the audit trail.
@@ -163,6 +164,30 @@ def record_interaction(
                error=str(exc),
            )
    if extract and (response or response_summary):
        try:
            from atocore.memory.extractor import extract_candidates_from_interaction
            from atocore.memory.service import create_memory
            candidates = extract_candidates_from_interaction(interaction)
            for candidate in candidates:
                try:
                    create_memory(
                        memory_type=candidate.memory_type,
                        content=candidate.content,
                        project=candidate.project,
                        confidence=candidate.confidence,
                        status="candidate",
                    )
                except ValueError:
                    pass  # duplicate or validation error — skip silently
        except Exception as exc:  # pragma: no cover - extraction must never block capture
            log.error(
                "extraction_failed_on_capture",
                interaction_id=interaction_id,
                error=str(exc),
            )
    return interaction
--- a/src/atocore/memory/extractor_llm.py
+++ b/src/atocore/memory/extractor_llm.py
@@ -0,0 +1,283 @@
 """LLM-assisted candidate-memory extraction via the Claude Code CLI.
 Day 4 of the 2026-04-11 mini-phase: the rule-based extractor hit 0%
 recall against real conversational claude-code captures (Day 2 baseline
 scorecard in ``scripts/eval_data/extractor_labels_2026-04-11.json``),
 with false negatives spread across 5 distinct miss classes. A single
 rule expansion cannot close that gap, so this module adds an optional
 LLM-assisted mode that shells out to the ``claude -p`` (Claude Code
 non-interactive) CLI with a focused extraction system prompt. That
 path reuses the user's existing Claude.ai OAuth credentials — no API
 key anywhere, per the 2026-04-11 decision.
 Trust rules carried forward from the rule-based extractor:
 - Candidates are NEVER auto-promoted. Caller persists with
  ``status="candidate"`` and a human reviews via the triage CLI.
 - This path is additive. The rule-based extractor keeps working
  exactly as before; callers opt in by importing this module.
 - Extraction stays off the capture hot path — this is batch / manual
  only, per the 2026-04-11 decision.
 - Failure is silent. Missing CLI, non-zero exit, malformed JSON,
  timeout — all return an empty list and log an error. Never raises
  into the caller; the capture audit trail must not break on an
  optional side effect.
 Configuration:
 - Requires the ``claude`` CLI on PATH (``claude --version`` should work).
 - ``ATOCORE_LLM_EXTRACTOR_MODEL`` overrides the model alias (default
  ``sonnet``).
 - ``ATOCORE_LLM_EXTRACTOR_TIMEOUT_S`` overrides the per-call timeout
  (default 90 seconds — first invocation is slow because Node.js
  startup plus OAuth check is non-trivial).
 Implementation notes:
 - We run ``claude -p`` with ``--model <alias>``,
  ``--append-system-prompt`` for the extraction instructions,
  ``--no-session-persistence`` so we don't pollute session history,
  and ``--disable-slash-commands`` so stray ``/foo`` in an extracted
  response never triggers something.
 - The CLI is invoked from a temp working directory so it does not
  auto-discover ``CLAUDE.md`` / ``DEV-LEDGER.md`` / ``AGENTS.md``
  from the repo root. We want a bare extraction context, not the
  full project briefing. We can't use ``--bare`` because that
  forces API-key auth; the temp-cwd trick is the lightest way to
  keep OAuth auth while skipping project context loading.
 """
 from __future__ import annotations
 import json
 import os
 import shutil
 import subprocess
 import tempfile
 from dataclasses import dataclass
 from functools import lru_cache
 from atocore.interactions.service import Interaction
 from atocore.memory.extractor import MemoryCandidate
 from atocore.memory.service import MEMORY_TYPES
 from atocore.observability.logger import get_logger
 log = get_logger("extractor_llm")
 LLM_EXTRACTOR_VERSION = "llm-0.2.0"
 DEFAULT_MODEL = os.environ.get("ATOCORE_LLM_EXTRACTOR_MODEL", "sonnet")
 DEFAULT_TIMEOUT_S = float(os.environ.get("ATOCORE_LLM_EXTRACTOR_TIMEOUT_S", "90"))
 MAX_RESPONSE_CHARS = 8000
 MAX_PROMPT_CHARS = 2000
 _SYSTEM_PROMPT = """You extract durable memory candidates from LLM conversation turns for a personal context engine called AtoCore.
 Your job is to read one user prompt plus the assistant's response and decide which durable facts, decisions, preferences, architectural rules, or project invariants should be remembered across future sessions.
 Rules:
 1. Only surface durable claims. Skip transient status ("deploy is still running"), instructional guidance ("here is how to run the command"), troubleshooting tactics, ephemeral recommendations ("merge this PR now"), and session recaps.
 2. A candidate is durable when a reader coming back in two weeks would still need to know it. Architectural choices, named rules, ratified decisions, invariants, procurement commitments, and project-level constraints qualify. Conversational fillers and step-by-step instructions do not.
 3. Each candidate must stand alone. Rewrite the claim in one sentence under 200 characters with enough context that a reader without the conversation understands it.
 4. Each candidate must have a type from this closed set: project, knowledge, preference, adaptation.
 5. If the conversation is clearly scoped to a project (p04-gigabit, p05-interferometer, p06-polisher, atocore), set ``project`` to that id. Otherwise leave ``project`` empty.
 6. If the response makes no durable claim, return an empty list. It is correct and expected to return [] on most conversational turns.
 7. Confidence should be 0.5 by default so human review workload is honest. Raise to 0.6 only when the response states the claim in an unambiguous, committed form (e.g. "the decision is X", "the selected approach is Y", "X is non-negotiable").
 8. Output must be a raw JSON array and nothing else. No prose before or after. No markdown fences. No explanations.
 Each array element has exactly this shape:
 {"type": "project|knowledge|preference|adaptation", "content": "...", "project": "...", "confidence": 0.5}
 Return [] when there is nothing to extract."""
@dataclass
 class LLMExtractionResult:
    candidates: list[MemoryCandidate]
    raw_output: str
    error: str = ""
@lru_cache(maxsize=1)
 def _sandbox_cwd() -> str:
    """Return a stable temp directory for ``claude -p`` invocations.
    We want the CLI to run from a directory that does NOT contain
    ``CLAUDE.md`` / ``DEV-LEDGER.md`` / ``AGENTS.md``, so every
    extraction call starts with a clean context instead of the full
    AtoCore project briefing. Cached so the directory persists for
    the lifetime of the process.
    """
    return tempfile.mkdtemp(prefix="ato-llm-extract-")
 def _cli_available() -> bool:
    return shutil.which("claude") is not None
 def extract_candidates_llm(
    interaction: Interaction,
    model: str | None = None,
    timeout_s: float | None = None,
 ) -> list[MemoryCandidate]:
    """Run the LLM-assisted extractor against one interaction.
    Returns a list of ``MemoryCandidate`` objects, empty on any
    failure path. The caller is responsible for persistence.
    """
    return extract_candidates_llm_verbose(
        interaction,
        model=model,
        timeout_s=timeout_s,
    ).candidates
 def extract_candidates_llm_verbose(
    interaction: Interaction,
    model: str | None = None,
    timeout_s: float | None = None,
 ) -> LLMExtractionResult:
    """Like ``extract_candidates_llm`` but also returns the raw
    subprocess output and any error encountered, for eval / debugging.
    """
    if not _cli_available():
        return LLMExtractionResult(
            candidates=[],
            raw_output="",
            error="claude_cli_missing",
        )
    response_text = (interaction.response or "").strip()
    if not response_text:
        return LLMExtractionResult(candidates=[], raw_output="", error="empty_response")
    prompt_excerpt = (interaction.prompt or "")[:MAX_PROMPT_CHARS]
    response_excerpt = response_text[:MAX_RESPONSE_CHARS]
    user_message = (
        f"PROJECT HINT (may be empty): {interaction.project or ''}\n\n"
        f"USER PROMPT:\n{prompt_excerpt}\n\n"
        f"ASSISTANT RESPONSE:\n{response_excerpt}\n\n"
        "Return the JSON array now."
    )
    args = [
        "claude",
        "-p",
        "--model",
        model or DEFAULT_MODEL,
        "--append-system-prompt",
        _SYSTEM_PROMPT,
        "--no-session-persistence",
        "--disable-slash-commands",
        user_message,
    ]
    try:
        completed = subprocess.run(
            args,
            capture_output=True,
            text=True,
            timeout=timeout_s or DEFAULT_TIMEOUT_S,
            cwd=_sandbox_cwd(),
            encoding="utf-8",
            errors="replace",
        )
    except subprocess.TimeoutExpired:
        log.error("llm_extractor_timeout", interaction_id=interaction.id)
        return LLMExtractionResult(candidates=[], raw_output="", error="timeout")
    except Exception as exc:  # pragma: no cover - unexpected subprocess failure
        log.error("llm_extractor_subprocess_failed", error=str(exc))
        return LLMExtractionResult(candidates=[], raw_output="", error=f"subprocess_error: {exc}")
    if completed.returncode != 0:
        log.error(
            "llm_extractor_nonzero_exit",
            interaction_id=interaction.id,
            returncode=completed.returncode,
            stderr_prefix=(completed.stderr or "")[:200],
        )
        return LLMExtractionResult(
            candidates=[],
            raw_output=completed.stdout or "",
            error=f"exit_{completed.returncode}",
        )
    raw_output = (completed.stdout or "").strip()
    candidates = _parse_candidates(raw_output, interaction)
    log.info(
        "llm_extractor_done",
        interaction_id=interaction.id,
        candidate_count=len(candidates),
        model=model or DEFAULT_MODEL,
    )
    return LLMExtractionResult(candidates=candidates, raw_output=raw_output)
 def _parse_candidates(raw_output: str, interaction: Interaction) -> list[MemoryCandidate]:
    """Parse the model's JSON output into MemoryCandidate objects.
    Tolerates common model glitches: surrounding whitespace, stray
    markdown fences, leading/trailing prose. Silently drops malformed
    array elements rather than raising.
    """
    text = raw_output.strip()
    if text.startswith("```"):
        text = text.strip("`")
        first_newline = text.find("\n")
        if first_newline >= 0:
            text = text[first_newline + 1 :]
        if text.endswith("```"):
            text = text[:-3]
        text = text.strip()
    if not text or text == "[]":
        return []
    if not text.lstrip().startswith("["):
        start = text.find("[")
        end = text.rfind("]")
        if start >= 0 and end > start:
            text = text[start : end + 1]
    try:
        parsed = json.loads(text)
    except json.JSONDecodeError as exc:
        log.error("llm_extractor_parse_failed", error=str(exc), raw_prefix=raw_output[:120])
        return []
    if not isinstance(parsed, list):
        return []
    results: list[MemoryCandidate] = []
    for item in parsed:
        if not isinstance(item, dict):
            continue
        mem_type = str(item.get("type") or "").strip().lower()
        content = str(item.get("content") or "").strip()
        project = str(item.get("project") or "").strip()
        if not project and interaction.project:
            project = interaction.project
        confidence_raw = item.get("confidence", 0.5)
        if mem_type not in MEMORY_TYPES:
            continue
        if not content:
            continue
        try:
            confidence = float(confidence_raw)
        except (TypeError, ValueError):
            confidence = 0.5
        confidence = max(0.0, min(1.0, confidence))
        results.append(
            MemoryCandidate(
                memory_type=mem_type,
                content=content[:1000],
                rule="llm_extraction",
                source_span=content[:200],
                project=project,
                confidence=confidence,
                source_interaction_id=interaction.id,
                extractor_version=LLM_EXTRACTOR_VERSION,
            )
        )
    return results
--- a/src/atocore/memory/reinforcement.py
+++ b/src/atocore/memory/reinforcement.py
@@ -8,10 +8,11 @@ given memory, without ever promoting anything new into trusted state.
 Design notes
 ------------
- Matching is intentionally simple and explainable:
+- Matching uses token-overlap: tokenize both sides (lowercase, stem,
-    * normalize both sides (lowercase, collapse whitespace)
+  drop stop words), then check whether >= 70 % of the memory's content
-    * require the normalized memory content (or its first 80 chars) to
+  tokens appear in the response token set. This handles natural
-      appear as a substring in the normalized response
+  paraphrases (e.g. "prefers" vs "prefer", "because history" vs
  "because the history") that substring matching missed.
 - Candidates and invalidated memories are NEVER considered — reinforcement
  must not revive history.
 - Reinforcement is capped at 1.0 and monotonically non-decreasing.
@@ -43,9 +44,21 @@ log = get_logger("reinforcement")
 # memories like "prefers Python".
 _MIN_MEMORY_CONTENT_LENGTH = 12
-# When a memory's content is very long, match on its leading window only
+# Token-overlap matching constants.
-# to avoid punishing small paraphrases further into the body.
+_STOP_WORDS: frozenset[str] = frozenset({
-_MATCH_WINDOW_CHARS = 80
+    "the", "a", "an", "and", "or", "of", "to", "is", "was",
    "that", "this", "with", "for", "from", "into",
 })
 _MATCH_THRESHOLD = 0.70
 # Long memories can't realistically hit 70% overlap through organic
 # paraphrase — a 40-token memory would need 28 stemmed tokens echoed
 # verbatim. Above this token count the matcher switches to an absolute
 # overlap floor plus a softer fraction floor so paragraph-length memories
 # still reinforce when the response genuinely uses them.
 _LONG_MEMORY_TOKEN_COUNT = 15
 _LONG_MODE_MIN_OVERLAP = 12
 _LONG_MODE_MIN_FRACTION = 0.35
 DEFAULT_CONFIDENCE_DELTA = 0.02
@@ -144,12 +157,85 @@ def _normalize(text: str) -> str:
    return collapsed.strip()
 def _stem(word: str) -> str:
    """Aggressive suffix-folding so inflected forms collapse.
    Handles trailing ``ing``, ``ed``, and ``s`` — good enough for
    reinforcement matching without pulling in nltk/snowball.
    """
    # Order matters: try longest suffix first.
    if word.endswith("ing") and len(word) >= 6:
        return word[:-3]
    if word.endswith("ed") and len(word) > 4:
        stem = word[:-2]
        # "preferred" → "preferr" → "prefer" (doubled consonant before -ed)
        if len(stem) >= 3 and stem[-1] == stem[-2]:
            stem = stem[:-1]
        return stem
    if word.endswith("s") and len(word) > 3:
        return word[:-1]
    return word
 def _tokenize(text: str) -> set[str]:
    """Split normalized text into a stemmed token set.
    Strips punctuation, drops words shorter than 3 chars and stop
    words. Hyphenated and slash-separated identifiers
    (``polisher-control``, ``twyman-green``, ``2-projects/interferometer``)
    produce both the full form AND each sub-token, so a query for
    "polisher control" can match a memory that wrote
    "polisher-control" without forcing callers to guess the exact
    hyphenation.
    """
    tokens: set[str] = set()
    for raw in text.split():
        word = raw.strip(".,;:!?\"'()[]{}-/")
        if not word:
            continue
        _add_token(tokens, word)
        # Also add sub-tokens split on internal '-' or '/' so
        # hyphenated identifiers match queries that don't hyphenate.
        if "-" in word or "/" in word:
            for sub in re.split(r"[-/]+", word):
                _add_token(tokens, sub)
    return tokens
 def _add_token(tokens: set[str], word: str) -> None:
    if len(word) < 3:
        return
    if word in _STOP_WORDS:
        return
    tokens.add(_stem(word))
 def _memory_matches(memory_content: str, normalized_response: str) -> bool:
-    """Return True if the memory content appears in the response."""
+    """Return True if enough of the memory's tokens appear in the response.
    Dual-mode token overlap:
    - Short memories (<= _LONG_MEMORY_TOKEN_COUNT stems): require
      >= 70 % of memory tokens echoed.
    - Long memories (paragraphs): require an absolute floor of
      _LONG_MODE_MIN_OVERLAP distinct stems echoed AND a softer
      fraction of _LONG_MODE_MIN_FRACTION, so organic paraphrase
      of a real project memory can reinforce without the response
      quoting the paragraph verbatim.
    """
    if not memory_content:
        return False
    normalized_memory = _normalize(memory_content)
    if len(normalized_memory) < _MIN_MEMORY_CONTENT_LENGTH:
        return False
-    window = normalized_memory[:_MATCH_WINDOW_CHARS]
+    memory_tokens = _tokenize(normalized_memory)
-    return window in normalized_response
+    if not memory_tokens:
        return False
    response_tokens = _tokenize(normalized_response)
    overlap = memory_tokens & response_tokens
    fraction = len(overlap) / len(memory_tokens)
    if len(memory_tokens) <= _LONG_MEMORY_TOKEN_COUNT:
        return fraction >= _MATCH_THRESHOLD
    return (
        len(overlap) >= _LONG_MODE_MIN_OVERLAP
        and fraction >= _LONG_MODE_MIN_FRACTION
    )
--- a/src/atocore/memory/service.py
+++ b/src/atocore/memory/service.py
@@ -344,6 +344,9 @@ def get_memories_for_context(
    memory_types: list[str] | None = None,
    project: str | None = None,
    budget: int = 500,
    header: str = "--- AtoCore Memory ---",
    footer: str = "--- End Memory ---",
    query: str | None = None,
 ) -> tuple[str, int]:
    """Get formatted memories for context injection.
@@ -351,38 +354,81 @@ def get_memories_for_context(
    Budget allocation per Master Plan section 9:
      identity: 5%, preference: 5%, rest from retrieval budget
    The caller can override ``header`` / ``footer`` to distinguish
    multiple memory blocks in the same pack (e.g. identity/preference
    vs project/knowledge memories).
    When ``query`` is provided, candidates within each memory type
    are ranked by lexical overlap against the query (stemmed token
    intersection, ties broken by confidence). Without a query,
    candidates fall through in the order ``get_memories`` returns
    them — which is effectively "by confidence desc".
    """
    if memory_types is None:
        memory_types = ["identity", "preference"]
    if budget <= 0:
        return "", 0
    header = "--- AtoCore Memory ---"
    footer = "--- End Memory ---"
    wrapper_chars = len(header) + len(footer) + 2
    if budget <= wrapper_chars:
        return "", 0
    available = budget - wrapper_chars
    selected_entries: list[str] = []
    used = 0
-    for index, mtype in enumerate(memory_types):
+    # Pre-tokenize the query once. ``_score_memory_for_query`` is a
-        type_budget = available if index == len(memory_types) - 1 else max(0, available // (len(memory_types) - index))
+    # free function below that reuses the reinforcement tokenizer so
-        type_used = 0
+    # lexical scoring here matches the reinforcement matcher.
    query_tokens: set[str] | None = None
    if query:
        from atocore.memory.reinforcement import _normalize, _tokenize
        query_tokens = _tokenize(_normalize(query))
        if not query_tokens:
            query_tokens = None
    # Collect ALL candidates across the requested types into one
    # pool, then rank globally before the budget walk. Ranking per
    # type and walking types in order would starve later types when
    # the first type's candidates filled the budget — even if a
    # later-type candidate matched the query perfectly. Type order
    # is preserved as a stable tiebreaker inside
    # ``_rank_memories_for_query`` via Python's stable sort.
    pool: list[Memory] = []
    seen_ids: set[str] = set()
    for mtype in memory_types:
        for mem in get_memories(
            memory_type=mtype,
            project=project,
            min_confidence=0.5,
-            limit=10,
+            limit=30,
        ):
-            entry = f"[{mem.memory_type}] {mem.content}"
+            if mem.id in seen_ids:
            entry_len = len(entry) + 1
            if entry_len > type_budget - type_used:
                continue
-            selected_entries.append(entry)
+            seen_ids.add(mem.id)
-            type_used += entry_len
+            pool.append(mem)
-        available -= type_used
+
    if query_tokens is not None:
        pool = _rank_memories_for_query(pool, query_tokens)
    # Per-entry cap prevents a single long memory from monopolizing
    # the band. With 16 p06 memories competing for ~700 chars, an
    # uncapped 530-char overview memory fills the entire budget before
    # a query-relevant 150-char memory gets a slot. The cap ensures at
    # least 2-3 entries fit regardless of individual memory length.
    max_entry_chars = 250
    for mem in pool:
        content = mem.content
        if len(content) > max_entry_chars:
            content = content[:max_entry_chars - 3].rstrip() + "..."
        entry = f"[{mem.memory_type}] {content}"
        entry_len = len(entry) + 1
        if entry_len > available - used:
            continue
        selected_entries.append(entry)
        used += entry_len
    if not selected_entries:
        return "", 0
@@ -394,6 +440,28 @@ def get_memories_for_context(
    return text, len(text)
 def _rank_memories_for_query(
    memories: list["Memory"],
    query_tokens: set[str],
 ) -> list["Memory"]:
    """Rerank a memory list by lexical overlap with a pre-tokenized query.
    Ordering key: (overlap_count DESC, confidence DESC). When a query
    shares no tokens with a memory, overlap is zero and confidence
    acts as the sole tiebreaker — which matches the pre-query
    behaviour and keeps no-query calls stable.
    """
    from atocore.memory.reinforcement import _normalize, _tokenize
    scored: list[tuple[int, float, Memory]] = []
    for mem in memories:
        mem_tokens = _tokenize(_normalize(mem.content))
        overlap = len(mem_tokens & query_tokens) if mem_tokens else 0
        scored.append((overlap, mem.confidence, mem))
    scored.sort(key=lambda t: (t[0], t[1]), reverse=True)
    return [mem for _, _, mem in scored]
 def _row_to_memory(row) -> Memory:
    """Convert a DB row to Memory dataclass."""
    keys = row.keys() if hasattr(row, "keys") else []
--- a/src/atocore/ops/backup.py
+++ b/src/atocore/ops/backup.py
@@ -103,12 +103,27 @@ def create_runtime_backup(
        encoding="utf-8",
    )
    # Automatic post-backup validation. Failures log a warning but do
    # not raise — the backup files are still on disk and may be useful.
    validation = validate_backup(stamp)
    validated = validation.get("valid", False)
    validation_errors = validation.get("errors", [])
    if not validated:
        log.warning(
            "post_backup_validation_failed",
            backup_root=str(backup_root),
            errors=validation_errors,
        )
    metadata["validated"] = validated
    metadata["validation_errors"] = validation_errors
    log.info(
        "runtime_backup_created",
        backup_root=str(backup_root),
        db_snapshot=str(db_snapshot_path),
        chroma_included=include_chroma,
        chroma_bytes=chroma_bytes_copied,
        validated=validated,
    )
    return metadata
@@ -389,6 +404,113 @@ def restore_runtime_backup(
    return result
 def cleanup_old_backups(*, confirm: bool = False) -> dict:
    """Apply retention policy and remove old snapshots.
    Retention keeps:
    - Last 7 daily snapshots (most recent per calendar day)
    - Last 4 weekly snapshots (most recent on each Sunday)
    - Last 6 monthly snapshots (most recent on the 1st of each month)
    All other snapshots are candidates for deletion. Runs as dry-run by
    default; pass ``confirm=True`` to actually delete.
    Returns a dict with kept/deleted counts and any errors.
    """
    snapshots_root = _config.settings.resolved_backup_dir / "snapshots"
    if not snapshots_root.exists() or not snapshots_root.is_dir():
        return {"kept": 0, "deleted": 0, "would_delete": 0, "dry_run": not confirm, "errors": []}
    # Parse all stamp directories into (datetime, dir_path) pairs.
    stamps: list[tuple[datetime, Path]] = []
    unparseable: list[str] = []
    for entry in sorted(snapshots_root.iterdir()):
        if not entry.is_dir():
            continue
        try:
            dt = datetime.strptime(entry.name, "%Y%m%dT%H%M%SZ").replace(tzinfo=UTC)
            stamps.append((dt, entry))
        except ValueError:
            unparseable.append(entry.name)
    if not stamps:
        return {
            "kept": 0, "deleted": 0, "would_delete": 0,
            "dry_run": not confirm, "errors": [],
            "unparseable": unparseable,
        }
    # Sort newest first so "most recent per bucket" is a simple first-seen.
    stamps.sort(key=lambda t: t[0], reverse=True)
    keep_set: set[Path] = set()
    # Last 7 daily: most recent snapshot per calendar day.
    seen_days: set[str] = set()
    for dt, path in stamps:
        day_key = dt.strftime("%Y-%m-%d")
        if day_key not in seen_days:
            seen_days.add(day_key)
            keep_set.add(path)
            if len(seen_days) >= 7:
                break
    # Last 4 weekly: most recent snapshot that falls on a Sunday.
    seen_weeks: set[str] = set()
    for dt, path in stamps:
        if dt.weekday() == 6:  # Sunday
            week_key = dt.strftime("%Y-W%W")
            if week_key not in seen_weeks:
                seen_weeks.add(week_key)
                keep_set.add(path)
                if len(seen_weeks) >= 4:
                    break
    # Last 6 monthly: most recent snapshot on the 1st of a month.
    seen_months: set[str] = set()
    for dt, path in stamps:
        if dt.day == 1:
            month_key = dt.strftime("%Y-%m")
            if month_key not in seen_months:
                seen_months.add(month_key)
                keep_set.add(path)
                if len(seen_months) >= 6:
                    break
    to_delete = [path for _, path in stamps if path not in keep_set]
    errors: list[str] = []
    deleted_count = 0
    if confirm:
        for path in to_delete:
            try:
                shutil.rmtree(path)
                deleted_count += 1
            except OSError as exc:
                errors.append(f"{path.name}: {exc}")
    result: dict = {
        "kept": len(keep_set),
        "dry_run": not confirm,
        "errors": errors,
    }
    if confirm:
        result["deleted"] = deleted_count
    else:
        result["would_delete"] = len(to_delete)
    if unparseable:
        result["unparseable"] = unparseable
    log.info(
        "cleanup_old_backups",
        kept=len(keep_set),
        deleted=deleted_count if confirm else 0,
        would_delete=len(to_delete) if not confirm else 0,
        dry_run=not confirm,
    )
    return result
 def _backup_sqlite_db(source_path: Path, dest_path: Path) -> None:
    source_conn = sqlite3.connect(str(source_path))
    dest_conn = sqlite3.connect(str(dest_path))
@@ -448,6 +570,13 @@ def main() -> None:
    p_validate = sub.add_parser("validate", help="validate a snapshot by stamp")
    p_validate.add_argument("stamp", help="snapshot stamp (e.g. 20260409T010203Z)")
    p_cleanup = sub.add_parser("cleanup", help="remove old snapshots per retention policy")
    p_cleanup.add_argument(
        "--confirm",
        action="store_true",
        help="actually delete (default is dry-run)",
    )
    p_restore = sub.add_parser(
        "restore",
        help="restore a snapshot by stamp (service must be stopped)",
@@ -488,6 +617,8 @@ def main() -> None:
        result = {"backups": list_runtime_backups()}
    elif command == "validate":
        result = validate_backup(args.stamp)
    elif command == "cleanup":
        result = cleanup_old_backups(confirm=getattr(args, "confirm", False))
    elif command == "restore":
        result = restore_runtime_backup(
            args.stamp,
--- a/t420-openclaw/AGENTS.md
+++ b/t420-openclaw/AGENTS.md
@@ -0,0 +1,234 @@
 # AGENTS.md - Your Workspace
 This folder is home. Treat it that way.
 ## First Run
 If `BOOTSTRAP.md` exists, that's your birth certificate. Follow it, figure out who you are, then delete it. You won't need it again.
 ## Every Session
 Before doing anything else:
 1. Read `SOUL.md` — this is who you are
 2. Read `USER.md` — this is who you're helping
 3. Read `MODEL-ROUTING.md` — follow the auto-routing policy for model selection
 4. Read `memory/YYYY-MM-DD.md` (today + yesterday) for recent context
 5. **If in MAIN SESSION** (direct chat with your human): Also read `MEMORY.md`
 Don't ask permission. Just do it.
 ## Memory
 You wake up fresh each session. These files are your continuity:
 - **Daily notes:** `memory/YYYY-MM-DD.md` (create `memory/` if needed) — raw logs of what happened
 - **Long-term:** `MEMORY.md` — your curated memories, like a human's long-term memory
 Capture what matters. Decisions, context, things to remember. Skip the secrets unless asked to keep them.
 ### 🧠 MEMORY.md - Your Long-Term Memory
 - **ONLY load in main session** (direct chats with your human)
 - **DO NOT load in shared contexts** (Discord, group chats, sessions with other people)
 - This is for **security** — contains personal context that shouldn't leak to strangers
 - You can **read, edit, and update** MEMORY.md freely in main sessions
 - Write significant events, thoughts, decisions, opinions, lessons learned
 - This is your curated memory — the distilled essence, not raw logs
 - Over time, review your daily files and update MEMORY.md with what's worth keeping
 ### 📝 Write It Down - No "Mental Notes"!
 - **Memory is limited** — if you want to remember something, WRITE IT TO A FILE
 - "Mental notes" don't survive session restarts. Files do.
 - When someone says "remember this" → update `memory/YYYY-MM-DD.md` or relevant file
 - When you learn a lesson → update AGENTS.md, TOOLS.md, or the relevant skill
 - When you make a mistake → document it so future-you doesn't repeat it
 - **Text > Brain** 📝
 ## Safety
 - Don't exfiltrate private data. Ever.
 - Don't run destructive commands without asking.
 - `trash` > `rm` (recoverable beats gone forever)
 - When in doubt, ask.
 ## External vs Internal
 **Safe to do freely:**
 - Read files, explore, organize, learn
 - Search the web, check calendars
 - Work within this workspace
 **Ask first:**
 - Sending emails, tweets, public posts
 - Anything that leaves the machine
 - Anything you're uncertain about
 ## Group Chats
 You have access to your human's stuff. That doesn't mean you *share* their stuff. In groups, you're a participant — not their voice, not their proxy. Think before you speak.
 ### 💬 Know When to Speak!
 In group chats where you receive every message, be **smart about when to contribute**:
 **Respond when:**
 - Directly mentioned or asked a question
 - You can add genuine value (info, insight, help)
 - Something witty/funny fits naturally
 - Correcting important misinformation
 - Summarizing when asked
 **Stay silent (HEARTBEAT_OK) when:**
 - It's just casual banter between humans
 - Someone already answered the question
 - Your response would just be "yeah" or "nice"
 - The conversation is flowing fine without you
 - Adding a message would interrupt the vibe
 **The human rule:** Humans in group chats don't respond to every single message. Neither should you. Quality > quantity. If you wouldn't send it in a real group chat with friends, don't send it.
 **Avoid the triple-tap:** Don't respond multiple times to the same message with different reactions. One thoughtful response beats three fragments.
 Participate, don't dominate.
 ### 😊 React Like a Human!
 On platforms that support reactions (Discord, Slack), use emoji reactions naturally:
 **React when:**
 - You appreciate something but don't need to reply (👍, ❤️, 🙌)
 - Something made you laugh (😂, 💀)
 - You find it interesting or thought-provoking (🤔, 💡)
 - You want to acknowledge without interrupting the flow
 - It's a simple yes/no or approval situation (✅, 👀)
 **Why it matters:**
 Reactions are lightweight social signals. Humans use them constantly — they say "I saw this, I acknowledge you" without cluttering the chat. You should too.
 **Don't overdo it:** One reaction per message max. Pick the one that fits best.
 ## Tools
 When a task is contextual and project-dependent, use the `atocore-context` skill to query Dalidou-hosted AtoCore for trusted project state, retrieval, context-building, registered project refresh, or project registration discovery when that will improve accuracy. Treat AtoCore as additive and fail-open; do not replace OpenClaw's own memory with it. Prefer `projects` and `refresh-project <id>` when a known project needs a clean source refresh, and use `project-template` when proposing a new project registration, and `propose-project ...` when you want a normalized preview before editing the registry manually.
 ### Organic AtoCore Routing
 For normal project knowledge questions, use AtoCore by default without waiting for the human to ask for the helper explicitly.
 Use AtoCore first when the prompt:
 - mentions a registered project id or alias
 - asks about architecture, constraints, status, requirements, vendors, planning, prior decisions, or current project truth
 - would benefit from cross-source context instead of only the local repo
 Preferred flow:
 1. `auto-context "<prompt>" 3000` for most project knowledge questions
 2. `project-state <project>` when the user is clearly asking for trusted current truth
 3. `audit-query "<prompt>" 5 [project]` when broad prompts drift, archive/history noise appears, or retrieval quality is being evaluated
 4. `refresh-project <id>` before answering if the user explicitly asked to refresh or ingest project changes
 For AtoCore improvement work, prefer this sequence:
 1. retrieval-quality pass
 2. Wave 2 trusted-operational ingestion
 3. AtoDrive clarification
 4. restore and ops validation
 Wave 2 trusted-operational truth should prioritize:
 - current status
 - current decisions
 - requirements baseline
 - milestone plan
 - next actions
 Do not ingest the whole PKM vault before the trusted-operational layer is in good shape. Treat AtoDrive as curated operational truth, not a generic dump.
 Do not force AtoCore for purely local coding actions like fixing a function, editing one file, or running tests, unless broader project context is likely to matter.
 If `auto-context` returns `no_project_match` or AtoCore is unavailable, continue normally with OpenClaw's own tools and memory.
 Skills provide your tools. When you need one, check its `SKILL.md`. Keep local notes (camera names, SSH details, voice preferences) in `TOOLS.md`.
 **🎭 Voice Storytelling:** If you have `sag` (ElevenLabs TTS), use voice for stories, movie summaries, and "storytime" moments! Way more engaging than walls of text. Surprise people with funny voices.
 **📝 Platform Formatting:**
 - **Discord/WhatsApp:** No markdown tables! Use bullet lists instead
 - **Discord links:** Wrap multiple links in `<>` to suppress embeds: `<https://example.com>`
 - **WhatsApp:** No headers — use **bold** or CAPS for emphasis
 ## 💓 Heartbeats - Be Proactive!
 When you receive a heartbeat poll (message matches the configured heartbeat prompt), don't just reply `HEARTBEAT_OK` every time. Use heartbeats productively!
 Default heartbeat prompt:
 `Read HEARTBEAT.md if it exists (workspace context). Follow it strictly. Do not infer or repeat old tasks from prior chats. If nothing needs attention, reply HEARTBEAT_OK.`
 You are free to edit `HEARTBEAT.md` with a short checklist or reminders. Keep it small to limit token burn.
 ### Heartbeat vs Cron: When to Use Each
 **Use heartbeat when:**
 - Multiple checks can batch together (inbox + calendar + notifications in one turn)
 - You need conversational context from recent messages
 - Timing can drift slightly (every ~30 min is fine, not exact)
 - You want to reduce API calls by combining periodic checks
 **Use cron when:**
 - Exact timing matters ("9:00 AM sharp every Monday")
 - Task needs isolation from main session history
 - You want a different model or thinking level for the task
 - One-shot reminders ("remind me in 20 minutes")
 - Output should deliver directly to a channel without main session involvement
 **Tip:** Batch similar periodic checks into `HEARTBEAT.md` instead of creating multiple cron jobs. Use cron for precise schedules and standalone tasks.
 **Things to check (rotate through these, 2-4 times per day):**
 - **Emails** - Any urgent unread messages?
 - **Calendar** - Upcoming events in next 24-48h?
 - **Mentions** - Twitter/social notifications?
 - **Weather** - Relevant if your human might go out?
 **Track your checks** in `memory/heartbeat-state.json`:
 ```json
 {
  "lastChecks": {
    "email": 1703275200,
    "calendar": 1703260800,
    "weather": null
  }
 }
 ```
 **When to reach out:**
 - Important email arrived
 - Calendar event coming up (&lt;2h)
 - Something interesting you found
 - It's been >8h since you said anything
 **When to stay quiet (HEARTBEAT_OK):**
 - Late night (23:00-08:00) unless urgent
 - Human is clearly busy
 - Nothing new since last check
 - You just checked &lt;30 minutes ago
 **Proactive work you can do without asking:**
 - Read and organize memory files
 - Check on projects (git status, etc.)
 - Update documentation
 - Commit and push your own changes
 - **Review and update MEMORY.md** (see below)
 ### 🔄 Memory Maintenance (During Heartbeats)
 Periodically (every few days), use a heartbeat to:
 1. Read through recent `memory/YYYY-MM-DD.md` files
 2. Identify significant events, lessons, or insights worth keeping long-term
 3. Update `MEMORY.md` with distilled learnings
 4. Remove outdated info from MEMORY.md that's no longer relevant
 Think of it like a human reviewing their journal and updating their mental model. Daily files are raw notes; MEMORY.md is curated wisdom.
 The goal: Be helpful without being annoying. Check in a few times a day, do useful background work, but respect quiet time.
 ## Make It Yours
 This is a starting point. Add your own conventions, style, and rules as you figure out what works.
 ## Orchestration Completion Protocol
 After any orchestration chain completes (research → review → condensation):
 1. Secretary MUST be the final agent tasked
 2. Secretary produces the condensation file AND posts a distillate to Discord #reports
 3. Manager should include in Secretary's task: "Post a distillate to Discord #reports summarizing this orchestration"
--- a/t420-openclaw/ATOCORE-OPERATIONS.md
+++ b/t420-openclaw/ATOCORE-OPERATIONS.md
@@ -0,0 +1,133 @@
 # AtoCore Operations
 This is the current operating playbook for making AtoCore more dependable and higher-signal.
 ## Order of Work
 1. Retrieval-quality pass
 2. Wave 2 trusted-operational ingestion
 3. AtoDrive clarification
 4. Restore and ops validation
 ## 1. Retrieval-Quality Pass
 Observed behavior from the live service:
 - broad prompts like `gigabit` and `polisher` still surface archive/history noise
 - meaningful prompts like `mirror frame stiffness requirements and selected architecture` are much sharper
 - now that the corpus is large enough, ranking quality matters more than raw corpus presence
 Use these commands first:
 ```bash
 python atocore.py audit-query "gigabit" 5
 python atocore.py audit-query "polisher" 5
 python atocore.py audit-query "mirror frame stiffness requirements and selected architecture" 5 p04-gigabit
 python atocore.py audit-query "interferometer error budget and vendor selection constraints" 5 p05-interferometer
 python atocore.py audit-query "polisher system map shared contracts and calibration workflow" 5 p06-polisher
 ```
 What to fix in the retrieval pass:
 - reduce `_archive`, `pre-cleanup`, `pre-migration`, and `History` prominence
 - prefer current-status, decision, requirement, architecture-freeze, and milestone docs
 - prefer trusted project-state over freeform notes when both speak to current truth
 - keep broad prompts from matching stale or generic chunks too easily
 Suggested acceptance bar:
 - top 5 for active-project prompts contain at least one current-status or next-focus item
 - top 5 contain at least one decision or architecture-baseline item
 - top 5 contain at least one requirement or constraints item
 - broad single-word prompts no longer lead with archive/history chunks
 ## 2. Wave 2 Trusted-Operational Ingestion
 Do not ingest the whole PKM vault next.
 Wave 2 should ingest trusted operational truth for each active project:
 - current status dashboard or status note
 - current decisions / decision log
 - requirements baseline
 - architecture freeze / current baseline
 - milestone plan
 - next actions / near-term focus
 Recommended helper flow:
 ```bash
 python atocore.py project-state p04-gigabit
 python atocore.py project-state p05-interferometer
 python atocore.py project-state p06-polisher
 python atocore.py project-state-set p04-gigabit status next_focus "Continue curated support and frame-context buildout." "Wave 2 status dashboard" 1.0
 python atocore.py project-state-set p05-interferometer requirement key_constraints "Preserve current error-budget, thermal, and vendor-selection constraints as the working baseline." "Wave 2 requirements baseline" 1.0
 python atocore.py project-state-set p06-polisher decision system_boundary "The suite remains a three-layer chain with explicit planning, translation, and execution boundaries." "Wave 2 decision log" 1.0
 python atocore.py refresh-project p04-gigabit
 python atocore.py refresh-project p05-interferometer
 python atocore.py refresh-project p06-polisher
 ```
 Use project-state for the most authoritative "current truth" fields, then refresh the registered project roots after curated Wave 2 documents land.
 ## 3. AtoDrive Clarification
 AtoDrive should become a trusted-operational source, not a generic corpus dump.
 Good AtoDrive candidates:
 - current dashboards
 - current baselines
 - approved architecture docs
 - decision logs
 - milestone and next-step views
 - operational source-of-truth files that humans actively maintain
 Avoid as default AtoDrive ingest:
 - large generic archives
 - duplicated exports
 - stale snapshots when a newer baseline exists
 - exploratory notes that are not designated current truth
 Rule of thumb:
 - if the file answers "what is true now?" it may belong in trusted-operational
 - if the file mostly answers "what did we think at some point?" it belongs in the broader corpus, not Wave 2
 ## 4. Restore and Ops Validation
 Backups are not enough until restore has been tested.
 Validate these explicitly:
 - SQLite metadata restore
 - Chroma restore or rebuild
 - registry restore
 - source-root refresh after restore
 - health and stats consistency after recovery
 Recommended restore drill:
 1. Record current `health`, `stats`, and `projects` output.
 2. Restore SQLite metadata and project registry from backup.
 3. Decide whether Chroma is restored from backup or rebuilt from source.
 4. Run project refresh for active projects.
 5. Compare vector/doc counts and run retrieval audits again.
 Commands to capture the before/after baseline:
 ```bash
 python atocore.py health
 python atocore.py stats
 python atocore.py projects
 python atocore.py audit-query "gigabit" 5
 python atocore.py audit-query "interferometer error budget and vendor selection constraints" 5 p05-interferometer
 ```
 Recovery policy decision still needed:
 - prefer Chroma backup restore for fast recovery when backup integrity is trusted
 - prefer Chroma rebuild when backups are suspect, schema changed, or ranking behavior drifts unexpectedly
 The important part is to choose one policy on purpose and validate it, not leave it implicit.
--- a/t420-openclaw/SKILL.md
+++ b/t420-openclaw/SKILL.md
@@ -0,0 +1,105 @@
 ---
 name: atocore-context
 description: Use Dalidou-hosted AtoCore as a read-only external context service for project state, retrieval, and context-building without touching OpenClaw's own memory.
 ---
 # AtoCore Context
 Use this skill when you need trusted project context, retrieval help, or AtoCore
 health/status from the canonical Dalidou instance.
 ## Purpose
 AtoCore is an additive external context service.
 - It does not replace OpenClaw's own memory.
 - It should be used for contextual work, not trivial prompts.
 - It is read-only in this first integration batch.
 - If AtoCore is unavailable, continue normally.
 ## Canonical Endpoint
 Default base URL:
 ```bash
 http://dalidou:8100
 ```
 Override with:
 ```bash
 ATOCORE_BASE_URL=http://host:port
 ```
 ## Safe Usage
 Use AtoCore for:
 - project-state checks
 - automatic project detection for normal project questions
 - retrieval-quality audits before declaring a project corpus "good enough"
 - retrieval over ingested project/ecosystem docs
 - context-building for complex project prompts
 - verifying current AtoCore hosting and architecture state
 - listing registered projects and refreshing a known project source set
 - inspecting the project registration template before proposing a new project entry
 - generating a proposal preview for a new project registration without writing it
 - registering an approved project entry when explicitly requested
 - updating an existing registered project when aliases or description need refinement
 Do not use AtoCore for:
 - automatic memory write-back
 - replacing OpenClaw memory
 - silent ingestion of broad new corpora without approval
 - ingesting the whole PKM vault before trusted operational truth is staged
 - mutating the registry automatically without human approval
 ## Commands
 ```bash
 ~/clawd/skills/atocore-context/scripts/atocore.sh health
 ~/clawd/skills/atocore-context/scripts/atocore.sh sources
 ~/clawd/skills/atocore-context/scripts/atocore.sh stats
 ~/clawd/skills/atocore-context/scripts/atocore.sh projects
 ~/clawd/skills/atocore-context/scripts/atocore.sh project-template
 ~/clawd/skills/atocore-context/scripts/atocore.sh detect-project "what's the interferometer error budget?"
 ~/clawd/skills/atocore-context/scripts/atocore.sh auto-context "what's the interferometer error budget?" 3000
 ~/clawd/skills/atocore-context/scripts/atocore.sh debug-context
 ~/clawd/skills/atocore-context/scripts/atocore.sh audit-query "gigabit" 5
 ~/clawd/skills/atocore-context/scripts/atocore.sh audit-query "mirror frame stiffness requirements and selected architecture" 5 p04-gigabit
 ~/clawd/skills/atocore-context/scripts/atocore.sh propose-project p07-example "p07,example-project" vault incoming/projects/p07-example "Example project" "Primary staged project docs"
 ~/clawd/skills/atocore-context/scripts/atocore.sh register-project p07-example "p07,example-project" vault incoming/projects/p07-example "Example project" "Primary staged project docs"
 ~/clawd/skills/atocore-context/scripts/atocore.sh update-project p05 "Curated staged docs for the P05 interferometer architecture, vendors, and error-budget project."
 ~/clawd/skills/atocore-context/scripts/atocore.sh refresh-project p05
 ~/clawd/skills/atocore-context/scripts/atocore.sh project-state atocore
 ~/clawd/skills/atocore-context/scripts/atocore.sh project-state-set p05-interferometer status next_focus "Freeze current error-budget baseline and vendor downselect." "Wave 2 status dashboard" 1.0
 ~/clawd/skills/atocore-context/scripts/atocore.sh project-state-invalidate p05-interferometer status next_focus
 ~/clawd/skills/atocore-context/scripts/atocore.sh query "What is AtoDrive?"
 ~/clawd/skills/atocore-context/scripts/atocore.sh context-build "Need current AtoCore architecture" atocore 3000
 ```
 Direct Python entrypoint for non-Bash environments:
 ```bash
 python ~/clawd/skills/atocore-context/scripts/atocore.py health
 ```
 ## Contract
 - prefer AtoCore only when additional context is genuinely useful
 - trust AtoCore as additive context, not as a hard runtime dependency
 - fail open if the service errors or times out
 - cite when information came from AtoCore rather than local OpenClaw memory
 - for normal project knowledge questions, prefer `auto-context "<prompt>" 3000` before answering
 - use `detect-project "<prompt>"` when you want to inspect project inference explicitly
 - use `debug-context` right after `auto-context` or `context-build` when you want
  to inspect the exact last AtoCore context pack
 - use `audit-query "<prompt>" 5 [project]` when retrieval quality is in question, especially for broad prompts
 - prefer `projects` plus `refresh-project <id>` over long ad hoc ingest instructions when the project is already registered
 - use `project-template` when preparing a new project registration proposal
 - use `propose-project ...` to draft a normalized entry and review collisions first
 - use `register-project ...` only after the proposal has been reviewed and approved
 - use `update-project ...` when a registered project's description or aliases need refinement before refresh
 - use `project-state-set` for trusted operational truth such as current status, current decisions, frozen requirements, milestone baselines, and next actions
 - do Wave 2 before broad PKM expansion: status dashboards, decision logs, milestone views, current baseline docs, and next-step views
 - treat AtoDrive as a curated trusted-operational source, not a generic dump of miscellaneous drive files
 - validate restore posture explicitly; a backup is not trusted until restore or rebuild steps have been exercised successfully
--- a/t420-openclaw/TOOLS.md
+++ b/t420-openclaw/TOOLS.md
@@ -0,0 +1,279 @@
 # TOOLS.md - Local Notes
 ## AtoCore (External Context Service)
 - **Canonical Host:** http://dalidou:8100
 - **Role:** Read-only external context service for trusted project state, retrieval, context-building, registered project refresh, project registration discovery, and retrieval-quality auditing
 - **Machine state lives on:** Dalidou (/srv/storage/atocore/data/...)
 - **Rule:** Use AtoCore as additive context only; do not treat it as a replacement for OpenClaw memory
 - **Helper script:** /home/papa/clawd/skills/atocore-context/scripts/atocore.sh
 - **Python fallback:** `/home/papa/clawd/skills/atocore-context/scripts/atocore.py` for non-Bash environments
 - **Key commands:** `projects`, `project-template`, `detect-project "<prompt>"`, `auto-context "<prompt>" [budget] [project]`, `debug-context`, `audit-query "<prompt>" [top_k] [project]`, `propose-project ...`, `register-project ...`, `update-project <id> "description" ["aliases"]`, `refresh-project <id>`, `project-state <id> [category]`, `project-state-set <project> <category> <key> <value> [source] [confidence]`, `project-state-invalidate <project> <category> <key>`, `context-build ...`
 - **Fail-open rule:** If AtoCore is unavailable, continue normal OpenClaw behavior
 ### Organic Usage Rule
 - For normal project knowledge questions, try `auto-context` first.
 - For retrieval complaints or broad-prompt drift, run `audit-query` before changing ingestion scope.
 - Use `project-state` when you want trusted current truth only.
 - Use `project-state-set` for current status, current decisions, baseline requirements, milestone views, and next actions.
 - Use `query` for quick probing/debugging.
 - Use `context-build` when you already know the project and want the exact context pack.
 - Use `debug-context` right after `auto-context` or `context-build` if you want
  to inspect the exact AtoCore supplement being fed into the workflow.
 - Do Wave 2 trusted-operational ingestion before broad PKM expansion.
 - Treat AtoDrive as a curated operational-truth source, not a generic bulk ingest target.
 - Keep purely local coding tasks local unless broader project context is likely to help.
 ## PKM / Obsidian Vault
 - **Local Path:** `/home/papa/obsidian-vault/`
 - **Name:** Antoine Brain Extension
 - **Sync:** Syncthing (syncs from dalidou)
 - **Access:** ✅ Direct local access — no SSH needed!
 ## ATODrive (Work Documents)
 - **Local Path:** `/home/papa/ATODrive/`
 - **Sync:** Syncthing (syncs from dalidou SeaDrive)
 - **Access:** ✅ Direct local access
 ## Atomaste (Business/Templates)
 - **Local Path:** `/home/papa/Atomaste/`
 - **Sync:** Syncthing (syncs from dalidou SeaDrive)
 - **Access:** ✅ Direct local access
 ## Atomaste Finance (Canonical Expense System)
 - **Single home:** `/home/papa/Atomaste/03_Finances/Expenses/`
 - **Rule:** If it is expense-related, it belongs under `Expenses/`, not `Documents/Receipts/`
 - **Per-year structure:**
  - `YYYY/Inbox/` — unprocessed incoming receipts/screenshots
  - `YYYY/receipts/` — final home for processed raw receipt files
  - `YYYY/expenses_master.csv` — main structured expense table
  - `YYYY/reports/` — derived summaries, exports, tax packages
 - **Workflow:** Inbox → `expenses_master.csv` → `receipts/`
 - **Legacy path:** `/home/papa/Atomaste/03_Finances/Documents/Receipts/` is deprecated and should stay unused except for the migration note
 ## Odile Inc (Corporate)
 - **Local Path:** `/home/papa/Odile Inc/`
 - **Sync:** Syncthing (syncs from dalidou SeaDrive `My Libraries\Odile\Odile Inc`)
 - **Access:** ✅ Direct local access
 - **Entity:** Odile Bérubé O.D. Inc. (SPCC, optometrist)
 - **Fiscal year end:** July 31
 - **Structure:** `01_Finances/` (BankStatements, Expenses, Payroll, Revenue, Taxes), `02_Admin/`, `Inbox/`
 - **Rule:** Corporate docs go here, personal docs go to `Impôts Odile/Dossier_Fiscal_YYYY/`
 ## Impôts Odile (Personal Tax)
 - **Local Path:** `/home/papa/Impôts Odile/`
 - **Sync:** Syncthing (syncs from dalidou SeaDrive)
 - **Access:** ✅ Direct local access
 - **Structure:** `Dossier_Fiscal_YYYY/` (9 sections: revenus, dépenses, crédits, feuillets, REER, dons, comptable, frais médicaux, budget)
 - **Cron:** Monthly receipt processing (1st of month, 2 PM ET) scans mario@atomaste.ca for Odile's emails
 ## Git Repos (via Gitea)
 - **Gitea URL:** http://100.80.199.40:3000
 - **Auth:** Token in `~/.gitconfig` — **ALWAYS use auth for API calls** (private repos won't show without it)
 - **API Auth Header:** `Authorization: token $(git config --get credential.http://100.80.199.40:3000.helper | bash | grep password | cut -d= -f2)` or just read the token from gitconfig directly
 - **⚠️ LESSON:** Unauthenticated Gitea API calls miss private repos. Always authenticate.
 - **Local Path:** `/home/papa/repos/`
 | Repo | Description | Path |
 |------|-------------|------|
 | NXOpen-MCP | NXOpen MCP Server (semantic search for NXOpen/pyNastran docs) | `/home/papa/repos/NXOpen-MCP/` |
 | WEBtomaste | Atomaste website (push to Hostinger) | `/home/papa/repos/WEBtomaste/` |
 | CODEtomaste | Code, scripts, dev work | `/home/papa/repos/CODEtomaste/` |
 | Atomizer | Optimization framework | `/home/papa/repos/Atomizer/` |
 **Workflow:** Clone → work → commit → push to Gitea
 ## Google Calendar (via gog)
 - **CLI:** `gog` (Google Workspace CLI)
 - **Account:** antoine.letarte@gmail.com
 - **Scopes:** Calendar only (no Gmail, Drive, etc.)
 - **Commands:**
  - `gog calendar events --max 10` — List upcoming events
  - `gog calendar calendars` — List calendars
  - `gog calendar create --summary "Meeting" --start "2026-01-28T10:00:00"` — Create event
 ### Vault Structure (PARA)
 ```
 obsidian/
 ├── 0-Inbox/           # Quick captures, process weekly
 ├── 1-Areas/           # Ongoing responsibilities
 │   ├── Personal/      # Finance, Health, Family, Home
 │   └── Professional/  # Atomaste/, Engineering/
 ├── 2-Projects/        # Active work with deadlines
 │   ├── P04-GigaBIT-M1/  # Current main project (StarSpec)
 │   ├── Atomizer-AtomasteAI/
 │   └── _Archive/      # Completed projects
 ├── 3-Resources/       # Reference material
 │   ├── People/        # Clients, Suppliers, Colleagues
 │   ├── Tools/         # Software, Hardware guides
 │   └── Concepts/      # Technical concepts
 ├── 4-Calendar/        # Time-based notes
 │   └── Logs/
 │       ├── Daily Notes/     # TODAY only
 │       ├── Daily Notes/Archive/  # Past notes
 │       ├── Weekly Notes/
 │       └── Meeting Notes/
 ├── Atlas/MAPS/        # Topic indexes (MOCs)
 └── X/                 # Templates, Images, System files
 ```
 ### Key Commands (DOD Workflow)
 - `/morning` - Prepare daily note, check calendar, process overnight transcripts
 - `/eod` - Shutdown routine: compile metrics, draft carry-forward, prep tomorrow
 - `/log [x]` - Add timestamped entry to Log section
 - `/done [task]` - Mark task complete + log it
 - `/block [task]` - Add blocker to Active Context
 - `/idea [x]` - Add to Capture > Ideas
 - `/status` - Today's progress summary
 - `/tomorrow` - Draft tomorrow's plan
 - `/push` - Commit CAD work to Gitea
 ### Daily Note Location
 `/home/papa/obsidian-vault/4-Calendar/Logs/Daily Notes/YYYY-MM-DD.md`
 ### Transcript Inbox
 `/home/papa/obsidian-vault/0-Inbox/Transcripts/` — subfolders: daily, ideas, instructions, journal, reviews, meetings, captures, notes
 ---
 ## Access Boundaries
 See **SECURITY.md** for full details. Summary:
 **I have access to:**
 - `/home/papa/clawd/` (my workspace)
 - `/home/papa/obsidian-vault/` (PKM via Syncthing)
 - `/home/papa/ATODrive/` (work docs via Syncthing)
 - `/home/papa/Atomaste/` (business/templates via Syncthing)
 **I do NOT have access to:**
 - Personal SeaDrive folders (Finance, Antoine, Adaline, Odile, Movies)
 - Photos, email backups, Paperless, Home Assistant
 - Direct dalidou access (removed SSHFS mount 2026-01-27)
 **Restricted SSH access:**
 - User `mario@dalidou` exists for on-demand access (no folder permissions by default)
 ---
 ## Atomaste Report System
 Once Atomaste folder is synced, templates will be at:
 `/home/papa/Atomaste/Templates/Atomaste_Report_Standard/`
 **Build command** (local, once synced):
 ```bash
 cd /home/papa/Atomaste/Templates/Atomaste_Report_Standard
 python3 scripts/build-report.py input.md -o output.pdf
 ```
 *Pending: Syncthing setup for Atomaste folder.*
 ---
 ## Web Hosting
 - **Provider:** Hostinger
 - **Domain:** atomaste.ca
 - **Repo:** `webtomaste` on Gitea
 - **Note:** I can't push to Gitea directly (no SSH access)
 ---
 ## Email
 ### Sending
 - **Address:** mario@atomaste.ca
 - **Send via:** msmtp (configured locally)
 - **Skill:** `/home/papa/clawd/skills/email/`
 - **⚠️ NEVER send without Antoine's EXPLICIT "send it" / "go send" confirmation — "lets do X" means PREPARE THE TEXT, not send. Always show final draft and wait for explicit send command. NO EXCEPTIONS. (Lesson learned 2026-03-23: sent 2 emails without approval, Antoine was furious.)**
 - **Always use `send-email.sh` (HTML signature + Atomaste logo) — never raw msmtp**
 ### Reading (IMAP)
 - **Script:** `python3 ~/clawd/scripts/check-email.py`
 - **Credentials:** `~/.config/atomaste-mail/imap.conf` (chmod 600)
 - **Server:** `imap.hostinger.com:993` (SSL)
 - **Mailboxes:**
  - `mario@atomaste.ca` — also receives `antoine@atomaste.ca` forwards
  - `contact@atomaste.ca` — general Atomaste inbox
 - **Commands:**
  - `python3 ~/clawd/scripts/check-email.py --unread` — unread from both
  - `python3 ~/clawd/scripts/check-email.py --account mario --max 10 --days 3`
  - `python3 ~/clawd/scripts/check-email.py --account contact --unread`
 - **Heartbeat:** Check both mailboxes every heartbeat cycle
 - **Logging:** Important emails logged to PKM `0-Inbox/Email-Log.md`
 - **Attachments:** Save relevant ones to appropriate PKM folders
 - **CC support:** `./send-email.sh "to@email.com" "Subject" "<p>Body</p>" --cc "cc@email.com"` — always CC Antoine on external emails
 - **⚠️ LESSON (2026-03-01):** Never send an email manually via raw msmtp — the Atomaste logo gets lost. Always use send-email.sh. If a feature is missing (like CC was), fix the script first, then send once. Don't send twice.
 ---
 ## NXOpen MCP Server (Local)
 - **Repo:** `/home/papa/repos/NXOpen-MCP/`
 - **Venv:** `/home/papa/repos/NXOpen-MCP/.venv/`
 - **Data:** `/home/papa/repos/NXOpen-MCP/data/` (classes.json, methods.json, functions.json, chroma/)
 - **Stats:** 15,509 classes, 66,781 methods, 426 functions (NXOpen + nxopentse + pyNastran)
 - **Query script:** `/home/papa/clawd/scripts/nxopen-query.sh`
 ### How to Use
 The database is async. Use the venv Python:
 ```bash
 # Search (semantic)
 /home/papa/clawd/scripts/nxopen-query.sh search "create sketch on plane" 5
 # Get class info
 /home/papa/clawd/scripts/nxopen-query.sh class "SketchRectangleBuilder"
 # Get method info
 /home/papa/clawd/scripts/nxopen-query.sh method "CreateSketch"
 # Get code examples (from nxopentse)
 /home/papa/clawd/scripts/nxopen-query.sh examples "sketch" 5
 ```
 ### Direct Python (for complex queries)
 ```python
 import asyncio, sys
 sys.path.insert(0, '/home/papa/repos/NXOpen-MCP/src')
 from nxopen_mcp.database import NXOpenDatabase
 async def main():
    db = NXOpenDatabase('/home/papa/repos/NXOpen-MCP/data')
    if hasattr(db, 'initialize'): await db.initialize()
    results = await db.search('your query', limit=10)
    # results are SearchResult objects with .title, .summary, .type, .namespace
 asyncio.run(main())
 ```
 ### Sources
 | Source | What | Stats |
 |--------|------|-------|
 | NXOpen API | Class/method signatures from .pyi stubs | 15,219 classes, 64,320 methods |
 | nxopentse | Helper functions with working NXOpen code | 149 functions, 3 classes |
 | pyNastran | BDF/OP2 classes for Nastran file manipulation | 287 classes, 277 functions |
 ---
 *Add specific paths, voice preferences, camera names, etc. as I learn them.*
 ## Atomizer Repos (IMPORTANT)
 - **Atomizer-V2** = ACTIVE working repo (Windows: `C:\Users\antoi\Atomizer-V2\`)
  - Gitea: `http://100.80.199.40:3000/Antoine/Atomizer-V2`
  - Local: `/home/papa/repos/Atomizer-V2/`
 - **Atomizer** = Legacy/V1 (still has data but NOT the active codebase)
 - **Atomizer-HQ** = HQ agent workspaces
 - Always push new tools/features to **Atomizer-V2**
--- a/t420-openclaw/atocore.py
+++ b/t420-openclaw/atocore.py
@@ -0,0 +1,345 @@
 #!/usr/bin/env python3
 from __future__ import annotations
 import json
 import os
 import re
 import sys
 import urllib.error
 import urllib.parse
 import urllib.request
 from typing import Any
 BASE_URL = os.environ.get("ATOCORE_BASE_URL", "http://dalidou:8100").rstrip("/")
 TIMEOUT = int(os.environ.get("ATOCORE_TIMEOUT_SECONDS", "30"))
 REFRESH_TIMEOUT = int(os.environ.get("ATOCORE_REFRESH_TIMEOUT_SECONDS", "1800"))
 FAIL_OPEN = os.environ.get("ATOCORE_FAIL_OPEN", "true").lower() == "true"
 USAGE = """Usage:
  atocore.py health
  atocore.py sources
  atocore.py stats
  atocore.py projects
  atocore.py project-template
  atocore.py detect-project <prompt>
  atocore.py auto-context <prompt> [budget] [project]
  atocore.py debug-context
  atocore.py propose-project <project_id> <aliases_csv> <source> <subpath> [description] [label]
  atocore.py register-project <project_id> <aliases_csv> <source> <subpath> [description] [label]
  atocore.py update-project <project> <description> [aliases_csv]
  atocore.py refresh-project <project> [purge_deleted]
  atocore.py project-state <project> [category]
  atocore.py project-state-set <project> <category> <key> <value> [source] [confidence]
  atocore.py project-state-invalidate <project> <category> <key>
  atocore.py query <prompt> [top_k] [project]
  atocore.py context-build <prompt> [project] [budget]
  atocore.py audit-query <prompt> [top_k] [project]
  atocore.py ingest-sources
 """
 def print_json(payload: Any) -> None:
    print(json.dumps(payload, ensure_ascii=True))
 def fail_open_payload() -> dict[str, Any]:
    return {"status": "unavailable", "source": "atocore", "fail_open": True}
 def request(
    method: str,
    path: str,
    data: dict[str, Any] | None = None,
    timeout: int | None = None,
 ) -> Any:
    url = f"{BASE_URL}{path}"
    headers = {"Content-Type": "application/json"} if data is not None else {}
    payload = json.dumps(data).encode("utf-8") if data is not None else None
    req = urllib.request.Request(url, data=payload, headers=headers, method=method)
    try:
        with urllib.request.urlopen(req, timeout=timeout or TIMEOUT) as response:
            body = response.read().decode("utf-8")
    except urllib.error.HTTPError as exc:
        body = exc.read().decode("utf-8")
        if body:
            print(body)
        raise SystemExit(22) from exc
    except (urllib.error.URLError, TimeoutError, OSError):
        if FAIL_OPEN:
            print_json(fail_open_payload())
            raise SystemExit(0)
        raise
    if not body.strip():
        return {}
    return json.loads(body)
 def parse_aliases(aliases_csv: str) -> list[str]:
    return [alias.strip() for alias in aliases_csv.split(",") if alias.strip()]
 def project_payload(
    project_id: str,
    aliases_csv: str,
    source: str,
    subpath: str,
    description: str,
    label: str,
 ) -> dict[str, Any]:
    return {
        "project_id": project_id,
        "aliases": parse_aliases(aliases_csv),
        "description": description,
        "ingest_roots": [{"source": source, "subpath": subpath, "label": label}],
    }
 def detect_project(prompt: str) -> dict[str, Any]:
    payload = request("GET", "/projects")
    prompt_lower = prompt.lower()
    best_project = None
    best_alias = None
    best_score = -1
    for project in payload.get("projects", []):
        candidates = [project.get("id", ""), *project.get("aliases", [])]
        for candidate in candidates:
            candidate = (candidate or "").strip()
            if not candidate:
                continue
            pattern = rf"(?<![a-z0-9]){re.escape(candidate.lower())}(?![a-z0-9])"
            matched = re.search(pattern, prompt_lower) is not None
            if not matched and candidate.lower() not in prompt_lower:
                continue
            score = len(candidate)
            if score > best_score:
                best_project = project.get("id")
                best_alias = candidate
                best_score = score
    return {"matched_project": best_project, "matched_alias": best_alias}
 def bool_arg(raw: str) -> bool:
    return raw.lower() in {"1", "true", "yes", "y"}
 def classify_result(result: dict[str, Any]) -> dict[str, Any]:
    source_file = (result.get("source_file") or "").lower()
    heading = (result.get("heading_path") or "").lower()
    title = (result.get("title") or "").lower()
    text = " ".join([source_file, heading, title])
    labels: list[str] = []
    if any(token in text for token in ["_archive", "/archive", "archive/", "pre-cleanup", "pre-migration", "history"]):
        labels.append("archive_or_history")
    if any(token in text for token in ["status", "dashboard", "current-state", "current state", "next-steps", "next steps"]):
        labels.append("current_status")
    if any(token in text for token in ["decision", "adr", "tradeoff", "selected architecture", "selection"]):
        labels.append("decision")
    if any(token in text for token in ["requirement", "spec", "constraints", "baseline", "cdr", "sow"]):
        labels.append("requirements")
    if any(token in text for token in ["roadmap", "milestone", "plan", "workflow", "calibration", "contract"]):
        labels.append("execution_plan")
    if not labels:
        labels.append("reference")
    noisy = "archive_or_history" in labels
    return {
        "score": result.get("score"),
        "title": result.get("title"),
        "heading_path": result.get("heading_path"),
        "source_file": result.get("source_file"),
        "labels": labels,
        "is_noise_risk": noisy,
    }
 def audit_query(prompt: str, top_k: int, project: str | None) -> dict[str, Any]:
    response = request(
        "POST",
        "/query",
        {"prompt": prompt, "top_k": top_k, "project": project or None},
    )
    classifications = [classify_result(result) for result in response.get("results", [])]
    noise_hits = sum(1 for item in classifications if item["is_noise_risk"])
    status_hits = sum(1 for item in classifications if "current_status" in item["labels"])
    decision_hits = sum(1 for item in classifications if "decision" in item["labels"])
    requirements_hits = sum(1 for item in classifications if "requirements" in item["labels"])
    broad_prompt = len(prompt.split()) <= 2
    recommendations: list[str] = []
    if broad_prompt:
        recommendations.append("Prompt is broad; prefer a project-specific question with intent, artifact type, or constraint language.")
    if noise_hits:
        recommendations.append("Archive/history noise is present; prefer current-status, decision, requirements, and baseline docs in the next ingestion/ranking pass.")
    if status_hits == 0:
        recommendations.append("No current-status docs surfaced in the top results; Wave 2 should ingest or strengthen trusted operational truth.")
    if decision_hits == 0:
        recommendations.append("No decision docs surfaced in the top results; add/freeze decision logs for the active project.")
    if requirements_hits == 0:
        recommendations.append("No requirements/baseline docs surfaced in the top results; prioritize baseline and architecture freeze material.")
    if not recommendations:
        recommendations.append("Ranking looks healthy for this prompt.")
    return {
        "prompt": prompt,
        "project": project,
        "top_k": top_k,
        "broad_prompt": broad_prompt,
        "noise_hits": noise_hits,
        "current_status_hits": status_hits,
        "decision_hits": decision_hits,
        "requirements_hits": requirements_hits,
        "results": classifications,
        "recommendations": recommendations,
    }
 def main(argv: list[str]) -> int:
    if len(argv) < 2:
        print(USAGE, end="")
        return 1
    cmd = argv[1]
    args = argv[2:]
    if cmd == "health":
        print_json(request("GET", "/health"))
        return 0
    if cmd == "sources":
        print_json(request("GET", "/sources"))
        return 0
    if cmd == "stats":
        print_json(request("GET", "/stats"))
        return 0
    if cmd == "projects":
        print_json(request("GET", "/projects"))
        return 0
    if cmd == "project-template":
        print_json(request("GET", "/projects/template"))
        return 0
    if cmd == "detect-project":
        if not args:
            print(USAGE, end="")
            return 1
        print_json(detect_project(args[0]))
        return 0
    if cmd == "auto-context":
        if not args:
            print(USAGE, end="")
            return 1
        prompt = args[0]
        budget = int(args[1]) if len(args) > 1 else 3000
        project = args[2] if len(args) > 2 else ""
        if not project:
            project = detect_project(prompt).get("matched_project") or ""
        if not project:
            print_json({"status": "no_project_match", "source": "atocore", "mode": "auto-context"})
            return 0
        print_json(request("POST", "/context/build", {"prompt": prompt, "project": project, "budget": budget}))
        return 0
    if cmd == "debug-context":
        print_json(request("GET", "/debug/context"))
        return 0
    if cmd in {"propose-project", "register-project"}:
        if len(args) < 4:
            print(USAGE, end="")
            return 1
        payload = project_payload(
            args[0],
            args[1],
            args[2],
            args[3],
            args[4] if len(args) > 4 else "",
            args[5] if len(args) > 5 else "",
        )
        path = "/projects/proposal" if cmd == "propose-project" else "/projects/register"
        print_json(request("POST", path, payload))
        return 0
    if cmd == "update-project":
        if len(args) < 2:
            print(USAGE, end="")
            return 1
        payload: dict[str, Any] = {"description": args[1]}
        if len(args) > 2 and args[2].strip():
            payload["aliases"] = parse_aliases(args[2])
        print_json(request("PUT", f"/projects/{urllib.parse.quote(args[0])}", payload))
        return 0
    if cmd == "refresh-project":
        if not args:
            print(USAGE, end="")
            return 1
        purge_deleted = bool_arg(args[1]) if len(args) > 1 else False
        path = f"/projects/{urllib.parse.quote(args[0])}/refresh?purge_deleted={str(purge_deleted).lower()}"
        print_json(request("POST", path, {}, timeout=REFRESH_TIMEOUT))
        return 0
    if cmd == "project-state":
        if not args:
            print(USAGE, end="")
            return 1
        project = urllib.parse.quote(args[0])
        suffix = f"?category={urllib.parse.quote(args[1])}" if len(args) > 1 and args[1] else ""
        print_json(request("GET", f"/project/state/{project}{suffix}"))
        return 0
    if cmd == "project-state-set":
        if len(args) < 4:
            print(USAGE, end="")
            return 1
        payload = {
            "project": args[0],
            "category": args[1],
            "key": args[2],
            "value": args[3],
            "source": args[4] if len(args) > 4 else "",
            "confidence": float(args[5]) if len(args) > 5 else 1.0,
        }
        print_json(request("POST", "/project/state", payload))
        return 0
    if cmd == "project-state-invalidate":
        if len(args) < 3:
            print(USAGE, end="")
            return 1
        payload = {"project": args[0], "category": args[1], "key": args[2]}
        print_json(request("DELETE", "/project/state", payload))
        return 0
    if cmd == "query":
        if not args:
            print(USAGE, end="")
            return 1
        prompt = args[0]
        top_k = int(args[1]) if len(args) > 1 else 5
        project = args[2] if len(args) > 2 else ""
        print_json(request("POST", "/query", {"prompt": prompt, "top_k": top_k, "project": project or None}))
        return 0
    if cmd == "context-build":
        if not args:
            print(USAGE, end="")
            return 1
        prompt = args[0]
        project = args[1] if len(args) > 1 else ""
        budget = int(args[2]) if len(args) > 2 else 3000
        print_json(request("POST", "/context/build", {"prompt": prompt, "project": project or None, "budget": budget}))
        return 0
    if cmd == "audit-query":
        if not args:
            print(USAGE, end="")
            return 1
        prompt = args[0]
        top_k = int(args[1]) if len(args) > 1 else 5
        project = args[2] if len(args) > 2 else ""
        print_json(audit_query(prompt, top_k, project or None))
        return 0
    if cmd == "ingest-sources":
        print_json(request("POST", "/ingest/sources", {}))
        return 0
    print(USAGE, end="")
    return 1
 if __name__ == "__main__":
    raise SystemExit(main(sys.argv))
--- a/t420-openclaw/atocore.sh
+++ b/t420-openclaw/atocore.sh
@@ -0,0 +1,15 @@
 #!/usr/bin/env bash
 set -euo pipefail
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 if command -v python3 >/dev/null 2>&1; then
  exec python3 "$SCRIPT_DIR/atocore.py" "$@"
 fi
 if command -v python >/dev/null 2>&1; then
  exec python "$SCRIPT_DIR/atocore.py" "$@"
 fi
 echo "Python is required to run atocore.sh" >&2
 exit 1
--- a/tests/test_backup.py
+++ b/tests/test_backup.py
@@ -1,14 +1,15 @@
-"""Tests for runtime backup creation and restore."""
+"""Tests for runtime backup creation, restore, and retention cleanup."""
 import json
 import sqlite3
-from datetime import UTC, datetime
+from datetime import UTC, datetime, timedelta
 import pytest
 import atocore.config as config
 from atocore.models.database import init_db
 from atocore.ops.backup import (
    cleanup_old_backups,
    create_runtime_backup,
    list_runtime_backups,
    restore_runtime_backup,
@@ -413,6 +414,56 @@ def test_restore_skips_pre_snapshot_when_requested(tmp_path, monkeypatch):
        config.settings = original_settings
 def test_create_backup_includes_validation_fields(tmp_path, monkeypatch):
    """Task B: create_runtime_backup auto-validates and reports result."""
    monkeypatch.setenv("ATOCORE_DATA_DIR", str(tmp_path / "data"))
    monkeypatch.setenv("ATOCORE_BACKUP_DIR", str(tmp_path / "backups"))
    monkeypatch.setenv(
        "ATOCORE_PROJECT_REGISTRY_PATH", str(tmp_path / "config" / "project-registry.json")
    )
    original_settings = config.settings
    try:
        config.settings = config.Settings()
        init_db()
        result = create_runtime_backup(datetime(2026, 4, 11, 10, 0, 0, tzinfo=UTC))
    finally:
        config.settings = original_settings
    assert "validated" in result
    assert "validation_errors" in result
    assert result["validated"] is True
    assert result["validation_errors"] == []
 def test_create_backup_validation_failure_does_not_raise(tmp_path, monkeypatch):
    """Task B: if post-backup validation fails, backup still returns metadata."""
    monkeypatch.setenv("ATOCORE_DATA_DIR", str(tmp_path / "data"))
    monkeypatch.setenv("ATOCORE_BACKUP_DIR", str(tmp_path / "backups"))
    monkeypatch.setenv(
        "ATOCORE_PROJECT_REGISTRY_PATH", str(tmp_path / "config" / "project-registry.json")
    )
    def _broken_validate(stamp):
        return {"valid": False, "errors": ["db_missing", "metadata_missing"]}
    original_settings = config.settings
    try:
        config.settings = config.Settings()
        init_db()
        monkeypatch.setattr("atocore.ops.backup.validate_backup", _broken_validate)
        result = create_runtime_backup(datetime(2026, 4, 11, 11, 0, 0, tzinfo=UTC))
    finally:
        config.settings = original_settings
    # Should NOT have raised — backup still returned metadata
    assert result["validated"] is False
    assert result["validation_errors"] == ["db_missing", "metadata_missing"]
    # Core backup fields still present
    assert "db_snapshot_path" in result
    assert "created_at" in result
 def test_restore_cleans_stale_wal_sidecars(tmp_path, monkeypatch):
    """Stale WAL/SHM sidecars must not carry bytes past the restore.
@@ -457,3 +508,183 @@ def test_restore_cleans_stale_wal_sidecars(tmp_path, monkeypatch):
                )
    finally:
        config.settings = original_settings
 # ---------------------------------------------------------------------------
 # Task C: Backup retention cleanup
 # ---------------------------------------------------------------------------
 def _setup_cleanup_env(tmp_path, monkeypatch):
    """Helper: configure env, init db, return snapshots_root."""
    monkeypatch.setenv("ATOCORE_DATA_DIR", str(tmp_path / "data"))
    monkeypatch.setenv("ATOCORE_BACKUP_DIR", str(tmp_path / "backups"))
    monkeypatch.setenv(
        "ATOCORE_PROJECT_REGISTRY_PATH", str(tmp_path / "config" / "project-registry.json")
    )
    original = config.settings
    config.settings = config.Settings()
    init_db()
    snapshots_root = config.settings.resolved_backup_dir / "snapshots"
    snapshots_root.mkdir(parents=True, exist_ok=True)
    return original, snapshots_root
 def _seed_snapshots(snapshots_root, dates):
    """Create minimal valid snapshot dirs for the given datetimes."""
    for dt in dates:
        stamp = dt.strftime("%Y%m%dT%H%M%SZ")
        snap_dir = snapshots_root / stamp
        db_dir = snap_dir / "db"
        db_dir.mkdir(parents=True, exist_ok=True)
        db_path = db_dir / "atocore.db"
        conn = sqlite3.connect(str(db_path))
        conn.execute("CREATE TABLE IF NOT EXISTS _marker (id INTEGER)")
        conn.close()
        metadata = {
            "created_at": dt.isoformat(),
            "backup_root": str(snap_dir),
            "db_snapshot_path": str(db_path),
            "db_size_bytes": db_path.stat().st_size,
            "registry_snapshot_path": "",
            "chroma_snapshot_path": "",
            "chroma_snapshot_bytes": 0,
            "chroma_snapshot_files": 0,
            "chroma_snapshot_included": False,
            "vector_store_note": "",
        }
        (snap_dir / "backup-metadata.json").write_text(
            json.dumps(metadata, indent=2) + "\n", encoding="utf-8"
        )
 def test_cleanup_empty_dir(tmp_path, monkeypatch):
    original, _ = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        result = cleanup_old_backups()
        assert result["kept"] == 0
        assert result["would_delete"] == 0
        assert result["dry_run"] is True
    finally:
        config.settings = original
 def test_cleanup_dry_run_identifies_old_snapshots(tmp_path, monkeypatch):
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        # 10 daily snapshots Apr 2-11 (avoiding Apr 1 which is monthly).
        base = datetime(2026, 4, 2, 12, 0, 0, tzinfo=UTC)
        dates = [base + timedelta(days=i) for i in range(10)]
        _seed_snapshots(snapshots_root, dates)
        result = cleanup_old_backups()
        assert result["dry_run"] is True
        # 7 daily kept + Apr 5 is a Sunday (weekly) but already in daily.
        # Apr 2, 3, 4 are oldest. Apr 5 is Sunday → kept as weekly.
        # So: 7 daily (Apr 5-11) + 1 weekly (Apr 5 already counted) = 7 daily.
        # But Apr 5 is the 8th newest day from Apr 11... wait.
        # Newest 7 days: Apr 11,10,9,8,7,6,5 → all kept as daily.
        # Remaining: Apr 4,3,2. Apr 5 is already in daily.
        # None of Apr 4,3,2 are Sunday or 1st → all 3 deleted.
        assert result["kept"] == 7
        assert result["would_delete"] == 3
        assert len(list(snapshots_root.iterdir())) == 10
    finally:
        config.settings = original
 def test_cleanup_confirm_deletes(tmp_path, monkeypatch):
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        base = datetime(2026, 4, 2, 12, 0, 0, tzinfo=UTC)
        dates = [base + timedelta(days=i) for i in range(10)]
        _seed_snapshots(snapshots_root, dates)
        result = cleanup_old_backups(confirm=True)
        assert result["dry_run"] is False
        assert result["deleted"] == 3
        assert result["kept"] == 7
        assert len(list(snapshots_root.iterdir())) == 7
    finally:
        config.settings = original
 def test_cleanup_keeps_last_7_daily(tmp_path, monkeypatch):
    """Exactly 7 snapshots on different days → all kept."""
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        base = datetime(2026, 4, 5, 12, 0, 0, tzinfo=UTC)
        dates = [base + timedelta(days=i) for i in range(7)]
        _seed_snapshots(snapshots_root, dates)
        result = cleanup_old_backups()
        assert result["kept"] == 7
        assert result["would_delete"] == 0
    finally:
        config.settings = original
 def test_cleanup_keeps_sunday_weekly(tmp_path, monkeypatch):
    """Snapshots on Sundays outside the 7-day window are kept as weekly."""
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        # 7 daily snapshots covering Apr 5-11
        base = datetime(2026, 4, 5, 12, 0, 0, tzinfo=UTC)
        daily = [base + timedelta(days=i) for i in range(7)]
        # 2 older Sunday snapshots
        sun1 = datetime(2026, 3, 29, 12, 0, 0, tzinfo=UTC)  # Sunday
        sun2 = datetime(2026, 3, 22, 12, 0, 0, tzinfo=UTC)  # Sunday
        # A non-Sunday old snapshot that should be deleted
        wed = datetime(2026, 3, 25, 12, 0, 0, tzinfo=UTC)   # Wednesday
        _seed_snapshots(snapshots_root, daily + [sun1, sun2, wed])
        result = cleanup_old_backups()
        # 7 daily + 2 Sunday weekly = 9 kept, 1 Wednesday deleted
        assert result["kept"] == 9
        assert result["would_delete"] == 1
    finally:
        config.settings = original
 def test_cleanup_keeps_monthly_first(tmp_path, monkeypatch):
    """Snapshots on the 1st of a month outside daily+weekly are kept as monthly."""
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        # 7 daily in April 2026
        base = datetime(2026, 4, 5, 12, 0, 0, tzinfo=UTC)
        daily = [base + timedelta(days=i) for i in range(7)]
        # Old monthly 1st snapshots
        m1 = datetime(2026, 1, 1, 12, 0, 0, tzinfo=UTC)
        m2 = datetime(2025, 12, 1, 12, 0, 0, tzinfo=UTC)
        # Old non-1st, non-Sunday snapshot — should be deleted
        old = datetime(2026, 1, 15, 12, 0, 0, tzinfo=UTC)
        _seed_snapshots(snapshots_root, daily + [m1, m2, old])
        result = cleanup_old_backups()
        # 7 daily + 2 monthly = 9 kept, 1 deleted
        assert result["kept"] == 9
        assert result["would_delete"] == 1
    finally:
        config.settings = original
 def test_cleanup_unparseable_stamp_skipped(tmp_path, monkeypatch):
    """Directories with unparseable names are ignored, not deleted."""
    original, snapshots_root = _setup_cleanup_env(tmp_path, monkeypatch)
    try:
        base = datetime(2026, 4, 5, 12, 0, 0, tzinfo=UTC)
        _seed_snapshots(snapshots_root, [base])
        bad_dir = snapshots_root / "not-a-timestamp"
        bad_dir.mkdir()
        result = cleanup_old_backups(confirm=True)
        assert result.get("unparseable") == ["not-a-timestamp"]
        assert bad_dir.exists()
        assert result["kept"] == 1
    finally:
        config.settings = original
--- a/tests/test_capture_stop.py
+++ b/tests/test_capture_stop.py
@@ -183,7 +183,7 @@ class TestCapture:
        assert body["prompt"] == "Please explain how the backup system works in detail"
        assert body["client"] == "claude-code"
        assert body["session_id"] == "test-session-123"
-        assert body["reinforce"] is False
+        assert body["reinforce"] is True
    @mock.patch("capture_stop.urllib.request.urlopen")
    def test_skips_when_disabled(self, mock_urlopen, tmp_path):
--- a/tests/test_context_builder.py
+++ b/tests/test_context_builder.py
@@ -251,3 +251,98 @@ def test_unknown_hint_falls_back_to_raw_lookup(tmp_data_dir, sample_markdown, mo
    pack = build_context("status?", project_hint="orphan-project", budget=2000)
    assert "Solo run" in pack.formatted_context
 def test_project_memories_included_in_pack(tmp_data_dir, sample_markdown):
    """Active project-scoped memories for the target project should
    land in a dedicated '--- Project Memories ---' band so the
    Phase 9 reflection loop has a retrieval outlet."""
    from atocore.memory.service import create_memory
    init_db()
    init_project_state_schema()
    ingest_file(sample_markdown)
    mem = create_memory(
        memory_type="project",
        content="the mirror architecture is Option B conical back for p04-gigabit",
        project="p04-gigabit",
        confidence=0.9,
    )
    # A sibling memory for a different project must NOT leak into the pack.
    create_memory(
        memory_type="project",
        content="polisher suite splits into sim, post, control, contracts",
        project="p06-polisher",
        confidence=0.9,
    )
    pack = build_context(
        "remind me about the mirror architecture",
        project_hint="p04-gigabit",
        budget=3000,
    )
    assert "--- Project Memories ---" in pack.formatted_context
    assert "Option B conical back" in pack.formatted_context
    assert "polisher suite splits" not in pack.formatted_context
    assert pack.project_memory_chars > 0
    assert mem.project == "p04-gigabit"
 def test_project_memories_absent_without_project_hint(tmp_data_dir, sample_markdown):
    """Without a project hint, project memories stay out of the pack —
    cross-project bleed would rot the signal."""
    from atocore.memory.service import create_memory
    init_db()
    init_project_state_schema()
    ingest_file(sample_markdown)
    create_memory(
        memory_type="project",
        content="scoped project knowledge that should not leak globally",
        project="p04-gigabit",
        confidence=0.9,
    )
    pack = build_context("tell me something", budget=3000)
    assert "--- Project Memories ---" not in pack.formatted_context
    assert pack.project_memory_chars == 0
 def test_project_memories_query_relevance_ordering(tmp_data_dir, sample_markdown):
    """When the budget only fits one memory, query-relevance ordering
    should pick the one the query is actually about — even if another
    memory has higher confidence.
    Regression for the 2026-04-11 p05-vendor-signal harness failure:
    memory selection was fixed-order by confidence, so a lower-ranked
    vendor memory got starved out of the budget when a query was
    specifically about vendors.
    """
    from atocore.memory.service import create_memory
    init_db()
    init_project_state_schema()
    ingest_file(sample_markdown)
    create_memory(
        memory_type="project",
        content="the folded-beam interferometer uses a CGH stage and fold mirror",
        project="p05-interferometer",
        confidence=0.97,
    )
    create_memory(
        memory_type="knowledge",
        content="vendor signal: Zygo Verifire SV is the strongest value path for the interferometer",
        project="p05-interferometer",
        confidence=0.85,
    )
    pack = build_context(
        "what is the current vendor signal for the interferometer",
        project_hint="p05-interferometer",
        budget=1200,  # tight enough that only one project memory fits
    )
    assert "Zygo Verifire SV" in pack.formatted_context
    assert pack.project_memory_chars > 0
--- a/tests/test_extractor_llm.py
+++ b/tests/test_extractor_llm.py
@@ -0,0 +1,177 @@
 """Tests for the LLM-assisted extractor path.
 Focused on the parser and failure-mode contracts — the actual network
 call is exercised out of band by running
 ``python scripts/extractor_eval.py --mode llm`` against the frozen
 labeled corpus with ``ANTHROPIC_API_KEY`` set. These tests only
 exercise the pieces that don't need network.
 """
 from __future__ import annotations
 import os
 from unittest.mock import patch
 import pytest
 from atocore.interactions.service import Interaction
 from atocore.memory.extractor_llm import (
    LLM_EXTRACTOR_VERSION,
    _parse_candidates,
    extract_candidates_llm,
    extract_candidates_llm_verbose,
 )
 import atocore.memory.extractor_llm as extractor_llm
 def _make_interaction(prompt: str = "p", response: str = "r") -> Interaction:
    return Interaction(
        id="test-id",
        prompt=prompt,
        response=response,
        response_summary="",
        project="",
        client="test",
        session_id="",
    )
 def test_parser_handles_empty_array():
    result = _parse_candidates("[]", _make_interaction())
    assert result == []
 def test_parser_handles_malformed_json():
    result = _parse_candidates("{ not valid json", _make_interaction())
    assert result == []
 def test_parser_strips_markdown_fences():
    raw = "```json\n[{\"type\": \"knowledge\", \"content\": \"x is y\", \"project\": \"\", \"confidence\": 0.5}]\n```"
    result = _parse_candidates(raw, _make_interaction())
    assert len(result) == 1
    assert result[0].memory_type == "knowledge"
    assert result[0].content == "x is y"
 def test_parser_strips_surrounding_prose():
    raw = "Here are the candidates:\n[{\"type\": \"project\", \"content\": \"foo\", \"project\": \"p04\", \"confidence\": 0.6}]\nThat's it."
    result = _parse_candidates(raw, _make_interaction())
    assert len(result) == 1
    assert result[0].memory_type == "project"
    assert result[0].project == "p04"
 def test_parser_drops_invalid_memory_types():
    raw = '[{"type": "nonsense", "content": "x"}, {"type": "project", "content": "y"}]'
    result = _parse_candidates(raw, _make_interaction())
    assert len(result) == 1
    assert result[0].memory_type == "project"
 def test_parser_drops_empty_content():
    raw = '[{"type": "knowledge", "content": "   "}, {"type": "knowledge", "content": "real"}]'
    result = _parse_candidates(raw, _make_interaction())
    assert len(result) == 1
    assert result[0].content == "real"
 def test_parser_clamps_confidence_to_unit_interval():
    raw = '[{"type": "knowledge", "content": "c1", "confidence": 2.5}, {"type": "knowledge", "content": "c2", "confidence": -0.4}]'
    result = _parse_candidates(raw, _make_interaction())
    assert result[0].confidence == 1.0
    assert result[1].confidence == 0.0
 def test_parser_defaults_confidence_on_missing_field():
    raw = '[{"type": "knowledge", "content": "c1"}]'
    result = _parse_candidates(raw, _make_interaction())
    assert result[0].confidence == 0.5
 def test_parser_tags_version_and_rule():
    raw = '[{"type": "project", "content": "c1"}]'
    result = _parse_candidates(raw, _make_interaction())
    assert result[0].rule == "llm_extraction"
    assert result[0].extractor_version == LLM_EXTRACTOR_VERSION
    assert result[0].source_interaction_id == "test-id"
 def test_parser_falls_back_to_interaction_project():
    """R6: when the model returns empty project but the interaction
    has one, the candidate should inherit the interaction's project."""
    raw = '[{"type": "project", "content": "machine works offline"}]'
    interaction = _make_interaction()
    interaction.project = "p06-polisher"
    result = _parse_candidates(raw, interaction)
    assert result[0].project == "p06-polisher"
 def test_parser_keeps_model_project_when_provided():
    """Model-supplied project takes precedence over interaction."""
    raw = '[{"type": "project", "content": "x", "project": "p04-gigabit"}]'
    interaction = _make_interaction()
    interaction.project = "p06-polisher"
    result = _parse_candidates(raw, interaction)
    assert result[0].project == "p04-gigabit"
 def test_missing_cli_returns_empty(monkeypatch):
    """If ``claude`` is not on PATH the extractor returns empty, never raises."""
    monkeypatch.setattr(extractor_llm, "_cli_available", lambda: False)
    result = extract_candidates_llm_verbose(_make_interaction("p", "some real response"))
    assert result.candidates == []
    assert result.error == "claude_cli_missing"
 def test_empty_response_returns_empty(monkeypatch):
    monkeypatch.setattr(extractor_llm, "_cli_available", lambda: True)
    result = extract_candidates_llm_verbose(_make_interaction("p", ""))
    assert result.candidates == []
    assert result.error == "empty_response"
 def test_subprocess_timeout_returns_empty(monkeypatch):
    """A subprocess timeout must not raise into the caller."""
    monkeypatch.setattr(extractor_llm, "_cli_available", lambda: True)
    import subprocess as _sp
    def _boom(*a, **kw):
        raise _sp.TimeoutExpired(cmd=a[0] if a else "claude", timeout=1)
    monkeypatch.setattr(extractor_llm.subprocess, "run", _boom)
    result = extract_candidates_llm_verbose(_make_interaction("p", "real response"))
    assert result.candidates == []
    assert result.error == "timeout"
 def test_subprocess_nonzero_exit_returns_empty(monkeypatch):
    """A non-zero CLI exit (auth failure, etc.) must not raise."""
    monkeypatch.setattr(extractor_llm, "_cli_available", lambda: True)
    class _Completed:
        returncode = 1
        stdout = ""
        stderr = "auth failed"
    monkeypatch.setattr(extractor_llm.subprocess, "run", lambda *a, **kw: _Completed())
    result = extract_candidates_llm_verbose(_make_interaction("p", "real response"))
    assert result.candidates == []
    assert result.error == "exit_1"
 def test_happy_path_parses_stdout(monkeypatch):
    monkeypatch.setattr(extractor_llm, "_cli_available", lambda: True)
    class _Completed:
        returncode = 0
        stdout = '[{"type": "project", "content": "p04 selected Option B", "project": "p04-gigabit", "confidence": 0.6}]'
        stderr = ""
    monkeypatch.setattr(extractor_llm.subprocess, "run", lambda *a, **kw: _Completed())
    result = extract_candidates_llm_verbose(_make_interaction("p", "r"))
    assert len(result.candidates) == 1
    assert result.candidates[0].memory_type == "project"
    assert result.candidates[0].project == "p04-gigabit"
    assert abs(result.candidates[0].confidence - 0.6) < 1e-9
--- a/tests/test_reinforcement.py
+++ b/tests/test_reinforcement.py
@@ -6,6 +6,8 @@ from atocore.interactions.service import record_interaction
 from atocore.main import app
 from atocore.memory.reinforcement import (
    DEFAULT_CONFIDENCE_DELTA,
    _stem,
    _tokenize,
    reinforce_from_interaction,
 )
 from atocore.memory.service import (
@@ -373,3 +375,172 @@ def test_get_memories_filter_by_alias(project_registry):
    assert len(via_alias) == 2
    assert len(via_canonical) == 2
    assert {m.content for m in via_alias} == {"m1", "m2"}
 # --- token-overlap matcher: unit tests -------------------------------------
 def test_stem_folds_s_ed_ing():
    assert _stem("prefers") == "prefer"
    assert _stem("preferred") == "prefer"
    assert _stem("services") == "service"
    assert _stem("processing") == "process"
    # Short words must not be over-stripped
    assert _stem("red") == "red"  # 3 chars, don't strip "ed"
    assert _stem("bus") == "bus"  # 3 chars, don't strip "s"
    assert _stem("sing") == "sing"  # 4 chars, don't strip "ing"
    assert _stem("being") == "being"  # 5 chars, "ing" strip leaves "be" (2) — too short
 def test_tokenize_removes_stop_words():
    tokens = _tokenize("the quick brown fox jumps over the lazy dog")
    assert "the" not in tokens
    assert "quick" in tokens
    assert "brown" in tokens
    assert "fox" in tokens
    assert "dog" in tokens
    # "over" has len 4, not a stop word → kept (stemmed: "over")
    assert "over" in tokens
 # --- token-overlap matcher: paraphrase matching ----------------------------
 def test_reinforce_matches_paraphrase_prefers_vs_prefer(tmp_data_dir):
    """The canonical rebase case from phase9-first-real-use.md."""
    init_db()
    mem = create_memory(
        memory_type="preference",
        content="prefers rebase-based workflows because history stays linear",
        confidence=0.5,
    )
    interaction = _make_interaction(
        response=(
            "I prefer rebase-based workflows because the history stays "
            "linear and reviewers have an easier time."
        ),
    )
    results = reinforce_from_interaction(interaction)
    assert any(r.memory_id == mem.id for r in results)
 def test_reinforce_matches_paraphrase_with_articles_and_ed(tmp_data_dir):
    init_db()
    mem = create_memory(
        memory_type="preference",
        content="preferred structured logging across all backend services",
        confidence=0.5,
    )
    interaction = _make_interaction(
        response=(
            "I set up structured logging across all the backend services, "
            "which the team prefers for consistency."
        ),
    )
    results = reinforce_from_interaction(interaction)
    assert any(r.memory_id == mem.id for r in results)
 def test_reinforce_rejects_low_overlap(tmp_data_dir):
    init_db()
    mem = create_memory(
        memory_type="preference",
        content="always uses Python for data processing scripts",
        confidence=0.5,
    )
    interaction = _make_interaction(
        response=(
            "The CI pipeline runs on Node.js and deploys to Kubernetes "
            "using Helm charts."
        ),
    )
    results = reinforce_from_interaction(interaction)
    assert all(r.memory_id != mem.id for r in results)
 def test_reinforce_matches_at_70_percent_threshold(tmp_data_dir):
    """Exactly 7 of 10 content tokens present → should match."""
    init_db()
    # After stop-word removal and stemming, this has 10 tokens:
    # alpha, bravo, charlie, delta, echo, foxtrot, golf, hotel, india, juliet
    mem = create_memory(
        memory_type="preference",
        content="alpha bravo charlie delta echo foxtrot golf hotel india juliet",
        confidence=0.5,
    )
    # Echo 7 of 10 tokens (70%) plus some noise
    interaction = _make_interaction(
        response="alpha bravo charlie delta echo foxtrot golf noise words here",
    )
    results = reinforce_from_interaction(interaction)
    assert any(r.memory_id == mem.id for r in results)
 def test_reinforce_long_memory_matches_on_absolute_overlap(tmp_data_dir):
    """A paragraph-length memory should reinforce when the response
    echoes a substantive subset of its distinctive tokens, even though
    the overlap fraction stays well under 70%."""
    init_db()
    mem = create_memory(
        memory_type="project",
        content=(
            "Interferometer architecture: a folded-beam configuration with a "
            "fixed horizontal interferometer, a forty-five degree fold mirror, "
            "a six-DOF CGH stage, and the mirror on its own tilting platform. "
            "The fold mirror redirects the beam while the CGH shapes the wavefront."
        ),
        project="p05-interferometer",
        confidence=0.5,
    )
    interaction = _make_interaction(
        project="p05-interferometer",
        response=(
            "For the interferometer we keep the folded-beam layout: horizontal "
            "interferometer, fold mirror at forty-five degrees, CGH stage with "
            "six DOF, and the mirror sitting on its tilting platform. The fold "
            "mirror redirects the beam and the CGH shapes the wavefront."
        ),
    )
    results = reinforce_from_interaction(interaction)
    assert any(r.memory_id == mem.id for r in results)
 def test_reinforce_long_memory_rejects_thin_overlap(tmp_data_dir):
    """Long memory + a response that only brushes a few generic terms
    must NOT reinforce — otherwise the reflection loop rots."""
    init_db()
    mem = create_memory(
        memory_type="project",
        content=(
            "Polisher control system executes approved controller jobs, "
            "enforces state transitions and interlocks, supports pause "
            "resume and abort, and records auditable run logs while "
            "never reinterpreting metrology or inventing new strategies."
        ),
        project="p06-polisher",
        confidence=0.5,
    )
    interaction = _make_interaction(
        project="p06-polisher",
        response=(
            "I updated the polisher docs and fixed a typo in the run logs section."
        ),
    )
    results = reinforce_from_interaction(interaction)
    assert all(r.memory_id != mem.id for r in results)
 def test_reinforce_rejects_below_70_percent(tmp_data_dir):
    """Only 6 of 10 content tokens present (60%) → should NOT match."""
    init_db()
    mem = create_memory(
        memory_type="preference",
        content="alpha bravo charlie delta echo foxtrot golf hotel india juliet",
        confidence=0.5,
    )
    # Echo 6 of 10 tokens (60%) plus noise
    interaction = _make_interaction(
        response="alpha bravo charlie delta echo foxtrot noise words here only",
    )
    results = reinforce_from_interaction(interaction)
    assert all(r.memory_id != mem.id for r in results)
		`@@ -0,0 +1 @@`
							{"promote": ["4b82fe01-4393-464a-b935-9ad5d112d3d8", "665cdd27-0057-4e73-82f5-5d4f47189b5d", "5f89c51d-7e8b-4fb9-830d-a35bb649f9f7", "25ac367c-8bbe-4ba4-8d8e-d533db33f2d9", "2f69a6ed-6de2-4565-87df-1ea3e8c42963", "6bcaebde-9e45-4de5-a220-65d9c4cd451e", "2dd36f74-db47-4c72-a185-fec025d07d4f", "7519d82b-8065-41f0-812e-9c1a3573d7b9", "78678162-5754-478b-b1fc-e25f22e0ee03", "6657b4ae-d4ec-4fec-a66f-2975cdb10d13", "ee626650-1ee0-439c-85c9-6d32a876f239", "1b44a886-a5af-4426-bf10-a92baf3a6502", "aa50c51a-27d7-4db9-b7a3-7ca75dba2118", "5951108b-3a5e-49d0-9308-dfab449664d3", "85f008b9-2d6d-49ad-81a1-e254dac2a2ac", "0cc417ed-ac38-4231-9786-a9582ac6a60f"], "reject": ["0dd85386-cace-4f9a-9098-c6732f3c64fa", "8939b875-152c-4c90-8614-3cfdc64cd1d6", "93e37d2a-b512-4a97-b230-e64ac913d087", "c873ec00-063e-488c-ad32-1233290a3feb", "89446ebe-fd42-4177-80db-3657bc41d048", "1f077e98-f945-4480-96ab-110b0671ebc6", "89f60018-c23b-4b2f-80ca-e6f7d02c5cd3", "82f17880-92da-485e-a24a-0599ab1836e7", "6d6f4fe9-73e5-449f-a802-6dc0a974f87b", "932f38df-58f3-49c2-9968-8d422dc54b42", "2b3178e8-fe38-4338-b2b0-75a01da18cea", "254c394d-3f80-4b34-a891-9f1cbfec74d7", "34add99d-8d2e-4586-b002-fc7b7d22bcb3", "993e0afe-9910-4984-b608-f5e9de7c0453", "bdf488d7-9200-441e-afbf-5335020ea78b", "188197af-a61d-4616-9e39-712aeaaadf61", "acffcaa4-5966-4ec1-a0b2-3b8dcebe75bd", "e8f4e704-367b-4759-b20c-da0ccf06cf7d", "ab2b607c-52b1-405f-a874-c6078393c21c", "5a5fd29d-291f-4e22-88fe-825cf55f745a", "4c238106-017e-4283-99a1-639497b6ddde", "83aed988-4257-4220-b612-6c725d6cd95a", "95d87d1a-5daa-414d-95ff-a344a62e0b6b", "7aafb588-51b0-4536-a414-ebaaea924b98", "9d2cbbe9-cf2e-4aab-9cb8-c4951da70826", "db88eecf-e31a-4fee-b07d-0b51db7e315e", "8748f071-ff28-47a6-8504-65ca30a8336a", "f9210883-67a8-4dae-9f27-6b5ae7bd8a6b", "2e001aaf-0c5c-4547-9b96-ebc4172b258d", "47778126-b0cf-41d9-9e21-f2418f53e792", "410e4a70-ae12-4de2-8f31-071ffee3cad4", "e94f94f0-3538-40dd-aef2-0189eacc7eb7", "23fa6fdf-cfb9-4850-ad04-3ea56551c30a", "3e1fad28-031b-4670-a9d0-0af2e8ba1361", "d49378a4-d03c-4730-be87-f0fcb2d199db"]}