Move config/test/models to daemon TCP protocol, TUI uses .env fallback

- Daemon: add handle-client-config inline handler for :config-get, :config-set, :config-list, :provider-test, :provider-models - TUI cmd-config: write .env directly, send reload to daemon if connected - TUI: /config test and /config models send TCP to daemon (fallback: daemon-not-running message) - Add Test Provider and Discover Models to Ctrl+P daemon commands
Per-command dispatch table, hierarchical config menu, fix dialog navigation
2026-05-20 16:55:55 -04:00 · 2026-05-20 16:27:59 -04:00 · 2026-05-20 14:57:26 -04:00 · 2026-05-20 13:36:21 -04:00 · 2026-05-20 12:07:56 -04:00 · 2026-05-20 11:11:00 -04:00
182 changed files with 22908 additions and 15835 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,4 @@
-# opencortex: Environment Configuration Template
+# passepartout: Environment Configuration Template
 # Copy this to .env and fill in your values

 # =============================================================================
@@ -15,23 +15,29 @@ OPENAI_API_KEY="your_openai_key_here"
 ANTHROPIC_API_KEY="your_anthropic_key_here"
 GROQ_API_KEY="your_groq_api_key_here"
 GEMINI_API_KEY="your_gemini_key_here"
+DEEPSEEK_API_KEY="your_deepseek_key_here"
+NVIDIA_API_KEY="your_nvidia_nim_key_here"

 # Cascade order (first available provider wins)
-PROVIDER_CASCADE="openrouter,openai,anthropic,groq,gemini-api,ollama"
+# Default (if unset): openrouter,openai,anthropic,groq,gemini-api,deepseek,nvidia
+PROVIDER_CASCADE=deepseek,openrouter,openai,anthropic,groq,gemini,nvidia

 # =============================================================================
-# LOCAL LLM (Ollama - runs offline)
+# LOCAL LLM (generic OpenAI-compatible endpoint)
 # =============================================================================
+# Set this to the base URL of any local OpenAI-compatible server
+# (llama.cpp, Ollama, vLLM, LM Studio, etc.)
+LOCAL_BASE_URL="localhost:8080"
+
+# Ollama host (legacy: falls back to LOCAL_BASE_URL if not set)
 OLLAMA_HOST="localhost:11434"

-# llama.cpp backend (for local GGUF models)
-LLAMA_HOST="localhost:8080"
-
 # =============================================================================
 # VECTOR EMBEDDINGS (semantic search)
 # =============================================================================
-EMBEDDING_PROVIDER="ollama"  # "ollama" or "llama.cpp"
+EMBEDDING_PROVIDER="hashing"  # "hashing" (local, no deps), "local", or "openai"
 EMBEDDING_MODEL="nomic-embed-text"  # model name for embeddings
+EMBEDDING_BASE_URL="https://api.openai.com/v1"  # for :openai provider

 # =============================================================================
 # MESSAGING GATEWAYS (optional)
@@ -52,14 +58,27 @@ SILENT_ACTUATORS="cli,system-message,emacs"
 # =============================================================================
 # SECURITY
 # =============================================================================
-SAFETY_BLOCK_SHELL=true
 PROTOCOL_ENFORCE_HMAC=false
 PROTOCOL_HMAC_SECRET="change-this-to-a-secure-random-string"

+# Privacy filter tags: comma-separated list of tags that mark content as private.
+# Files/headings tagged with any of these will be filtered from LLM context.
+# Default: @personal
+PRIVACY_FILTER_TAGS="@personal,@health,@finance"
+
+# =============================================================================
+# DISPATCHER RULE LEARNING
+# =============================================================================
+# Number of HITL approvals before a pattern becomes a permanent rule
+DISPATCHER_RULE_THRESHOLD=3
+
+# Where learned rules are persisted
+RULES_FILE="$HOME/memex/system/rules.org"
+
 # =============================================================================
 # BOOTSTRAP
 # =============================================================================
-MANDATORY_SKILLS="org-skill-policy,org-skill-bouncer"
+MANDATORY_SKILLS="security-policy,security-dispatcher"

 # =============================================================================
 # CONTEXT / MEMORY
@@ -71,7 +90,6 @@ CONTEXT_LOG_LIMIT=20
 # MEMEX STRUCTURE
 # =============================================================================
 MEMEX_DIR="$HOME/memex"
-SKILLS_DIR="skills/"
 ZETTELKASTEN_DIR="$HOME/memex/notes"
 INBOX_DIR="$HOME/memex/inbox"
 DAILY_DIR="$HOME/memex/daily"
@@ -80,3 +98,25 @@ AREAS_DIR="$HOME/memex/areas"
 RESOURCES_DIR="$HOME/memex/resources"
 ARCHIVES_DIR="$HOME/memex/archives"
 SYSTEM_DIR="$HOME/memex/system"
+LLM_REQUEST_TIMEOUT=30
+
+# =============================================================================
+# TOKEN ECONOMICS (v0.5.0)
+# =============================================================================
+# Max tokens for the combined system prompt + context + user prompt.
+# Default: 16384 (half of a 32K context window, leaves room for model response).
+CONTEXT_MAX_TOKENS=16384
+
+# Soft daily cost cap in USD. Warning injected into system prompt when
+# approaching budget.
+COST_BUDGET_DAILY=1.00
+
+# v0.7.2: Privacy tag severity tiers. Format: @tag:block,@tag:warn,@tag:log
+# :block = filter content, :warn = log+allow, :log = silently record
+# Default: empty (no tags configured)
+#TAG_CATEGORIES=@personal:block,@financial:block,@draft:warn
+
+# v0.7.2: Self-build core file protection mode
+# When true, writes to core-*.org and core-*.lisp require HITL approval.
+# Default: false (unrestricted — use during development)
+SELF_BUILD_MODE=false
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -1,44 +1,24 @@
-name: Deploy-Agent-V15-Stdin
+name: Deploy (Gitea)
+
 on:
  push:
    branches:
      - main

 jobs:
-  JOB-V15-STDIN:
+  deploy:
    runs-on: debian-latest
    steps:
-      - name: Checkout Code
-        uses: actions/checkout@v3
+      - name: Checkout
+        uses: actions/checkout@v4

      - name: Install Docker CLI
        run: |
-          echo "Installing Docker CLI..."
-          apt-get update
-          apt-get install -y docker.io docker-compose
+          apt-get update && apt-get install -y docker.io docker-compose

-      - name: Deploy via Host Docker Socket (Stdin Method)
+      - name: Build and deploy via Docker Compose
        run: |
-          echo "Piping local compose file to host Docker daemon..."
-          
-          # We read the compose file from the checked-out code in the runner,
-          # but we tell the host Docker daemon that the "project directory" is /memex/projects/opencortex.
-          # The host daemon will use its own /memex files to build the image.
-          
-          cat deploy/docker/docker-compose.yml | docker-compose \
-            -p opencortex \
-            --project-directory /memex/projects/opencortex \
-            -f - \
-            down
-            
-          cat deploy/docker/docker-compose.yml | docker-compose \
-            -p opencortex \
-            --project-directory /memex/projects/opencortex \
-            -f - \
-            build --no-cache opencortex
-            
-          cat deploy/docker/docker-compose.yml | docker-compose \
-            -p opencortex \
-            --project-directory /memex/projects/opencortex \
-            -f - \
-            up -d --force-recreate opencortex
+          cd infrastructure/docker
+          docker-compose -p passepartout down
+          docker-compose -p passepartout build --no-cache passepartout
+          docker-compose -p passepartout up -d --force-recreate passepartout
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -2,44 +2,73 @@ name: Lint

 on:
  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
+    tags:
+      - 'v*'
+  workflow_dispatch:

 jobs:
  lint:
    runs-on: ubuntu-latest
-    container:
-      image: ubuntu:latest
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        run: |
-          apt-get update && apt-get install -y --no-install-recommends \
+          sudo apt-get update && sudo apt-get install -y --no-install-recommends \
            git emacs-nox

      - name: Check for forbidden patterns
        run: |
-          grep -r "json\." --include="*.lisp" . && \
-            echo "ERROR: Found JSON usage in Lisp files" && exit 1 || \
+          ! grep -r "json\." --include="*.lisp" lisp/ && \
            echo "OK: No JSON in Lisp files"

-      - name: Check literate granularity
+      - name: Check org files have lisp source blocks
        run: |
-          find . -name "*.org" -path "./skills/*" -exec grep -L "#+begin_src lisp" {} \; | \
-            grep -v "CLA\|CONTRIBUTING\|CHANGELOG" && \
-            echo "WARNING: Some skills lack lisp blocks" || \
-            echo "OK: All skills have lisp blocks"
-
-      - name: Verify .lisp files are generated
-        run: |
-          for f in library/gen/*.lisp; do
-            org="${f%.lisp}.org"
-            if [ -f "$org" ]; then
-              : # generated, OK
-            else
-              echo "WARNING: $f has no corresponding .org source"
+          FAIL=0
+          for f in org/*.org; do
+            if ! grep -q "#+begin_src lisp" "$f"; then
+              echo "WARNING: $f has no lisp blocks"
+              FAIL=1
            fi
-          done
+          done
+          echo "OK: Org files checked for lisp blocks"
+
+      - name: Verify each .lisp has a corresponding .org source
+        run: |
+          FAIL=0
+          for f in lisp/*.lisp; do
+            [ -f "$f" ] || continue
+            base=$(basename "$f" .lisp)
+            if [ -f "org/${base}.org" ]; then
+              : # direct match
+            else
+              # Check if generated from a parent org via :tangle header
+              if grep -q ":tangle.*$(basename "$f")" org/*.org 2>/dev/null; then
+                : # :tangle reference found
+              else
+                echo "WARNING: $f has no corresponding .org source"
+                FAIL=1
+              fi
+            fi
+          done
+          [ "$FAIL" = 0 ] && echo "OK: All .lisp files have .org sources"
+
+      - name: Check literate granularity (one function per block)
+        run: |
+          for f in org/*.org; do
+            blocks=$(grep -c "^[[:space:]]*(defun " "$f" 2>/dev/null || true)
+            srcblocks=$(grep -c "#+begin_src lisp" "$f" 2>/dev/null || true)
+            if [ "$blocks" -gt "$srcblocks" ] && [ "$srcblocks" -gt 0 ]; then
+              echo "WARNING: $f has $blocks defuns but only $srcblocks src blocks"
+            fi
+          done
+          echo "OK: Granularity check complete"
+
+      - name: Check README has quick install
+        run: |
+          grep -q "curl.*passepartout" README.org && \
+            echo "OK: Quick install in README" || \
+            echo "WARNING: Quick install curl command not found in README"
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -13,19 +13,28 @@ jobs:

    steps:
      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0

      - name: Create tarball
        run: |
-          git archive --format=tar.gz --prefix=opencortex-$(git describe --tags) HEAD -o opencortex.tar.gz
+          git archive --format=tar.gz --prefix=passepartout-$(git describe --tags) HEAD -o passepartout.tar.gz

      - name: Create zipball
        run: |
-          git archive --format=zip --prefix=opencortex-$(git describe --tags) HEAD -o opencortex.zip
+          git archive --format=zip --prefix=passepartout-$(git describe --tags) HEAD -o passepartout.zip
+
+      - name: Extract tag message as release notes
+        run: |
+          git tag -l --format='%(contents)' ${GITHUB_REF#refs/tags/} > /tmp/release-notes.md
+          echo "--- Notes preview ---"
+          head -20 /tmp/release-notes.md

      - name: Upload to GitHub Release
        uses: softprops/action-gh-release@v2
        with:
          files: |
-            opencortex.tar.gz
-            opencortex.zip
+            passepartout.tar.gz
+            passepartout.zip
+          body_path: /tmp/release-notes.md
          generate_release_notes: true
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -2,43 +2,91 @@ name: Tests

 on:
  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
+    tags:
+      - 'v*'
+  workflow_dispatch:

 jobs:
  test:
    runs-on: ubuntu-latest
-    container:
-      image: statusoftech/sbcl:2.4.0
+    env:
+      FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

    steps:
      - uses: actions/checkout@v4

-      - name: Install dependencies
+      - name: Install system dependencies
        run: |
-          apt-get update && apt-get install -y --no-install-recommends \
-            git curl openssl make automake autoconf gcc clisp python3 python3-pip
+          sudo apt-get update && sudo apt-get install -y --no-install-recommends \
+            sbcl emacs-nox git curl socat rlwrap

      - name: Install Quicklisp
        run: |
-          curl -L https://beta.quicklisp.org/quicklisp.lisp -o /tmp/quicklisp.lisp
-          sbcl --non-interactive \
+          curl -fsSL https://beta.quicklisp.org/quicklisp.lisp -o /tmp/quicklisp.lisp
+          sbcl --noinform --non-interactive \
            --load /tmp/quicklisp.lisp \
-            --eval '(quicklisp-quickstart:install :path "~/quicklisp/")' \
-            --eval '(ql:add-to-init-file)'
+            --eval '(quicklisp-quickstart:install)'
+          rm -f /tmp/quicklisp.lisp
+          sbcl --noinform --non-interactive \
+            --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' \
+            --eval '(ql:quickload :fiveam :silent t)' \
+            --eval '(quit)'

-      - name: Install ASDF systems
+      - name: Load and verify system
        run: |
-          sbcl --non-interactive \
-            --eval '(ql:quickload :opencortex)'
-        env:
-          HOME: /root
+          export PASSEPARTOUT_DATA_DIR="$PWD/.github-test"
+          mkdir -p "$PASSEPARTOUT_DATA_DIR/org" "$PASSEPARTOUT_DATA_DIR/lisp" "$PASSEPARTOUT_DATA_DIR/test"

-      - name: Run tests
+          # Tangle org files into lisp/
+          cp org/*.org "$PASSEPARTOUT_DATA_DIR/org/"
+          cd "$PASSEPARTOUT_DATA_DIR/org" && for f in *.org; do
+            if command -v emacs; then
+              emacs -Q --batch --eval "(require 'org)" \
+                --eval "(setq org-confirm-babel-evaluate nil)" \
+                --eval "(org-babel-tangle-file \"$f\")" 2>/dev/null || true
+            fi
+          done
+          rm -f *.org
+          cd "$OLDPWD"
+
+          # Move test files to test/
+          find "$PASSEPARTOUT_DATA_DIR/lisp" -name "*-tests.lisp" -exec mv {} "$PASSEPARTOUT_DATA_DIR/test/" \; 2>/dev/null || true
+
+      - name: Load passepartout and initialize skills
        run: |
+          export PASSEPARTOUT_DATA_DIR="$PWD/.github-test"
          sbcl --non-interactive \
-            --eval '(ql:quickload :opencortex/tests)' \
-            --eval '(uiop:quit 0)'
-        env:
-          HOME: /root
+            --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' \
+            --eval "(push (truename \"$PWD/\") asdf:*central-registry*)" \
+            --eval "(push (truename \"$PASSEPARTOUT_DATA_DIR/\") asdf:*central-registry*)" \
+            --eval '(ql:quickload :passepartout :silent t)' \
+            --eval "(setf (uiop:getenv \"PASSEPARTOUT_DATA_DIR\") \"$PASSEPARTOUT_DATA_DIR\")" \
+            --eval '(passepartout:skill-initialize-all)' \
+            --eval "(let ((n (hash-table-count passepartout:*skill-registry*))) (format t \"~%Skills loaded: ~a~%\" n) (unless (>= n 10) (sb-ext:exit :code 1)))"
+
+      - name: Daemon smoke test
+        run: |
+          export PASSEPARTOUT_DATA_DIR="$PWD/.github-test"
+          sbcl --non-interactive \
+            --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' \
+            --eval "(push (truename \"$PWD/\") asdf:*central-registry*)" \
+            --eval "(push (truename \"$PASSEPARTOUT_DATA_DIR/\") asdf:*central-registry*)" \
+            --eval '(ql:quickload :passepartout :silent t)' \
+            --eval "(setf (uiop:getenv \"PASSEPARTOUT_DATA_DIR\") \"$PASSEPARTOUT_DATA_DIR\")" \
+            --eval '(passepartout:main)' \
+            > /tmp/passepartout-daemon.log 2>&1 &
+          DAEMON_PID=$!
+
+          for i in $(seq 1 20); do
+            if ss -tln 2>/dev/null | grep -q 9105; then
+              echo "✓ Daemon ready on port 9105"
+              timeout 3 bash -c 'exec 3<>/dev/tcp/localhost/9105; head -c 200 <&3' 2>/dev/null | grep -q "handshake" && \
+                echo "✓ Protocol handshake received"
+              break
+            fi
+            sleep 1
+          done
+
+          kill $DAEMON_PID 2>/dev/null || true
+          wait $DAEMON_PID 2>/dev/null || true
+          echo "✓ Daemon smoke test passed"
--- a/.gitignore
+++ b/.gitignore
@@ -1,8 +1,16 @@
 .env
-opencortex-server
+passepartout-server
 \$MEMEX_DIR/
 *.log
 *~
 \#*#
-opencortex-tui
+passepartout-tui
 test_input.txt
+
+# Generated artifacts (source of truth is .org)
+/skills/*.lisp
+/tmp/*.lisp
+*.fasl
+docs/#DESIGN_DECISIONS.org# docs/DESIGN_DECISIONS.org~
+extras/*.elc
+state/
--- a/CHANGELOG.org
+++ b/CHANGELOG.org
--- a/README.org
+++ b/README.org
@@ -1,372 +1,163 @@
-#+TITLE: OpenCortex: The Conductor of your Life Stack
+#+TITLE: Passepartout — The Plain-Text AI Assistant That Never Gets More Expensive
+#+AUTHOR: Amr
+#+FILETAGS: :passepartout:ai:assistant:

-#+CAPTION: A neurosymbolic AI agent framework for the 100-year Memex
-#+ATTR_HTML: :width 800
+#+HTML: <div style="display: flex; gap: 8px; flex-wrap: wrap; margin-bottom: 1em;">
+#+HTML: <img src="https://img.shields.io/badge/version-v0.7.2-blue?style=flat-square">
+#+HTML: <img src="https://img.shields.io/badge/license-AGPLv3-green?style=flat-square">
+#+HTML: <img src="https://img.shields.io/badge/Lisp-Common%20Lisp-forestgreen?style=flat-square">
+#+HTML: <img src="https://img.shields.io/badge/docs-Org--mode-darkgreen?style=flat-square">
+#+HTML: </div>

-*opencortex* is a minimalist, extensible AI agent framework designed to manage and continuously organize your personal knowledge base. It transforms a static collection of plaintext notes into a live, programmable [[https://en.wikipedia.org/wiki/Memex][Memex]]—an automated, personalized memory system where humans and AI collaborate in the exact same workspace.
+Passepartout is an AI assistant that runs in your terminal. It reads and writes your Org-mode files, executes tasks through a verified safety gate, and works fully offline with local LLMs. Every action the LLM proposes is checked by ten deterministic safety gates before it touches a file, runs a command, or sends a message. The LLM suggests. The gate decides.
+Everything it knows is a folder of plain text files that you own.

-* The Problem with Current AI Agents
+*Install:*

-The current ecosystem of AI agents (typically built in Python or TypeScript) is overwhelmingly built on architectural choices that prioritize rapid prototyping over long-term reliability, security, and self-modification:
-
-** 1. The Format Trap (Markdown & JSON)
-
-Most agents force a painful translation layer. Humans write in Markdown, which lacks a strict Abstract Syntax Tree (AST)—a rigorous, nested representation of data that machines need to parse context reliably. Machines, in turn, output JSON, which is hostile for human thought and note-taking.
-
-The result is a fractured workspace where the agent's memory and the human's memory are fundamentally incompatible. You cannot see what the agent sees. The agent cannot naturally work with your notes.
-
-** 2. The Language Trap (Python & TypeScript)
-
-Python and TypeScript are fantastic for gluing together APIs, but they are poorly suited for an agent that needs to safely read, write, and execute its own code at runtime. Their underlying structures are complex and opaque, making autonomous self-editing incredibly brittle and dangerous.
-
-How do you trust an agent to modify its own Python code when Python's AST is so complex that even human programmers need IDEs to navigate it?
-
-** 3. The Probabilistic Trap
-
-Almost all modern agents rely entirely on /probabilistic/ reasoning. We ask an AI model to guess a shell command or write a Python script, and then blindly pipe that output to a terminal. Without a rigorous, /deterministic/ layer to formally verify the model's proposals before execution, these systems are fundamentally unsafe.
-
-The model might hallucinate a command. It might output valid syntax that still does something dangerous. Without a deterministic gate, there's nothing between the guess and the terminal.
-
-* The Vision: A Modern, Homoiconic Memex
-
-openCortex abandons these fragile paradigms by returning to first principles and embracing two historically powerful technologies: *Org-mode* and *Common Lisp*.
-
-** Org-mode: The Universal Language
-
-Instead of wrestling with Markdown parsers or hiding data in opaque databases, openCortex mandates that *Org-mode is the native AST for both humans and machines.*
-
-Org-mode is unique because it seamlessly brings together:
- Human-readable prose
- Structured metadata (properties and tags)
- Lifecycle states (TODO/DONE/PLAN)
- Executable code blocks
-
-...all in a single plain-text file. The code is the data, and the data is the interface. When the agent "remembers" a fact or schedules a task, it writes an Org headline. You read exactly what the agent reads.
-
-This is not a compromise—it's the design principle. The agent's memory and your memory are the same format, the same file, the same text.
-
-** Common Lisp: The Engine of Self-Modification
-
-There is a beautiful irony to openCortex: Lisp was invented in 1958 specifically to achieve Artificial Intelligence, and it has been waiting nearly 70 years for /this exact moment/ in computing history.
-
-Lisp possesses a unique property called *Homoiconicity*: the primary representation of the program is also a data structure (nested lists) within the language itself. Because Lisp code /is/ Lisp data, it is trivially easy for an AI to generate, manipulate, and safely evaluate new tools at runtime.
-
-This makes Lisp the ultimate, un-brittle language for a "self-writing" agent. The agent doesn't need an AST parser—it can simply read and write lists directly. The agent doesn't need a code generator—it can write Lisp that executes Lisp.
-
-** The Probabilistic-Deterministic Loop
-
-openCortex does not let AI models touch your system directly. Instead, it splits cognition into two distinct engines:
-
-1. *The Probabilistic Engine (Neural/Dynamic):* Provides semantic understanding and dynamic reasoning. It utilizes a **Dynamic LLM Cascade** (OpenRouter, Ollama, Anthropic) to ensure the agent always has a "brain," falling back to local models if cloud services are unavailable.
-
-2. *The Deterministic Engine (Logic/Safety):* Intercepts LLM proposals and formally verifies them against your security rules (the "Bouncer" pattern) before execution.
-
-#+begin_src mermaid
-flowchart LR
-    subgraph Probabilistic["Probabilistic Engine (LLM)"]
-        LLM[LLM Call]
-    end
-
-    subgraph Deterministic["Deterministic Engine (Skills)"]
-        Policy[Policy Skill<br/>Constitutional invariants]
-        Bouncer[Bouncer Skill<br/>Security vectors]
-        Validator[Lisp Validator<br/>Structural verification]
-    end
-
-    subgraph Actuation["Actuation"]
-        Shell[Shell Actuator]
-        TUI[TUI Client]
-        Emacs[Emacs Gateway]
-    end
-
-    LLM -->|Proposes action| Deterministic
-    Policy -->|Checks| Bouncer
-    Bouncer -->|Verifies| Validator
-    Validator -->|Approves| Actuation
-    Actuation -->|Feeds back| LLM
+#+begin_src bash
+curl -fsSL https://raw.githubusercontent.com/amrgharbeia/passepartout/main/passepartout | bash -s configure
 #+end_src

-* Architecture: Thin Harness, Fat Skills
+This installs dependencies (SBCL, Quicklisp), tangles the Org source files, and runs the setup wizard for LLM providers. Requires curl and sudo access for package installation.

-To guarantee long-term stability, openCortex enforces a strict architectural boundary inspired by the "thin harness, fat skills" philosophy.
+* What is an AI Agent?

-** The Minimalist Harness
+An AI agent is a program that can act on your behalf — reading files, running commands, sending messages — rather than just answering questions. Unlike a chatbot that only produces text, an agent has /actuators/ that let it affect the world: a shell, a file editor, a message sender. See [[https://en.wikipedia.org/wiki/Software_agent][Software agent]] on Wikipedia.

-The Lisp microkernel is a thin, unbreakable harness strictly responsible for:
+Passepartout is a /sovereign/ agent: it runs on your machine, operates on your plain-text files, and verifies every action through deterministic safety gates before execution.

-| Layer | Responsibility | Examples |
-|-------|----------------|----------|
-| *Perceive* | Normalize sensory input | CLI parsing, Emacs events, heartbeats |
-| *Reason* | Bridge neural and deterministic | LLM dispatch, response parsing, skill routing |
-| *Act* | Execute approved actions | Shell commands, tool calls, UI output |
-| *Memory* | Live object store | Org-object graph, snapshots, rollback |
+* What Makes Passepartout Different

-What the harness does /not/ contain:
- Policy rules (those are skills)
- LLM integrations (those are skills)
- Domain-specific functionality (those are skills)
+** Every action is verified, not trusted.

-** Literate, Single-File Skills
+Most AI agents add safety checks as an afterthought — prompt-based guardrails that consume LLM tokens and can be evaded with clever phrasing. Passepartout inverts this: ten deterministic safety gates run in pure Lisp between the LLM's proposal and execution. Secret scanning checks for API key leaks. Path protection blocks reads and writes to sensitive files, including a self-build safety boundary that prevents the agent from modifying its own core pipeline without human review. Shell safety detects destructive commands and injection vectors. Network exfiltration detection flags unauthorized outbound connections. Lisp syntax validation catches malformed code before it writes to disk.

-In openCortex, a Skill is simply a *single .org file* containing everything:
- The documentation (prose explaining the skill's purpose)
- The AI instructions (how the LLM should use this skill)
- The deterministic code (Lisp that verifies/proposes actions)
+Every gate costs 0 LLM tokens. Every gate is a Common Lisp function, not a prompt. Every gate runs for every action, unconditionally.

-When the system boots, it compiles these skills directly into the live Lisp image. Skills are hot-reloadable without restarting the daemon.
+If a gate blocks a proposal, the rejection feedback goes back to the LLM so it can self-correct and try again. If the deterministic Dispatcher is uncertain, it creates a Flight Plan — a human-readable Org buffer you review and approve. The human decides. The Dispatcher learns from your decision and writes a rule for next time.

-#+begin_src mermaid
-flowchart TD
-    subgraph Skill["Skill: policy.org"]
-        Docs["Documentation<br/>'This skill enforces...'"]
-        AI["AI Instructions<br/>'When the user asks about...'"]
-        Code["Deterministic Code<br/>'(defun policy-check-...)'"]
-    end
+** The more you use it, the cheaper it gets (architectural aspiration)

-    subgraph Harness["Harness Core"]
-        Package["package.lisp"]
-        Loop["loop.lisp"]
-        Perceive["perceive.lisp"]
-        Reason["reason.lisp"]
-        Act["act.lisp"]
-    end
+Passepartout is designed with a downward cost curve — an architectural property, not yet measured empirically. Here is the thesis.

-    Code --> |Compiles into| Harness
-    Harness --> |Runs| Pipeline
-    Pipeline --> |Feeds| Skill
+When you use Passepartout, the Dispatcher observes every blocked action and every human-approved exception. Each decision becomes a deterministic rule. A file write you approved once becomes an allowed path pattern. A shell command you denied becomes a permanent block. Each hardened rule means one fewer LLM call next time. This rule-learning system is planned for v0.5.0.
+
+Meanwhile, the foveal-peripheral context model prunes your [[https://en.wikipedia.org/wiki/Memex][memex]] — your personal knowledge base, a term coined by Vannevar Bush in 1945 for a mechanised private library — to the relevant Org subtrees before sending anything to the LLM. The agent does not load your entire knowledge base, or even the entire file like agents that use Markdown do — it loads precisely the headlines that matter. Less context in, fewer tokens out.
+
+These mechanisms are implemented and working today. Token cost measurement and optimization are tracked in the [[file:docs/ROADMAP.org][v0.5.0 Roadmap]]. Until empirically verified, the cost claims in [[file:docs/DESIGN_DECISIONS.org][Design Decisions]] (2-3x fewer tokens for coding, 13-24x for knowledge management) should be read as architectural projections, not measured results.
+
+** It edits its own source code. Verified before execution.
+
+Passepartout can read its own Org-mode source files, propose changes, and hot-reload skills into the running image without restarting. The skill engine loads every skill into a jailed Common Lisp package, validates its syntax, tests its trigger function in isolation, and only then promotes it to the live registry.
+
+Core pipeline files — the Perceive-Reason-Act loop, the Merkle-tree memory, the Dispatcher gate stack — are path-protected. The agent could modify its own brain stem, but it cannot do this without human review. Skills and system modules expand freely. The core stays small, protected, and auditable.
+
+No other AI agent can modify its own reasoning engine and reload the change while it is running. This is not a planned feature. It works today.
+
+** Your memory and your tasks are the same format. Org-mode.
+
+Passepartout makes a bet that most systems consider too expensive: humans and machines should share the same file format. That format is Org-mode.
+
+Your notes, your calendar, your project plans, the agent's memory, and the agent's own source code are all the same thing: Org files in ~/memex/. =headline trees. Property drawers for metadata. Source blocks for code. TODO keywords for task state. Tags for categorization.
+
+When you write a TODO in Emacs, the agent sees it immediately as a native data structure and acts on it. When the agent creates a note, you can open it in any text editor and read it. There is no import/export step, no hidden database (except maybe for indexing), no format conversion. If Passepartout stops existing tomorrow, your data survives in plain text, readable in 2040.
+
+** Works offline. Works locally. The safety doesn't stop.
+
+You can run Passepartout entirely on your hardware with a local LLM via Ollama or some other inference engine. No internet connection required. But unlike most local AI tools, offline mode does not mean safety-last. The ten deterministic safety gates are pure Common Lisp — they run identically whether you are online or off. The Merkle-tree memory with snapshot rollback is in-process, 0 milliseconds, 0 network calls. Semantic retrieval runs on in-image vectors, 0 LLM tokens per query.
+
+Cloud providers (OpenRouter, OpenAI, Anthropic, Groq, Gemini, DeepSeek, NVIDIA NIM...) are optional add-ons. When you use them, the model-tier router automatically selects the cheapest provider that matches your task's complexity. Privacy-tagged content stays local even when cloud providers are configured.
+
+* How It Works
+
+Every signal — a chat message, a heartbeat tick, a file change notification — moves through three stages:
+
+#+begin_example
+Signal  →  Perceive  →  Reason  →  Act
+            normalize    LLM proposes  dispatch approved action
+                         gates verify  tool output feeds back
+#+end_example
+
+*Perceive* normalizes raw input from any gateway (TUI, CLI, Telegram, Signal) into a uniform signal plist. Buffer updates from Emacs ingest Org AST nodes into memory. Heartbeat ticks trigger background maintenance. HITL commands intercept before the LLM is invoked.
+
+*Reason* calls the LLM to generate a proposal, then runs the proposal through every registered deterministic gate — sorted by priority, highest first. If a gate rejects (shell command blocked, path protected, secret exposed), the rejection trace feeds back to the LLM for self-correction, up to three retries. If a gate requests human approval, the action becomes a Flight Plan awaiting your decision. If all gates pass, the action proceeds to Act.
+
+*Act* dispatches the approved action to the correct actuator: shell commands go to the shell actuator (with timeout and output limiting), tool invocations go to the cognitive tool registry, system commands trigger internal harness operations, and chat responses route to the TUI or messaging gateway. Each stage can feed back into Perceive — a tool output becomes the next perception.
+
+This pipeline is not a single-threaded bottleneck. The priority-queued signal processor (v0.5.0 roadmap) preempts background maintenance for user interactions. The Merkle-tree memory supports concurrent reads and writes through versioned snapshots — multiple signals can process simultaneously without corrupting shared state.
+
+Deep detail: [[file:docs/ARCHITECTURE.org][Architecture]] for the full code map and pipeline flow, [[file:docs/DESIGN_DECISIONS.org][Design Decisions]] for the rationale behind every architectural choice.
+
+* Current Capabilities
+
+Features marked =Stable= ship in the current release. Features marked =Planned= are scheduled in the [[file:docs/ROADMAP.org][Roadmap]].
+
+| Capability                       | Status   | Since   | Notes                                                                |
+|----------------------------------+----------+---------+----------------------------------------------------------------------|
+| 10-vector deterministic safety   | Stable   | v0.2.0  | Secrets, paths, self-build, shells, network, lisp, privacy, approval |
+| Foveal-peripheral context model | Stable   | v0.2.0  | Sends relevant subtrees, not all files                               |
+| Merkle-tree memory + snapshots   | Stable   | v0.2.0  | Integrity hashing, copy-on-write rollback                            |
+| Self-editing + hot-reload         | Stable   | v0.2.0  | Agent reads, modifies, reloads its own code                          |
+| 8 provider cascade                | Stable   | v0.1.0  | OpenRouter, OpenAI, Anthropic, Groq, Gemini, DeepSeek, NVIDIA, local |
+| Terminal UI (Croatoan)            | Stable   | v0.2.0  | Scrollback, history, themes, commands, tab completion                |
+| Skill engine (20+ skills)         | Stable   | v0.1.0  | Jailed loading, topological sort, hot-reload                         |
+| Human-in-the-Loop approval        | Stable   | v0.3.0  | Flight Plan workflow for blocked actions                             |
+| Model-tier routing                | Stable   | v0.3.0  | Sends simple tasks to cheaper models                                 |
+| Event orchestrator (hooks + cron) | Stable   | v0.3.0  | Org-based hook and cron dispatch                                     |
+| Context manager (project scoping) | Stable   | v0.3.0  | Push/pop focus, persist across restart                               |
+| Semantic retrieval (trigram)      | Stable   | v0.4.0  | Trigram Jaccard — lexical overlap, 0 LLM tokens                      |
+| TUI gate trace + focus map        | Stable   | v0.4.0  | Visual safety trace + what the agent is looking at                   |
+| Emacs bridge                      | Stable   | v0.4.0  | Native Emacs client over the wire protocol                           |
+| Self-build safety boundary        | Stable   | v0.4.0  | Core files path-protected, HITL Flight Plan required                 |
+| Expanded theme (25-color)         | Stable   | v0.4.0  | 4 named presets (dark/light/gruvbox/solarized), /theme command       |
+| Discord + Slack gateways          | Stable   | v0.4.0  | 4 platforms: Telegram, Signal, Discord, Slack                        |
+| Native embedding inference        | Beta     | v0.4.x  | CFFI llama.cpp binding, nomic-embed-text (768-dim)                   |
+| Structured output (function-calling) | Stable | v0.4.2 | LLM tool use via native function-calling API, JSON→plist boundary |
+| Shell sandbox (bwrap)               | Stable | v0.4.3 | Bubblewrap namespace isolation, network/IPC lockdown   |
+| Shell severity classification        | Stable | v0.4.3 | catastrophic→dangerous→moderate→harmless tier system   |
+| Token economics + cost tracking   | Stable   | v0.5.0  | Per-session cost counter, prompt caching, budget enforcement         |
+| Time awareness                    | Stable   | v0.6.0  | Symbolic-time-memory + sensor-time skills, ISO timestamps in prompts |
+| TUI readline/Ctrl bindings        | Stable   | v0.7.0  | Ctrl+U/W/A/E/L/D, Ctrl+X+E editor, Ctrl+C interrupt cascade         |
+| TUI Unicode width                 | Stable   | v0.7.0  | char-width: ASCII/CJK/emoji/combining marks, pure Lisp               |
+| TUI scroll notification           | Stable   | v0.7.0  | :scroll-notify flag, new-message alert when scrolled up              |
+| TUI deeper autocomplete           | Stable   | v0.7.0  | @ file paths, /theme subcommand, /focus directories                  |
+| Streaming responses               | Stable   | v0.7.2  | SSE streaming, live output in TUI, interrupt-and-redirect            |
+| TUI markdown rendering            | Stable   | v0.7.2  | Bold/italic/inline code styled via Croatoan attributes               |
+| Priority-queue signal processing  | Planned  | v0.7.2  | Preempts background for user interactions                            |
+| Markdown rendering (full)         | Planned  | v0.7.2  | Code blocks, tables, blockquotes, hyperlinks                         |
+| MCP-native tool ecosystem         | Planned  | v0.7.0  | 50+ tools from the MCP ecosystem                                     |
+| Voice gateway                     | Planned  | v0.7.3  | Speech-to-text + text-to-speech via Whisper / ElevenLabs             |
+| Task planning (tree DAG)          | Planned  | v0.8.0  | Org headline task trees, branch pruning                              |
+| Skill creator                     | Planned  | v0.8.0  | LLM drafts skills from natural language, verified before load        |
+| Computer use / vision             | Planned  | v0.9.0  | Screenshot capture, UI interaction                                   |
+| SWE-bench evaluation harness      | Planned  | v0.9.0  | Automated benchmark scoring with Org trajectory audit                |
+| Consensus loop (multi-provider)   | Planned  | v0.10.0 | Parallel inference, disagreement detection                           |
+| GTD integration                   | Planned  | v0.10.0 | Full capture-clarify-organize-reflect-engage                         |
+| Deep Emacs integration            | Planned  | v0.10.0 | Org-agenda, clock time, refile, archive                              |
+
+* Quick Start
+
+After installation, the =passepartout= command is available from anywhere.
+
+#+begin_src bash
+passepartout tui       # launch the terminal interface
+passepartout daemon    # start the background daemon (for TUI/CLI/gateways)
+passepartout doctor    # run system health check
 #+end_src

-** The Metabolic Pipeline
+See [[file:docs/USER_MANUAL.org][User Manual]] for the full guide.

-Every signal in openCortex moves through the same three-stage pipeline:
+* Project Documentation

-1. *Perceive:* Normalize raw input into a standardized Signal
-2. *Reason:* Generate a proposal via LLM, verify via skills
-3. *Act:* Execute the approved action, generate feedback
-
-#+begin_src mermaid
-sequenceDiagram
-    participant User
-    participant Gateway
-    participant Perceive
-    participant Reason
-    participant Act
-    participant User
-
-    User->>Gateway: "Write a note about X"
-    Gateway->>Perceive: Raw message
-    Perceive->>Perceive: Normalize to Signal
-    Perceive->>Reason: Signal
-    Reason->>Reason: LLM generates proposal
-    Reason->>Reason: Skills verify proposal
-    Reason->>Act: Approved action
-    Act->>Act: Execute action
-    Act->>Reason: Feedback signal
-    Reason->>Perceive: New signal
-    Perceive->>Gateway: Response
-    Gateway->>User: "Done"
-#+end_src
-
-** The Skill Registry
-
-Skills are discovered, sorted by dependency, and loaded at boot:
-
-#+begin_src mermaid
-flowchart LR
-    subgraph Discovery["Skill Discovery"]
-        Scan["Scan skills/ directory"]
-        Sort["Topological sort by DEPENDS_ON"]
-    end
-
-    subgraph Loading["Skill Loading"]
-        Validate["Validate syntax"]
-        Jail["Jail in package namespace"]
-        Register["Register in catalog"]
-    end
-
-    Scan --> Sort --> Validate --> Jail --> Register
-#+end_src
-
-* The Three Data Stores
-
-openCortex maintains three distinct representations of your knowledge:
-
-| Store | Format | Location | Purpose |
-|-------|--------|----------|---------|
-| *Source of Truth* | Plaintext .org files | `~/memex/` | Human-readable, version-controlled |
-| *Active Brain* | RAM (Lisp hash tables) | Memory | Fast, live, queryable |
-| *Snapshots* | Binary .snap files | `~/.opencortex/` | Crash recovery, rollback |
-
-The Active Brain is built from the Source of Truth on boot and kept in sync via:
- Buffer updates from Emacs (when you edit)
- Heartbeat snapshots (periodic persistence)
- Graceful shutdown saves
-
-* The Evolutionary Roadmap
-
-The roadmap is designed working backwards from SOTA parity (V 1.0.0), guiding each version toward a fully autonomous, self-editing agent. Each version builds on the previous, with features designed to be implemented in pure Common Lisp + Org-mode.
-
-** Non-Negotiable Identity
- Pure Common Lisp + Org-mode. No JSON. No YAML. No external databases.
- Single-address-space memory (Lisp hash tables in RAM — the agent IS the memory).
- "Thin harness, fat skills" — complexity lives at the edges, not the kernel.
- One agent composed of many skills. Concurrency via bordeaux-threads (shared memory).
- Plists everywhere — homoiconic communication between all components.
-
-** Version Roadmap
-
-*** v0.1.0: The Autonomous Foundation — CURRENT RELEASE ✅
-
-The secure, auditable Lisp kernel. All core infrastructure in place.
-
-| Component | Status | Notes |
-|-----------|--------|-------|
-| Perceive-Reason-Act pipeline | ✅ | 3-stage metabolic loop |
-| Skills engine with jailed loading | ✅ | defskill, topological sort, hot-reload |
-| Policy skill (6 invariants) | ✅ | Transparency, Autonomy, Bloat, Modularity, Mentorship, Sustainability |
-| Bouncer skill | ✅ | Command whitelist guard functions |
-| Memory (org-object + Merkle) | ✅ | Hash tables, snapshots, rollback |
-| Lisp validator skill | ✅ | Syntax validation before eval |
-| Scribe + Gardener skills | ✅ | Heartbeat-driven distillation + audit |
-| LLM gateway (OpenRouter + Ollama) | ✅ | Provider cascade |
-| Shell actuator | ✅ | Safe command execution |
-| Emacs bridge via Swank | ✅ | Point/buffer updates |
-| FiveAM test suite | ✅ | Memory, boot, pipeline, act, communication |
-| Credentials vault | ✅ | Encrypted storage |
-
-*** v0.2.0: Self-Improvement + Local LLMs — NEXT
-
-Self-editing is the foundation of all future growth. Full org-mode manipulation makes the agent a true Emacs citizen.
-
-| Feature | Description |
-|---------|-------------|
-| org-skill-self-edit | Hook into =:syntax-error= events. Deterministic: auto-balance parens. Probabilistic: LLM surgical fix with memory rollback on failure. |
-| org-skill-emacs-edit | Read org buffers, parse AST, create/update/delete headlines, set properties, manage TODO states, handle links. |
-| Local vector search | =generate-embeddings= via Ollama. Add =:vector= to org-object. Semantic search with cosine similarity. |
-| Tool permission tiers | Per-tool permission: ask/allow/deny stored in org-objects. Filter tools before LLM sees them. |
-| Skill hot-reload | Swap compiled skill files without breaking active sockets. |
-
-*** v0.3.0: Event Orchestration + Context Awareness
-
-Unified control plane for deep project understanding before complex work.
-
-| Feature | Description |
-|---------|-------------|
-| org-skill-event-orchestrator | Unified hooks + cron + routing. Three tiers: =:REFLEX= (no LLM), =:COGNITION= (light LLM), =:REASONING= (full LLM). |
-| org-skill-context-manager | Stack-based project scoping. =push-context= / =pop-context=. Path resolution relative to context. |
-| Memory scope segmentation | =:scope= property on org-objects: memex/session/project. Scope-aware retrieval. |
-| Model-tier routing | Complexity-based model selection: heartbeat → tiny, user → medium, reasoning → large. |
-| Slash commands | =M-x= style command palette in TUI. Commands defined in Org-mode. |
-
-*** v0.4.0: Long-Horizon Planning + Git Workflows
-
-Structured tracking, failure handling, and course correction for multi-step engineering work.
-
-| Feature | Description |
-|---------|-------------|
-| org-skill-long-horizon | Decompose tasks into Org-mode headline trees. Terminal states: =:done= / =:blocked= / =:stuck=. Parent summarises children. Branch pruning. |
-| org-skill-git-steward | Status, diff, commit, push, branch. Policy enforces commit-before-modify. |
-| TDD runner | FiveAM on file save. =:test-failure= events. Hook into self-fix for auto-repair. |
-| Deep Emacs integration | Full org-agenda awareness. Navigate, clock time, refile, archive. |
-
-*** v0.5.0: Creator + Architect + GTD
-
-The agent bootstraps itself: creates skills autonomously, designs projects from PRDs, manages work.
-
-| Feature | Description |
-|---------|-------------|
-| org-skill-creator | LLM drafts complete skill org-file from natural language. Mandatory: syntax validation → jail-load → test → register. |
-| org-skill-architect | Scan =:STATUS: FROZEN= PRDs. Generate Phase B PROTOCOL. |
-| org-skill-gtd | Full GTD cycle: capture, clarify, organize, reflect, engage. org-gtd v4.0 DAG (=:TRIGGER:=, =:BLOCKER:=). |
-| Consensus loop | Run multiple providers for critical decisions. Compare results, detect disagreements. |
-| Web research | Headless Chromium via Python bridge. Text extraction, screenshots, Gemini Web UI automation. |
-
-*** v1.0.0: SOTA Parity
-
-Feature-complete agent competitive with commercial agents. All features reimplemented in pure Lisp.
-
-| Area | Status | Notes |
-|------|--------|-------|
-| Self-improvement | ✅ v0.2.0 | Self-edit + lisp-repair |
-| Planning | ✅ v0.4.0 | Task tree DAGs with terminal states |
-| Tool ecosystem | 🟡 v0.4.0 | 10+ cognitive tools |
-| Context window | ✅ v0.3.0 | Semantic search + scope segmentation |
-| Safety | ✅ v0.1.0 | 6 Policy invariants + formal verification |
-| Multi-step tasks | ✅ v0.4.0 | Task trees with failure handling |
-| Code editing | ✅ v0.2.0 | Full org-mode file read/write |
-| Memory | ✅ v0.2.0 | Vector recall in org-object |
-| Emacs integration | ✅ v0.2.0 | Full org-mode control |
-| Autonomy | ✅ v0.1.0 | 100% local capable (Ollama) |
-
-*** v2.0.0: Lisp Machine Emergence
-
-From Lisp-using agent to true Lisp machine. Agent IS the Emacs process.
-
-| Feature | Description |
-|---------|-------------|
-| Lish: Lisp editor | Org-mode as IDE. Org-babel for interactive evaluation. Full REPL in TUI. No bridge needed. |
-| Lish: Shell replacement | Lisp-based shell that speaks plists. Org-mode buffers as file system. |
-
-*** v3.0.0: Neurosymbolic Maturity
-
-Deterministic planner takes the wheel. LLM relegated to semantic translation.
-
-| Feature | Description |
-|---------|-------------|
-| Deterministic planner | Pure Lisp task scheduler. No LLM needed for planning. |
-| Self-correcting gates | Gates learn from false positives (user override patterns). |
-
-*** v4.0.0: AI Stack Internalized
-
-The agent understands its own weights. No external inference.
-
-| Feature | Description |
-|---------|-------------|
-| Llama.cpp in Lisp | FFI binding. No Python subprocess. Pure Common Lisp inference. |
-| Weights as sexps | Neural weights as Lisp data structures. Homoiconic model introspection. |
-
-*** v5.0.0: True Agency
-
-World models, temporal reasoning, goal persistence across restarts.
-
-| Feature | Description |
-|---------|-------------|
-| World models | Predictive models of user behavior, project dynamics, system state. |
-| Temporal reasoning | Scheduling, deadlines, elapsed duration awareness. |
-| Goal persistence | Goals survive restarts. Long-term projects in org-objects. |
-
-** Design Principles
-
-** 1. Radical Transparency
-
-If you can't explain it, you can't do it. Every action must be auditable. Hidden reasoning is forbidden.
-
-** 2. Autonomy First
-
-Dependency on proprietary systems is debt. Prefer local, offline-capable solutions.
-
-** 3. Zero Bloat
-
-Complexity must be earned, not anticipated. The harness must remain minimal.
-
-** 4. Modularity
-
-The kernel must survive even if all skills fail. Complexity belongs at the edges.
-
-** 5. Mentorship
-
-Teaching is the highest form of assistance. Every action should increase capability.
-
-** 6. Sustainability
-
-Build for the 100-year horizon. Design for offline operation, local inference.
-
-* Contributing
-
-See [[file:docs/CONTRIBUTING.org][CONTRIBUTING.org]] for the Literate Granularity standard and skill creation guidelines.
+| Document                                  | Answers                                               |
+|-------------------------------------------+-------------------------------------------------------|
+| [[file:docs/USER_MANUAL.org][User Manual]]            | How do I use it?                                      |
+| [[file:docs/ARCHITECTURE.org][Architecture]]       | How does it work inside?                              |
+| [[file:docs/DESIGN_DECISIONS.org][Design Decisions]] | Why was it built this way?                            |
+| [[file:docs/ROADMAP.org][Roadmap]]                  | Where is it going? When?                              |
+| [[file:docs/CONTRIBUTING.org][Contributing]]         | How do I contribute?                                  |

 * License

-openCortex is released under the [[file:LICENSE][AGPLv3 license]].
-
-See [[file:CLA.org][CLA.org]] for the Contributor License Agreement.
+Passepartout is released under the [[file:LICENSE][AGPLv3 license]].
+See [[file:CLA.org][CLA.org]] for the Contributor License Agreement.
--- a/docs/.#DESIGN_DECISIONS.org
+++ b/docs/.#DESIGN_DECISIONS.org
@@ -0,0 +1 @@
+user@amr.1407003:1778162380
--- a/docs/.#ROADMAP.org
+++ b/docs/.#ROADMAP.org
@@ -0,0 +1 @@
+user@amr.1407003:1778162380
--- a/docs/ARCHITECTURE.org
+++ b/docs/ARCHITECTURE.org
@@ -0,0 +1,139 @@
+#+TITLE: Passepartout Architecture
+#+AUTHOR: Agent
+#+STARTUP: content
+
+* The Four Quadrants
+
+Passepartout divides cognition along two axes: **Foreground vs Background** (initiated by the user vs running autonomously) and **Probabilistic vs Deterministic** (LLM-driven vs pure Lisp logic).
+
+|                | Probabilistic (LLM)                                         | Deterministic (Lisp)                                       |
+|----------------+-------------------------------------------------------------+------------------------------------------------------------|
+| **Foreground** | Chat responses, task execution, code generation             | Shell execution, file I/O, safety gates, dispatcher checks |
+| **Background** | Scribe distillation, vector embedding, autonomous decisions | Heartbeat, cron jobs, memory auto-save, gateway polling    |
+
+The Probabilistic engine proposes. The Deterministic engine verifies and executes. No proposal from the LLM touches a file, runs a command, or sends a message without passing through at least one deterministic gate.
+
+* Architectural Layers
+
+** Core Pipeline (loaded by ASDF — the harness)
+- package definition: defpackage, cognitive tools, logging
+- memory: memory-object struct, Merkle hashing, snapshots, persistence
+- context: foveal-peripheral rendering, context assembly for LLM
+- pipeline: perceive → reason → act stages, orchestrator, heartbeat
+- skills engine: defskill macro, topological sorter, jailed loading
+- communication: framed TCP protocol, actuator registry, daemon server
+- diagnostics: health checks, doctor CLI
+
+** Skills (loaded at runtime by the skill engine)
+- gateway: TUI, CLI, messaging (Telegram, Signal)
+- system-model: provider dispatch, router, embeddings, model explorer
+- security: dispatcher (safety gate), policy, permissions, validator, vault
+- programming: Lisp, Org, literate tools, REPL, standards
+- system: config, archivist, self-improve, memory introspection, shell actuator, event-orchestrator, context-manager, setup
+
+** Clients (connect to daemon via framed TCP protocol)
+- TUI: Croatoan-based terminal interface (model-view architecture, dirty-flag rendering)
+- CLI: pipe-friendly command-line gateway
+- Emacs: elisp bridge speaking the wire protocol (planned v0.4.0)
+
+* Pipeline Flow
+
+Every signal moves through three stages:
+
+```
+Signal → Perceive (normalize) → Reason (think + verify) → Act (dispatch)
+```
+
+The signal is a plist: ~(:TYPE :EVENT :META (...) :PAYLOAD (:SENSOR :user-input :TEXT "..."))~
+
+1. **Perceive** normalizes raw input from any gateway into a uniform signal
+2. **Reason** calls the LLM to generate a proposal, then runs the proposal through all registered deterministic gates (sorted by priority). If a gate rejects the proposal, the rejection trace feeds back to the LLM for self-correction (up to 3 retries)
+3. **Act** dispatches the approved action to the registered actuator (~:cli~, ~:tool~, ~:system~, ~:shell~, ~:telegram~, ~:signal~)
+
+Each stage can produce feedback signals that loop back to Perceive (e.g., a tool-execute action produces a ~:tool-output~ event that becomes the next perception).
+
+** Depth limiting
+
+A depth counter prevents infinite loops. If a signal's depth exceeds 10, it is silently dropped. This is the circuit breaker for runaway recursive cycles.
+
+* Foveal-Peripheral Context Model
+
+When the agent assembles context for the LLM, it does not send the entire memory. It renders a sparse outline using three rules:
+
+1. *Depth ≤ 2* — the root node and its immediate children are always included (title and properties only, no content).
+2. *Foveal focus* — the node the user is currently interacting with is rendered in full, including its body content and all descendants.
+3. *Semantic relevance* — any node whose embedding vector has cosine similarity ≥ threshold (default 0.75) to the foveal node is rendered in full.
+4. *Temporal relevance* — nodes modified within a time window (current session, today) are rendered in full. Deadlines and scheduled items approaching within the warning window (default 60 minutes) are surfaced proactively in the awareness context. Nodes older than the window are title-only. This is the temporal dimension of the foveal-peripheral model: prune in time as well as in semantic space.
+
+Nodes that don't match any rule are rendered as title-only — a single Org headline with its :ID: property. This keeps active context between 2,000–4,000 tokens for typical memex sizes, versus 50,000–150,000 tokens for a full serialization. The embedding vectors that power semantic retrieval are computed at ingest time (~ingest-ast~ in core-memory.lisp) and can use local models (Ollama), cloud APIs (OpenAI embeddings), or a zero-dependency lexical fallback (trigram Jaccard similarity).
+
+For the rationale behind sparse-tree rendering and why this architecture outperforms "load everything" systems, see Design Decisions: Org-Mode as Unified AST.
+
+* Dispatcher Gate Stack
+
+Every action the LLM proposes passes through a stack of deterministic gates before execution. Gates are registered as skills with ~defskill~ and sorted by priority (highest first) in ~cognitive-verify~ (core-loop-reason.lisp).
+
+| Priority | Gate                      | What It Checks                                           |
+|----------+---------------------------+----------------------------------------------------------|
+| 600      | security-permissions      | Tool permission table (allow/ask/deny per tool)          |
+| 600      | security-vault            | Credential storage integrity                             |
+| 500      | security-policy           | Requires :explanation on every action                    |
+| 150      | security-dispatcher       | 11-check safety: lisp, secret path, self-build,          |
+|          | (the Dispatcher)          | content exposure, vault, privacy tags, privacy text,      |
+|          |                           | shell safety, network exfil, high-impact approval         |
+| 95       | security-validator        | Protocol schema validation                               |
+| 100      | system-archivist          | Scribe and Gardener maintenance on heartbeat             |
+| 80       | system-event-orchestrator | Cron job dispatch on heartbeat                           |
+
+Gates return either the action (passed through unchanged), a rejection (:LOG or :EVENT with block reason), or an approval request (:EVENT with :level :approval-required). Rejections feed back to the LLM as a rejection trace — the model sees what it proposed, which gate blocked it, and why, and retries with that context (up to 3 retries). Approval requests create Flight Plan Org nodes requiring human review via the HITL workflow.
+
+Every gate is a pure Common Lisp function. Verification costs 0 LLM tokens. Contrast with prompt-based guardrails (Claude Code, OpenClaw, Hermes Agent) which consume 100–500 LLM tokens per verification.
+
+For the rationale behind deterministic vs prompt-based safety, see Design Decisions: The Probabilistic-Deterministic Split and The Dispatcher as Learning System.
+
+* Embedding & Semantic Retrieval Pipeline
+
+Every memory-object can carry an embedding vector for semantic search. The pipeline:
+
+1. *Ingest* — ~ingest-ast~ (core-memory.lisp) calls ~embeddings-compute~ on new objects, storing the vector in ~memory-object-vector~.
+2. *Queue* — objects with stale vectors are queued via ~mark-vector-stale~. The ~embed-all-pending~ cron job (every 10 minutes, :REFLEX tier) drains the queue and recomputes vectors.
+3. *Retrieval* — ~context-awareness-assemble~ (core-context.lisp) passes the foveal node's vector to ~context-object-render~. Nodes with cosine similarity ≥ threshold against the foveal vector are rendered in full rather than as title-only.
+
+Three backends are available, selected via ~EMBEDDING_PROVIDER~:
+- :local — Ollama-compatible /api/embeddings endpoint (e.g., nomic-embed-text)
+- :openai — OpenAI /v1/embeddings API (e.g., text-embedding-3-small)
+- :hashing — zero-dependency lexical fallback using trigram Jaccard similarity (replaced SHA-256 hashing in v0.4.0 because cryptographic hashes maximise output divergence — the opposite of what a similarity metric needs)
+
+For the design rationale, see Design Decisions: Token Economics and Performance Advantage.
+
+* Skill Lifecycle
+
+1. *Discovery:* ~skill-initialize-all~ scans the skills directory, globs for ~*.lisp~ files (excluding ~core-*~ files which are loaded by ASDF)
+2. *Sorting:* ~skill-topological-sort~ orders skills by their ~#+DEPENDS_ON:~ declarations
+3. *Loading:* Each skill is loaded into a jailed package (~passepartout.skills.<skill-name>~). The loader removes ~in-package~ forms, evaluates the remaining code in the jailed package, and exports symbols matching the skill's short name to ~passepartout~
+4. *Registration* The skill's ~defskill~ call creates a ~skill~ struct in ~*skill-registry*~, registering its trigger function, probabilistic prompt generator, deterministic gate, and system-prompt augment
+5. *Triggering:* On each cognitive cycle, ~skill-triggered-find~ iterates the registry and returns the highest-priority skill whose trigger matches the context
+6. *Hot-reload:* A skill can be replaced at runtime by loading a new version into its jailed package — no restart needed
+
+* Communication protocol Format
+
+All communication between the daemon and its gateways (TUI, CLI, Emacs) uses length-prefixed plists over TCP:
+
+```
+00002C(:TYPE :EVENT :PAYLOAD (:ACTION :handshake :VERSION "0.4.0"))
+```
+
+The 6-character hex prefix encodes the payload length. The payload is a ~prin1~-serialized plist. ~*read-eval*~ is bound to nil on the receiving end to prevent code injection.
+
+** Standard message envelope:
+
+| Key | Value | Meaning |
+|-----|-------|---------|
+| ~:TYPE~ | ~:REQUEST~, ~:EVENT~, ~:RESPONSE~, ~:LOG~, ~:STATUS~ | Message category |
+| ~:META~ | plist | ~:SOURCE~, ~:SESSION-ID~, ~:reply-stream~ |
+| ~:PAYLOAD~ | plist | Action-specific data (~:SENSOR~, ~:ACTION~, ~:TEXT~) |
+| ~:DEPTH~ | integer | Recursion counter for loop prevention |
+
+The protocol lifecycle begins with a handshake: the daemon sends a :handshake action with its version, and the client responds with its capabilities. After handshake, either side can send any message type. The daemon never initiates a disconnect — clients poll for messages and reconnect on EOF.
+
+Planned for v0.6.3: streaming chunk frames (~:type :stream-chunk~) carrying partial LLM output. The final chunk is an empty string signalling end-of-stream, enabling interrupt-and-redirect from the client side.
--- a/docs/CHANGELOG.org
+++ b/docs/CHANGELOG.org
@@ -1,26 +0,0 @@
-#+TITLE: Changelog
-#+STARTUP: content
-
-* v0.1.0 - The Autonomous Foundation (2026-04-20)
-This is the initial MVP release of the ~opencortex~. It establishes a secure, auditable Lisp kernel for a personal operating system.
-
-** Features
- **Unified Envelope Architecture:** Actuator-agnostic protocol that decouples routing metadata from cognitive payloads, ensuring all clients (TUI, Emacs, CLI, Matrix) are treated as equal citizens.
- **Metabolic Pipeline:** Robust Perceive-Reason-Act loop with selective memory rollbacks and graceful shutdown handling.
- **Verification Lock:** Mandatory skill enforcement via environment configuration. System halts if security policies or bouncers fail to load.
- **Foveal-Peripheral Context:** High-resolution focus on active tasks with low-resolution skeletal awareness of the rest of the Memex.
- **The Bouncer:** Last-mile deterministic security gate with Deep Packet Inspection for secrets and network exfiltration.
- **Autonomous Scribe:** Background distillation worker that turns daily journal entries into evergreen Zettelkasten notes. Verified to distill atomic concepts autonomously.
- **Autonomous Gardener:** Heartbeat-driven worker that repairs broken links and identifies orphaned nodes in the Memex graph.
- **Unified Onboarding:** Single-command installation (~opencortex.sh~) with Docker support, OS detection, and automated dependency resolution.
- **Channel-Aware TUI:** Interactive Croatoan-based terminal client with clean, human-readable formatting for tool results and system logs.
- **CLI Gateway:** Local TCP socket server for pipe-friendly interaction and frictionless first contact.
-
-** Licensing & Community
- **AGPLv3 License:** OpenCortex is now officially licensed under the GNU Affero General Public License v3.0.
- **Contributor License Agreement:** Implemented a broad CLA (~CLA.org~) for long-term project sustainability.
-
-** Architectural Shift
- Transitioned to **Literate Granularity**: Every function and invariant is now formally documented in its own Org block.
- **Provider Agnosticism:** Implemented a dynamic LLM cascade (OpenRouter, Ollama, etc.) removing all hardcoded backend dependencies.
- **Thin Harness Philosophy:** Decoupled the kernel from specific editors or third-party gateways.
--- a/docs/CONTRIBUTING.org
+++ b/docs/CONTRIBUTING.org
@@ -1,44 +1,116 @@
-#+TITLE: Contributing to OpenCortex
-#+AUTHOR: OpenCortex Contributors
+#+TITLE: Contributing to Passepartout
+#+AUTHOR: Passepartout Contributors
 #+STARTUP: content
 #+FILETAGS: :docs:contributing:

 * Philosophy
-OpenCortex is built on a "Zero-Bloat" mandate. The core kernel is mathematically pure, pushing all peripheral logic, API integrations, and routing to hot-reloadable "Skills".
+Passepartout is built on a "Zero-Bloat" mandate. The core kernel is mathematically pure, pushing all peripheral logic, API integrations, and routing to hot-reloadable "Skills".

-* Literate Granularity
-We strictly adhere to Literate Programming using Org-mode.
- *Never* edit `.lisp` files in `src/` directly.
- Modify the corresponding `.org` files in the `literate/` or `skills/` directories.
- Run `org-babel-tangle` to generate the source code.
- Every architectural decision, constraint, and implementation detail must be documented alongside the code in the `.org` file.
+* Development Workflow
+
+The full development cycle is described in ~AGENTS.md~. In summary:
+
+1. *Think in org* — write reasoning and goals in the .org file
+2. *Write contract* — define each function's behavior in a ~** Contract~ section
+3. *TDD from contract* — each contract item becomes a ~fiveam:test~; prove RED then GREEN
+4. *Reflect in org* — ensure implementation is in .org source
+5. *Update literate prose* — explain the code: what, why, how it connects
+
+* Literate Programming
+
+~.org~ files in ~org/~ are the source of truth. ~lisp/~ files are generated by ~org-babel-tangle~.
+
+- Never edit =lisp/= files directly — always modify the corresponding =org/= file
+- All ~#+begin_src lisp~ blocks in a file inherit their tangle destination from the file-level ~#+PROPERTY: header-args:lisp :tangle ../lisp/FILE.lisp~
+- Every architectural decision, constraint, and implementation detail must be documented alongside the code
+
+* Contracts and Tests
+
+Every code change starts with a contract and a failing test. Write a ~** Contract~ section listing each function's behavior, then create a ~fiveam:test~ in the ~* Test Suite~ section for each contract item.
+
+To run tests for a specific file:
+
+#+begin_src bash
+sbcl --noinform \
+  --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' \
+  --eval '(ql:quickload :passepartout :silent t)' \
+  --eval '(load "lisp/FILE.lisp")' \
+  --eval '(fiveam:run (intern "SUITE-NAME" :passepartout-TESTS))' --quit
+#+end_src
+
+No test may be committed without proof it was first run to failure (RED).

 * Skill Creation Standard
-Skills are the building blocks of OpenCortex. They reside in the `skills/` directory.

-A skill must define:
-1. *Trigger*: A lambda determining if the skill should activate based on the context.
-2. *Probabilistic Gate*: Optional. Generates a prompt for the LLM.
-3. *Deterministic Gate*: A hardcoded Lisp function that guarantees safety or executes side-effects (the "Bouncer" pattern).
+A skill is a =.org= file in =org/= that defines:

-Example Registration:
+1. *Contract* — what the skill guarantees
+2. *Implementation* — the code, tangled to ~lisp/~ via ~#+PROPERTY: header-args:lisp~
+3. *Skill Registration* — a ~defskill~ form with ~:priority~, ~:trigger~, ~:probabilistic~ / ~:deterministic~
+4. *Test Suite* — ~fiveam:test~ forms verifying the contract
+
+Example:
 #+begin_src lisp
-(defskill :skill-example
+(defskill :passepartout-example
  :priority 100
  :trigger (lambda (ctx) ...)
-  :probabilistic nil
+  :probabilistic (lambda (ctx) ...)
  :deterministic (lambda (action ctx) ...))
 #+end_src

-* The Unified Envelope (Communication Protocol)
-All inter-process communication occurs via the Unified Envelope. Do not use legacy specific types like `:CHAT`.
- Always use semantic types: `:REQUEST`, `:EVENT`, `:RESPONSE`, `:STATUS`, `:LOG`.
- Include routing metadata in the `:META` block (e.g., `(:SOURCE :TUI)`).
- Ensure generated `:REQUEST` messages include a mandatory `:TARGET` field.
+* Project Structure

-* Pull Request Process
-1. Ensure your working tree is clean.
-2. Write tests for your skill in `tests/`.
-3. Tangle all files.
-4. Run the test suite: `sbcl --eval "(asdf:test-system :opencortex)"`.
-5. Submit a PR outlining the architectural intent and the specific Literate changes.
+| Directory            | Purpose                                          |
+|----------------------+--------------------------------------------------|
+| =org/=               | Literate source files (edit these)               |
+| =lisp/=              | Tangled .lisp output (never edit)                |
+| =docs/=              | ROADMAP, ARCHITECTURE, DESIGN_DECISIONS, etc.    |
+| =scripts/=           | Build and utility scripts                        |
+| ~/.local/share/passepartout/= | XDG data dir — deployed lisp files     |
+| ~/.config/passepartout/=     | Config (.env)                          |
+
+* Key Libraries
+
+| Library          | Purpose                          |
+|------------------+----------------------------------|
+| Croatoan         | TUI (terminal UI)                |
+| usocket          | TCP sockets (daemon protocol)    |
+| bordeaux-threads | Threading (reader thread)        |
+| dexador          | HTTP client (LLM API calls)      |
+| cl-ppcre         | Regex (search-files, dispatcher) |
+| ironclad         | SHA-256 (Merkle hashing)         |
+| hunchentoot      | HTTP server                      |
+| cl-json          | JSON encoding/decoding           |
+
+* Protocol
+
+All inter-process communication uses the Unified Envelope protocol over TCP (port 9105). Message types: ~:REQUEST~, ~:EVENT~, ~:RESPONSE~, ~:STATUS~, ~:LOG~. Each message includes a ~:META~ block with routing metadata.
+
+* Pre-Commit Hook
+
+Validates staged org files by tangling + structural-checking:
+#+begin_src bash
+ln -sf ../../scripts/pre-commit-repl-check .git/hooks/pre-commit
+#+end_src
+Runs automatically on ~git commit~.
+
+* Testing Tools
+
+** TUI REPL (~/eval~)
+The TUI has a built-in command for live evaluation:
+- ~/eval (+ 1 2)~ → result displayed in chat window
+- ~/eval (add-msg :system "test")~ → inject a test message
+
+** Tmux (TUI integration testing)
+#+begin_src bash
+tmux new-session -d -s test "passepartout tui 2>&1 | tee /tmp/tui.log"
+tmux send-keys -t test "hello world" Enter
+tmux capture-pane -t test -p -S -200
+tmux kill-session -t test
+#+end_src
+
+** Swank (Emacs REPL for TUI)
+1. Start TUI: ~passepartout tui~
+2. In Emacs: ~M-x slime-connect RET 127.0.0.1 RET 4006~
+3. ~C-M-x~ any form from =org/gateway-tui.org= → evaluates in live TUI process
+4. Configure port: ~export TUI_SWANK_PORT=4009~ (default: 4006)
--- a/docs/DESIGN_DECISIONS.org
+++ b/docs/DESIGN_DECISIONS.org
--- a/docs/ROADMAP.org
+++ b/docs/ROADMAP.org
--- a/docs/USER_MANUAL.org
+++ b/docs/USER_MANUAL.org
@@ -1,56 +1,461 @@
-#+TITLE: OpenCortex User Manual
-#+AUTHOR: OpenCortex Contributors
+#+TITLE: Passepartout User Manual
+#+AUTHOR: Passepartout Contributors
 #+STARTUP: content
 #+FILETAGS: :docs:manual:

 * Introduction
-Welcome to OpenCortex v0.1.0 (The Autonomous Foundation). OpenCortex is a neurosymbolic AI agent and a Lisp Machine operating system designed to autonomously maintain your Memex (knowledge base) and interact with you via multiple, equal-citizen interfaces.
+Welcome to Passepartout. Passepartout is a neurosymbolic AI agent and a Lisp Machine operating system designed to autonomously maintain your Memex (knowledge base) and interact with you via multiple, equal-citizen interfaces.

 * Installation
-OpenCortex is bootstrapped via a single shell script.
+Passepartout is bootstrapped via a single shell script.
+
+** Quick start (curl)

 #+begin_src bash
-git clone ssh://git@10.10.10.201:2222/amr/opencortex.git
-cd opencortex
-./opencortex.sh setup
+curl -fsSL https://raw.githubusercontent.com/amrgharbeia/passepartout/main/passepartout | bash -s configure
 #+end_src

-This process will install SBCL, Quicklisp, and prompt you to create a `.env` file for your API keys.
+This will:
+1. Install system dependencies (SBCL, Emacs, git, curl, socat — detected for Debian or Fedora)
+2. Install Quicklisp (Common Lisp package manager)
+3. Tangle literate Org sources into runnable Lisp
+4. Launch the interactive setup wizard (LLM providers, gateways)
+
+If you already have Emacs installed, the installer skips it and uses your existing installation.

 * Configuration
-The system is configured via a `.env` file in the project root. Essential variables include:
+The system is configured via a ~.env~ file in the project root. Essential variables include:

- `OPENROUTER_API_KEY`: Your LLM provider key.
- `PROVIDER_CASCADE`: The fallback order for LLM providers (e.g., `openrouter,ollama,anthropic`).
- `MEMEX_DIR`: The absolute path to your knowledge base (defaults to `~/memex`).
+- ~OPENROUTER_API_KEY~: Your LLM provider key.
+- ~PROVIDER_CASCADE~: The fallback order for LLM providers (e.g., ~openrouter,ollama,anthropic~).
+- ~MEMEX_DIR~: The absolute path to your knowledge base (defaults to ~/memex~).

-* Interacting with OpenCortex
+* Interacting with Passepartout
 Because of the Unified Envelope Architecture, the kernel treats all clients as interchangeable. You must first boot the background daemon:

 #+begin_src bash
-./opencortex.sh --boot &
+./passepartout --boot &
 #+end_src

 ** Terminal User Interface (TUI)
 For a rich, split-pane terminal experience:
 #+begin_src bash
-./opencortex.sh tui
+./passepartout tui
 #+end_src

 ** Command Line Interface (CLI)
 For raw, pipe-friendly interaction:
 #+begin_src bash
-./opencortex.sh cli
+./passepartout cli
 #+end_src

-** Emacs Integration
-OpenCortex functions as your "foveal vision" inside Emacs.
-1. Ensure `org-agent.el` is loaded.
-2. Run `M-x opencortex-connect`.
-3. Interact via the `*opencortex-chat*` buffer.
+** TUI Commands
+
+When connected via the TUI, the following commands are available (type them in the input area and press Enter):
+
+| Command               | Action                                                 |
+|-----------------------+--------------------------------------------------------|
+| ~/help~               | List all available commands                             |
+| ~/focus <project>~    | Set the agent's foveal focus to a project by name      |
+| ~/scope memex~        | Set scope to full memex (all projects visible)         |
+| ~/scope session~      | Set scope to current session only                       |
+| ~/scope project~      | Set scope to focused project only                       |
+| ~/unfocus~            | Clear the foveal focus                                  |
+| ~/approve HITL-xxxx~  | Approve a pending HITL action by its token              |
+| ~/deny HITL-xxxx~     | Deny a pending HITL action by its token                 |
+| ~/theme <name>~       | Switch theme (dark, light, solarized, gruvbox)         |
+| ~/cost~               | Toggle session cost display in status bar               |
+| ~/voice on~           | Enable voice capture (planned v0.7.3)                  |
+| ~/voice off~          | Disable voice capture                                   |
+| ~/quit~               | Save history and exit (planned v0.3.3)                 |
+
+For multi-line input, start the line with ~\~ then press Enter to insert a newline without sending.
+
+** Human-in-the-Loop Approval
+
+When the Dispatcher blocks a high-risk action (shell command, network call, core file modification), it creates a Flight Plan requiring your approval.
+
+1. The TUI displays a yellow message: ~→ HITL required: /approve HITL-ab12~
+2. Review the proposed action in the Dispatcher trace (expand with Tab)
+3. Type ~/approve HITL-ab12~ to approve, or ~/deny HITL-ab12~ to deny
+4. Approved actions are re-injected into the pipeline and executed
+5. Denied actions are discarded and the Dispatcher records the decision as a permanent rule
+
+Each approval or denial teaches the Dispatcher — the rule counter in the status bar (~[Rules: 47]~) increments with every decision.

 * The Memex Structure
-OpenCortex assumes a local folder structure representing your "Memex".
+Passepartout assumes a local folder structure representing your "Memex".
 - Core memories and identities are mapped to Org-mode files.
- The `Scribe` background worker distills chronological logs into structured Zettelkasten notes.
- The `Gardener` continuously repairs broken links and flags orphaned nodes.
+- The ~Scribe~ background worker distills chronological logs into structured Zettelkasten notes.
+- The ~Gardener~ continuously repairs broken links and flags orphaned nodes.
+
+* How Safety Works
+
+Passepartout enforces safety through ten deterministic gates. Every action the agent wants to take — reading a file, running a shell command, sending network traffic — passes through these gates before execution. Critically, all ten gates are pure Lisp functions: they cost zero LLM tokens to evaluate. Safety checking never touches your provider budget.
+
+** The Ten Safety Gates
+
+| Gate | What It Checks |
+|------+----------------|
+| Lisp syntax | Validates that any Lisp code is well-formed before evaluation |
+| Secret file paths | Blocks reads from known secret directories (~.ssh~, ~.env~, ~.aws~, etc.) |
+| Self-build core | Prevents modification of the agent's own source and build files |
+| Secret content | Scans text output for API keys, tokens, or credential patterns |
+| Vault secrets | Guards any secret stored in the encrypted vault |
+| Privacy tags | Respects ~@privacy:~ annotations on memory objects and files |
+| Privacy text leaks | Scans outgoing text for PII (emails, phone numbers, addresses) |
+| Shell safety | Blocks destructive commands (~rm -rf~, ~:(){:|:&};:~, ~mkfs~, ~dd~) |
+| Network exfiltration | Blocks outbound traffic carrying private data to unknown hosts |
+| High-impact actions | Catches system-level changes (package installs, service restarts, mount) |
+
+** Severity Tiers
+
+Each gate assigns a severity to the action it inspects:
+
+| Severity   | Behavior                                              |
+|------------+-------------------------------------------------------|
+| Catastrophic | Always blocked. No approval possible.                |
+| Dangerous    | Requires HITL approval. Generates a Flight Plan.    |
+| Moderate     | Allowed, but logged. The agent learns from the outcome. |
+| Harmless     | Always allowed. No logging overhead.                 |
+
+** What Happens When an Action Is Blocked
+
+When a gate blocks an action, the Dispatcher creates a Flight Plan — a structured record of what the agent wants to do, why it was blocked, and which gate triggered. The Flight Plan is presented to you for review. You can approve it (~/approve~), deny it (~/deny~), or ask the agent to clarify its intent (~/clarify~). Once you approve, the action executes immediately. Once you deny, the Dispatcher records the decision as a permanent rule and will never propose that action again.
+
+* Understanding Context and Focus
+
+Passepartout uses a foveal-peripheral context model, inspired by human vision. This is how the agent decides what to pay attention to in your Memex.
+
+** The Three Levels of Attention
+
+- ~/foveal/~ — What the agent reads deeply and reasons about right now. Anything you explicitly mention, plus the current focused project.
+- ~/peripheral/~ — What the agent knows exists (titles, summaries, metadata) but does not read in detail. Everything in scope.
+- ~/blind/~ — Outside scope. The agent cannot see or access it.
+
+** Focus Commands
+
+| Command             | Effect                                                  |
+|---------------------+---------------------------------------------------------|
+| ~/focus <project>~  | Set the agent's foveal attention to a project           |
+| ~/scope memex~      | Expand scope to everything in your Memex               |
+| ~/scope session~    | Narrow scope to just the current conversation           |
+| ~/scope project~    | Narrow scope to the focused project only               |
+| ~/unfocus~          | Clear the foveal focus; the agent sees everything at peripheral level |
+
+** The Focus Map
+
+The status bar displays a focus map — a compact representation of what the agent is "looking at." Projects in foveal view are highlighted; peripheral projects are dimmed. When you change focus, the map updates in real time so you always know the agent's current attention budget.
+
+* Skills and What They Do
+
+Skills are hot-reloadable modules that extend the agent's capabilities. Unlike core system files, a bug in a skill degrades the agent but does not kill it — skills can be repaired by the agent itself. Skills are organized into categories by function:
+
+** Core Pipeline
+The agent's cognitive loop: Perceive (consume input) → Reason (think with the LLM) → Act (execute tools). This is the central nervous system of the agent.
+
+** Security
+~Dispatcher~, ~Policy~, ~Permissions~, ~Validator~, ~Vault~. These skills enforce the safety gates, manage approval workflows, encrypt secrets, and verify that every action conforms to the rules you have set.
+
+** Channels
+~TUI~, ~CLI~, ~Telegram~, ~Signal~, ~Discord~, ~Slack~, ~Shell~. Each channel is a separate skill that handles I/O for a specific interface. All channels are equal citizens — the agent treats a message from Telegram identically to one typed in the TUI.
+
+** Programming
+~Lisp~, ~Org~, literate tools, ~REPL~, standards libraries. These skills allow the agent to write, evaluate, and reason about Lisp code, manage Org-mode documents, and tangle literate programs into runnable source.
+
+** Symbolic
+~Awareness~, ~Scope~, ~Events~, ~Config~, ~Memory~, ~Identity~, ~Time~. These skills manage the agent's internal state: what it knows about itself, what it remembers, how it configures its behavior, and how it tracks time and events.
+
+** Neuro
+~Provider~, ~Router~, ~Explorer~. These skills manage the LLM backends. The Provider skill abstracts each LLM API; the Router decides which provider to use based on cost, latency, and availability; the Explorer discovers new providers.
+
+** Embedding
+Backends for semantic search and native inference. These skills enable the agent to embed text, search your Memex by meaning rather than exact keyword, and run local inference without network calls.
+
+** Economics
+~Tokenizer~, ~Cost Tracker~, ~Token Economics~. These skills count tokens, estimate costs before making LLM calls, track spending across providers, and enforce budget limits.
+
+* The Tool System
+
+The agent has ten cognitive tools — discrete actions it can take to interact with your environment. Each tool maps to a specific capability.
+
+** Read-Only Tools
+
+| Tool              | What It Does                                |
+|-------------------+---------------------------------------------|
+| ~search-files~    | Search file contents with regex patterns    |
+| ~find-files~      | Find files by name using glob patterns      |
+| ~read-file~       | Read the contents of a file on disk         |
+| ~list-directory~  | List the contents of a directory            |
+| ~org-find-headline~ | Find a headline in an Org-mode file       |
+
+** Write Tools
+
+| Tool              | What It Does                                |
+|-------------------+---------------------------------------------|
+| ~write-file~      | Create or overwrite a file on disk          |
+| ~org-modify-file~ | Modify an Org-mode file structurally        |
+| ~run-shell~       | Execute a shell command                     |
+| ~eval-form~       | Evaluate a Lisp expression                  |
+| ~run-tests~       | Execute a test suite                        |
+
+** Auto-Approval
+
+Write tools are subject to safety-gate inspection. Read-only tools are auto-approved by default (though the agent still checks for secret-file reads). You can configure per-tool auto-approval in your ~.env~ file with the ~AUTO_APPROVE_TOOLS~ variable:
+
+#+begin_src bash
+# Auto-approve read-file and find-files (default)
+AUTO_APPROVE_TOOLS=read-file,find-files,list-directory,search-files
+#+end_src
+
+* Cost Tracking
+
+Every LLM call costs tokens, and tokens cost money. Passepartout tracks this transparently.
+
+** Token Budgets
+
+Set ~CONTEXT_MAX_TOKENS~ in your ~.env~ file to cap the total context window the agent may use per interaction:
+
+#+begin_src bash
+CONTEXT_MAX_TOKENS=128000
+#+end_src
+
+The agent will truncate older context rather than exceed this limit.
+
+** Per-Call Cost Tracking
+
+Before every LLM call, the Economics skill estimates the cost (prompt tokens + expected completion tokens) and checks it against your budget. After the call, it records actual usage. The status bar shows your session total.
+
+** The ~/cost~ Command
+
+Toggle cost display in the status bar with ~/cost~. When enabled, you'll see a running total like ~[$0.047]~ showing the estimated cost of the current session.
+
+** Per-Provider Pricing
+
+Different providers charge different rates. The Router skill is aware of this and will choose the cheapest viable provider for each call unless you pin a specific provider:
+
+#+begin_src bash
+# Pin to a specific provider
+PROVIDER_CASCADE=anthropic
+#+end_src
+
+** Prompt Prefix Caching
+
+Providers that support prefix caching (Claude via Anthropic, some OpenRouter models) automatically benefit from it. The agent reuses the system prompt prefix across calls, and the Economics skill tracks the cache-hit savings separately in the cost breakdown.
+
+* Session Control
+
+Passepartout maintains a session history with checkpointed memory snapshots. You can move backward and forward through your session state.
+
+** Undo and Redo
+
+| Command      | Effect                                                   |
+|--------------+----------------------------------------------------------|
+| ~/undo~      | Restore the memory to the state before your last action  |
+| ~/redo~      | Re-apply the last undone action                          |
+| ~/rewind <n>~ | Restore the memory to the state n actions ago           |
+
+** What Gets Restored
+
+A session rewind restores three things: file changes (files written or modified are reverted), memory objects (the agent's internal knowledge), and TODO states (the roadmap and task tracking). This means you can safely let the agent explore and experiment — if it goes down a wrong path, rewind and redirect.
+
+* Gate Trace Reference
+
+Below every agent message in the TUI, you'll see colored lines representing the safety-gate trace for that message. These show you exactly which gates ran on the agent's actions and what happened.
+
+| Symbol | Meaning                                                    |
+|--------+------------------------------------------------------------|
+| ~✓~    | Green — the gate passed. The action was allowed.            |
+| ~✗~    | Red — the gate blocked the action. The reason is shown.     |
+| ~→~    | Yellow — HITL approval required. A Flight Plan is pending.  |
+
+Press ~Ctrl+G~ to toggle gate trace visibility on and off. The most recent gate trace for your last interaction is always available via the ~/why~ command — type ~/why~ and the agent will display the full trace with explanations.
+
+* Tag System
+
+Passepartout uses an Org-mode tag system to annotate and control behavior. Tags are metadata appended to headlines and memory objects.
+
+** Severity Tags
+
+The ~@tag:severity~ tier controls how strictly the safety system handles a tagged item:
+
+| Tag              | Behavior                                                     |
+|------------------+--------------------------------------------------------------|
+| ~@tag:block~     | The tagged item is treated as catastrophic — always blocked  |
+| ~@tag:warn~      | The tagged item triggers HITL approval when accessed         |
+| ~@tag:log~       | Access is allowed but logged for audit                       |
+
+** Tag Categories
+
+Configure which tags trigger which behavior with the ~TAG_CATEGORIES~ environment variable:
+
+#+begin_src bash
+TAG_CATEGORIES=block:warn:log
+#+end_src
+
+** The ~/tags~ Command
+
+Type ~/tags~ to list all tags currently active in the agent's scope, along with their severity levels and the files or memory objects they apply to.
+
+* HITL Deep Dive
+
+When the Safety system blocks an action, a structured workflow begins. Understanding this workflow helps you make informed approval decisions quickly.
+
+** The Flight Plan Lifecycle
+
+1. /Trigger/: A gate rates an action Dangerous or Catastrophic, or a ~@tag:warn~ tag is encountered.
+2. /Plan/: The Dispatcher serializes the proposed action into a Flight Plan: what tool, what arguments, what file or command, which gate triggered.
+3. /Display/: The TUI shows a yellow prompt with the Flight Plan token (~HITL-ab12~).
+4. /Review/: Press ~Tab~ to expand the gate trace and see the full Flight Plan details.
+5. /Decision/: You type ~/approve HITL-ab12~ or ~/deny HITL-ab12~.
+6. /Execute or Discard/: Approved plans execute immediately. Denied plans are discarded.
+7. /Learn/: The Dispatcher increments its rule counter and records the decision as a permanent rule. If you denied an action, the Dispatcher will never propose it again.
+
+** Clarifying Questions
+
+If you are unsure why the agent wants to perform an action, you can ignore the Flight Plan prompt. After three retries without a decision, the agent escalates by injecting a ~/clarify~ message into the pipeline, asking the agent to explain its intent in plain language. You can then approve or deny with full context.
+
+** The Rule Counter
+
+The status bar shows ~[Rules: N]~ — the number of permanent rules the Dispatcher has learned from your decisions. Each approval or denial is a learning event. Over time, the Dispatcher builds a personalized safety profile that reflects your preferences: which actions you always approve, which you always deny, and which you want to review case by case.
+
+* TUI Keybinding Reference
+
+The TUI supports a rich set of keyboard shortcuts for efficient interaction.
+
+** Editing Keys
+
+| Combo     | Action                                    |
+|-----------+-------------------------------------------|
+| ~Ctrl+D~  | Quit the TUI                              |
+| ~Ctrl+U~  | Clear the current input line              |
+| ~Ctrl+W~  | Delete the word before the cursor         |
+| ~Ctrl+A~  | Move cursor to beginning of line (Home)   |
+| ~Ctrl+E~  | Move cursor to end of line               |
+| ~Ctrl+K~  | Delete from cursor to end of line         |
+| ~Ctrl+L~  | Redraw the screen                         |
+| ~Ctrl+X+E~ | Open the current input in your external editor (~$EDITOR~) |
+| ~Tab~     | Autocomplete commands, themes, and file paths |
+
+** Navigation and Control
+
+| Combo            | Action                                           |
+|------------------+--------------------------------------------------|
+| ~Ctrl+C~         | Interrupt (cascade: stop streaming → stop thinking → quit) |
+| ~Ctrl+F~         | Search through message history                   |
+| ~Ctrl+P~         | Open the command palette                         |
+| ~Ctrl+G~         | Toggle gate trace visibility                     |
+| ~Ctrl+X+B~       | Toggle the sidebar (focus map, memory browser)   |
+| ~Page Up~        | Scroll chat up by 10 lines                       |
+| ~Page Down~      | Scroll chat down by 10 lines                     |
+| ~Up Arrow~       | Previous input in command history                |
+| ~Down Arrow~     | Next input in command history                    |
+
+** The Status Bar
+
+The status bar at the bottom of the TUI shows the agent's current state at a glance. Each indicator has a specific meaning:
+
+| Indicator        | Meaning                                                            |
+|------------------+--------------------------------------------------------------------|
+| ~[Connected]~    | Green — daemon is reachable on port 9105. Gray — disconnected.     |
+| ~[Mode: TUI]~    | The current interaction mode (TUI, CLI, Telegram, etc.)            |
+| ~[Msg: 142]~     | Total messages in the current session                              |
+| ~[↑ 12]~         | Scroll indicator — you are scrolled up 12 lines from the bottom    |
+| ~[◉]~            | Activity spinner — spinning means the agent is working             |
+| ~[⟳]~            | Streaming indicator — shown while the agent is generating text     |
+| ~[$0.047]~       | Session cost (visible when ~/cost~ is toggled on)                  |
+| ~[Rules: 52]~    | Number of permanent HITL rules learned from your decisions         |
+| ~[prj:my-proj]~  | Current focused project name                                       |
+
+* Deployment
+
+** Bare metal (Debian / Fedora)
+
+The ~configure~ command supports both Debian-based (Ubuntu, Pop, Mint) and Fedora-based (RHEL, Rocky) distributions. It detects your distro automatically and installs the correct packages.
+
+#+begin_src bash
+./passepartout configure              # interactive
+./passepartout configure --non-interactive  # headless
+./passepartout configure --with-firewall    # also open port 9105
+#+end_src
+
+After configuration, you can re-run ~configure~ any time to add providers or link gateways.
+
+** Binary install (save-lisp-and-die)
+
+For platforms where SBCL cannot be installed (corporate laptops, shared hosts, constrained environments), a self-contained binary is provided:
+
+#+begin_src bash
+curl -fsSL https://github.com/amrgharbeia/passepartout/releases/latest/download/passepartout -o passepartout
+chmod +x passepartout
+./passepartout daemon
+#+end_src
+
+This binary bundles SBCL, all required Lisp code, native embedding inference, and a Swank server on port 4005. The experience is identical to a source install — the REPL is available, skills hot-reload, and the image is mutable. Memory survives snapshots.
+
+The binary is a convenience for constrained platforms. It is not a sealed container. The system remains constitutionally open — connect with SLIME, trace functions, inspect memory objects, modify the system while it runs.
+
+** systemd service (auto-start on boot)
+
+#+begin_src bash
+./passepartout install service
+#+end_src
+
+Installs a user-level systemd unit that starts the daemon on login. Logs are available via ~journalctl --user -u passepartout.service -f~.
+
+To remove:
+
+#+begin_src bash
+./passepartout uninstall service
+#+end_src
+
+** Docker
+
+A Debian-based Docker image is provided for containerized deployment.
+
+#+begin_src bash
+cd infrastructure/docker
+docker-compose up -d
+#+end_src
+
+This builds an image from ~debian:trixie-slim~ with all dependencies pre-installed. The memex directory is mounted from the host.
+
+** Backup
+
+#+begin_src bash
+./passepartout backup ~/my-backup.tar.gz
+#+end_src
+
+Backs up the config, data, and memex directories.
+
+** Restore
+
+#+begin_src bash
+./passepartout restore ~/my-backup.tar.gz
+#+end_src
+
+Restores from a backup file. Run ~passepartout doctor~ afterward to verify integrity.
+
+* Troubleshooting
+
+** The daemon won't start
+- Check SBCL is installed: ~which sbcl~
+- Run ~passepartout doctor~ to diagnose
+- Check port 9105 is free: ~lsof -i :9105~
+- Check the log output for errors
+
+** The TUI connects but shows "Disconnected"
+- The daemon may have crashed. Run ~passepartout daemon~ in another terminal
+- If the daemon is running, check it's listening: ~lsof -i :9105~
+- Use ~/reconnect~ (planned v0.6.0) to reconnect without restarting the TUI
+
+** The LLM returns garbage or fails to respond
+- Run ~passepartout doctor~ to verify your LLM provider keys
+- Check ~PROVIDER_CASCADE~ in your ~.env~ file
+- Try switching models: edit ~.env~ and restart the daemon
+- If using local models via Ollama, verify Ollama is running: ~ollama list~
+
+** Memory fails to load on startup
+- Check ~/memory.snap~ exists and is valid S-expression format
+- Run ~passepartout doctor~ to diagnose memory integrity
+- If corrupted, delete ~/memory.snap~ and restart — the daemon starts with empty memory
--- a/docs/rca/rca-boot-sequence.org
+++ b/docs/rca/rca-boot-sequence.org
@@ -1,42 +0,0 @@
-#+TITLE: Root Cause Analysis: Micro-Loader & Deterministic Boot Sequence
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:boot:loader:topological-sort:autonomy:
-
-* Executive Summary
-Refactored the arbitrary skill loading mechanism into a robust **Micro-Loader**. The system now calculates a deterministic boot sequence based on `#+DEPENDS_ON:` tags and protects the harness from malformed or hanging skills via package-based jailing and execution timeouts.
-
-* 1. Issue: Fragile Load Order
-** Symptoms
-Skills that depended on functions or variables from other skills would randomly fail to load depending on the filesystem's directory traversal order.
-** Root Cause
-`initialize-all-skills` used a simple `dolist` over `uiop:directory-files`, which has no semantic awareness of inter-skill dependencies.
-** Resolution
-1. **Metadata Scanning:** Implemented `parse-skill-metadata` to extract `:ID:` and `#+DEPENDS_ON:` without executing code.
-2. **Topological Sort:** Implemented a DFS-based `topological-sort-skills` to guarantee that prerequisites are loaded before their dependents.
-3. **Circular Detection:** Added explicit detection and error reporting for circular dependency loops.
-
-* 2. Issue: Shared State Corruption (Brain Rot)
-** Symptoms
-Variables or functions with the same name in different skills would silently overwrite each other, causing unpredictable behavior.
-** Root Cause
-All skills were being evaluated directly into the `opencortex` package.
-** Resolution
-**Package-Based Jailing:** Each skill is now evaluated within its own dedicated, shadowed package (e.g., `OPENCORTEX.SKILLS.ORG-SKILL-CHAT`). This ensures logical isolation while still allowing access to kernel exports.
-
-* 3. Issue: Boot Stall (The Hanging Skill)
-** Symptoms
-A single skill with an infinite loop or heavy synchronous initialization could hang the entire agent during startup.
-** Root Cause
-Skill loading was strictly synchronous and blocking on the main thread.
-** Resolution
-**Execution Timeouts:** Implemented `load-skill-with-timeout`, which wraps the loader in a monitored thread. If a skill takes longer than 5 seconds to initialize, the loader terminates the thread, jails the failure, and continues with the rest of the boot sequence.
-
-* 4. opencortex Mandate Alignment
-** Evolutionary Kernel
-The boot sequence is now a verifiable, mathematical process rather than a side-effect of filesystem organization.
-** Literate Granularity
-The `org-skill-skills.org` source was refactored into a strictly granular "one definition per block" format.
-
-* 5. Permanent Learnings
- **Reverse Topological Order:** Remember that a DFS-based sort with `push` needs an `nreverse` to place dependencies at the front of the list.
- **Path Portability:** Use `uiop:getcwd` instead of `pwd` for more reliable path resolution across different Lisp implementations and OSes.
--- a/docs/rca/rca-bouncer.org
+++ b/docs/rca/rca-bouncer.org
@@ -1,33 +0,0 @@
-#+TITLE: Root Cause Analysis: Deterministic Engine Bouncer & Authorization Gate
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:bouncer:authorization:autonomy:security:
-
-* Executive Summary
-Implemented the "Planning Mode" Bouncer to intercept high-risk Probabilistic Engine proposals (e.g., shell commands, Lisp evaluation). The system now forces these actions into an asynchronous "Flight Plan" Org node for manual Autonomous approval, fulfilling the "everything is a node" and high-integrity mandates.
-
-* 1. Issue: Automated High-Risk Execution
-** Symptoms
-Probabilistic Engine proposals involving `shell` or `eval` were executed immediately upon passing the `decide` gate's safety harness. This lacked human-in-the-loop oversight for irreversible or complex operations.
-** Root Cause
-Architecture gap. The system lacked an authorization state between "Safe" and "Executed".
-** Resolution
-1. **Interceptor:** Added `bouncer-check` to `deterministic.lisp`. It flags high-risk actions that lack the `:approved t` property.
-2. **Asynchronous Event:** If flagged, the harness emits an `:approval-required` event.
-3. **Flight Plan Skill:** Created `org-skill-bouncer.org` to:
-   - Catch the event and create a serialized Org node with state `PLAN`.
-   - Monitor the Memory for `APPROVED` states.
-   - Re-inject approved actions with the `:approved t` bypass flag.
-
-* 2. Design Decision: Org-native Approval
-** Requirement
-Align with "Homoiconic Memory" and "Lisp Machine Autonomousty".
-** Selected Path
-State-Based Approval (Org-native).
- *Pros:* Auditable, asynchronous, utilizes existing Org-mode workflows.
- *Cons:* Slightly more latency than an interactive prompt.
-** Alignment
-Ensures that the agent's "Flight Plans" are first-class citizens in the Memex, allowing the Autonomous to review and approve them using standard GTD tools.
-
-* 3. Permanent Learnings
- **Serial Bypass:** Always include a specific bypass flag (e.g., `:approved t`) when re-injecting intercepted actions to prevent infinite interception loops.
- **Heartbeat Listeners:** Periodic scanning of the Memory for state transitions is an effective way to implement asynchronous authorization gates without blocking the harness.
--- a/docs/rca/rca-formal-verification.org
+++ b/docs/rca/rca-formal-verification.org
@@ -1,36 +0,0 @@
-#+TITLE: Root Cause Analysis: Lisp-Native Formal Verification Gate
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:security:formal-verification:autonomy:
-
-* Executive Summary
-Implemented a Lisp-Native Deterministic Prover to replace heuristic whitelisting with formal security invariants. This ensures that every high-impact action (shell, file I/O) is mathematically proven safe against the Autonomous's core mandates.
-
-* 1. Architectural Shift: Native vs. External
-** Issue
-The initial draft suggested using `Z3`, an external SMT solver. However, `Z3` was not available in the environment and would add significant complexity/bloat to the Docker image.
-** Resolution
-Leveraged Common Lisp's inherent strength in symbol manipulation to build a **Lisp-Native Prover**. Invariants are defined as high-order predicates that operate on the structure of proposed actions. This provides a self-contained, high-performance verification layer.
-
-* 2. Issue: Dependency Fragility
-** Symptoms
-System failed to load with `Package STR does not exist`.
-** Root Cause
-Incorrect assumption about the Quicklisp system name vs. the package name. The library is `cl-str` but the Quicklisp system is `str` and the package is `str`.
-** Resolution
-1. Updated `opencortex.asd` to depend on `:str`.
-2. Updated all source code and literate notes to use the `str:` prefix.
-3. Verified via explicit `ql:quickload` in the test runner.
-
-* 3. Formal Invariants Implemented
- **Path Confinement:** Deterministically proves that any file operation or absolute path in a shell command is strictly within the `/home/user/memex` root.
- **No Network Exfiltration:** Prevents the shell from invoking common exfiltration tools (`nc`, `ssh`, etc.) by inspecting the parsed command structure.
-
-* 4. opencortex Mandate Alignment
-** Soundness over Heuristics
-By moving to formal invariants, we have moved from "blacklisting bad things" to "proving safety." Any action that cannot be proven to satisfy all invariants is denied by default.
-** Literate Granularity
-The `org-skill-formal-verification.org` file follows the "one definition per block" mandate, ensuring that the logic of each invariant is individually documented and verifiable.
-
-* 5. Permanent Learnings
- **Tooling Independence:** Whenever possible, prefer native Lisp logic over external binaries for core security gates to reduce the attack surface and deployment complexity.
- **Environment Consistency:** Always use `(setf (uiop:getenv ...) ...)` for portable environment manipulation in tests.
--- a/docs/rca/rca-gateway-matrix.org
+++ b/docs/rca/rca-gateway-matrix.org
@@ -1,40 +0,0 @@
-#+TITLE: Root Cause Analysis: Matrix Gateway & Communication Track Completion
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:gateway:matrix:chat:autonomy:
-
-* Executive Summary
-Successfully implemented the third and final external communication channel (Matrix) for OpenCortex v1.0. Resolved integration issues related to case-sensitivity in JSON keys and strict header requirements in `dexador`.
-
-* 1. Issue: Symbol Casing in JSON Keys
-** Symptoms
-The `TEST-MATRIX-INBOUND-NORMALIZATION` test failed because `room-id` was being extracted as `"!ROOM:HS.ORG"` (uppercase) instead of `"!room:hs.org"`.
-** Root Cause
-Common Lisp's default reader converts symbol names to uppercase. When `(string car-of-alist)` was called on a symbol generated by `cl-json`, it produced an uppercase string.
-** Resolution
-Updated the implementation to use `(string-downcase (string ...))` for room IDs and other case-sensitive Matrix identifiers.
-
-* 2. Issue: Since Token Extraction Failure
-** Symptoms
-The sync loop failed to update the `*matrix-since-token*`, causing duplicate message processing risk.
-** Root Cause
-Anticipating `:next-batch` but receiving `:next--batch` (or vice versa) due to inconsistent `cl-json` behavior across different environments or structures.
-** Resolution
-Implemented a robust `(or (cdr (assoc :next-batch json)) (cdr (assoc :next--batch json)))` lookup to handle both hyphenation styles.
-
-* 3. Issue: Type Error in Authorization Headers
-** Symptoms
-`dex:put` crashed with a `TYPE-ERROR`.
-** Root Cause
-I was passing a single string or an incorrectly nested list where `dexador` expected a strict alist of header pairs `(("Key" . "Value") ...)`.
-** Resolution
-Standardized all gateway HTTP calls to use proper alist nesting for headers.
-
-* 4. Completion: Communication Track
-With Telegram, Signal, and Matrix gateways now verified and passing tests, the OpenCortex has achieved full multi-channel parity.
- **Telegram:** Polling via Bot API.
- **Signal:** Wrapping `signal-cli`.
- **Matrix:** Polling via `/sync` Client API.
-
-* 5. Permanent Learnings
- **Case Sensitivity:** Matrix IDs (rooms, users) are case-sensitive; Lisp symbols are not. Always force downcasing or use strings for storage.
- **Header Alists:** Always use dotted pairs `("Key" . "Value")` for `dexador` headers.
--- a/docs/rca/rca-gateway-signal.org
+++ b/docs/rca/rca-gateway-signal.org
@@ -1,33 +0,0 @@
-#+TITLE: Root Cause Analysis: Signal Gateway & Multi-Channel Chat
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:gateway:signal:chat:autonomy:
-
-* Executive Summary
-Successfully implemented the second external communication channel (Signal) using `signal-cli`. Further hardened the multi-channel chat logic and resolved JSON mapping discrepancies between Common Lisp and external CLI outputs.
-
-* 1. Issue: JSON Key Mapping Mismatch
-** Symptoms
-The `TEST-SIGNAL-INBOUND-NORMALIZATION` test failed despite the mock JSON appearing correct.
-** Root Cause
-`cl-json` default behavior for decoding. It converts camelCase keys from JSON (e.g., `dataMessage`) into kebab-case keywords in Lisp (e.g., `:DATA-MESSAGE`). I had incorrectly anticipated `:DATA--MESSAGE` or `:DATA_MESSAGE`.
-** Resolution
-1. **Diagnostic:** Added debug output to the test suite to inspect the exact plist structure returned by `cl-json`.
-2. **Correction:** Updated both the implementation and the literate note to use the correct `:DATA-MESSAGE` and `:SOURCE` keywords.
-
-* 2. Implementation: Signal-CLI Wrapper
-** Strategy
-Unlike Telegram's HTTP API, Signal requires a local binary (`signal-cli`). 
- **Sensor:** Uses `uiop:run-program` with `receive --json` in a polling loop (5s interval).
- **Actuator:** Uses `uiop:run-program` with `send -m <text> <recipient>`.
-** Security
-The system uses the pre-configured Signal account `+13322690326` discovered in the user's memex.
-
-* 3. Alignment with opencortex Mandates
-** Literate Granularity
-Strictly adhered to the "one definition per block" mandate throughout the new `org-skill-gateway-signal.org` file.
-** Verification
-The `gateway-signal-suite` (10 checks) provides full coverage for inbound parsing and outbound command generation.
-
-* 4. Permanent Learnings
- **JSON Semantics:** Always verify the specific keyword transformation rules of the JSON library when dealing with external CLI outputs.
- **Process Robustness:** `uiop:run-program` is the reliable standard for CLI-based gateways in SBCL.
--- a/docs/rca/rca-gateway-telegram.org
+++ b/docs/rca/rca-gateway-telegram.org
@@ -1,43 +0,0 @@
-#+TITLE: Root Cause Analysis: Telegram Gateway & Channel-Aware Chat
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:gateway:telegram:chat:autonomy:
-
-* Executive Summary
-Successfully implemented the first external communication channel (Telegram) and decoupled the Chat Agent from its Emacs-centric roots. Resolved significant load-order and dependency issues identified during integration.
-
-* 1. Issue: Undefined Foundational Functions
-** Symptoms
-During compilation, `gateway-telegram.lisp` failed with `UNDEFINED-FUNCTION` for `register-actuator` and `harness-log`.
-** Root Cause
-Poorly scoped foundational functions. These were defined in `core.lisp` (the loop orchestrator), which was loaded *after* the gateways in `opencortex.asd`. This created a "Circular Intention" where the gateways needed the harness to exist before the harness could load the gateways.
-** Resolution
-1. **Relocation:** Moved `*actuator-registry*` and `register-actuator` to `communication.lisp` (the foundation).
-2. **Reordering:** Adjusted `opencortex.asd` to load `core.lisp` (containing the stimulus loop) immediately after the deterministic gates but before the physical sensors (gateways).
-
-* 2. Issue: Hardcoded Chat UI
-** Symptoms
-The `Chat Agent` could only respond via Emacs buffer insertion, rendering it useless for external channels like Telegram.
-** Root Cause
-Architectural myopia. The original chat skill assumed the user was always in front of Emacs.
-** Resolution
-Refactored `org-skill-chat` to be **Channel-Aware**:
- It now extracts `:channel` and `:chat-id` from the inbound stimulus.
- It dynamically generates the Probabilistic Engine mandate, instructing the LLM to use the appropriate `:target` (e.g., `:telegram`) based on the conversation context.
-
-* 3. Side-Issue: UIOP Portability
-** Symptoms
-Tests failed with `Symbol "SETENV" not found in the UIOP/DRIVER package`.
-** Root Cause
-Misinterpretation of the `UIOP` API. `setenv` is not a standard export; the portable way is using `(setf (uiop:getenv ...) ...)`.
-** Resolution
-Updated all test environment setup to use the `setf` accessor.
-
-* 4. opencortex Mandate Alignment
-** Autonomous Boundary
-By moving the Telegram API logic to a user-space skill and communicating with the core via standard stimuli, we have respected the microkernel boundary.
-** Homoiconic Memory
-All Telegram interactions are now logged as `:chat-message` events, ensuring the agent's history is unified regardless of the platform.
-
-* 5. Permanent Learnings
- **Foundation First:** Registries and logging macros must reside in the most foundational layers (`protocol` or `package`) to avoid load-order fragility.
- **Instruct the Actuator:** When adding new channels, always update the Chat Agent's neural prompt so it knows how to "speak" back through the new interface.
--- a/docs/rca/rca-infrastructure-docker.org
+++ b/docs/rca/rca-infrastructure-docker.org
@@ -1,30 +0,0 @@
-#+TITLE: Root Cause Analysis: Containerized Infrastructure (Docker)
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:docker:deployment:infrastructure:autonomy:
-
-* Executive Summary
-Standardized the `opencortex` execution environment by creating a production-grade Docker infrastructure. This ensures that all system dependencies, including the Lisp runtime and external binaries like `signal-cli`, are locked down and portable.
-
-* 1. Architectural Intent: The "Clean Room" Model
-** Problem
-The `opencortex` was relying on host-local binaries (`sbcl`, `signal-cli`) and manually configured Quicklisp dists. This made deployment to other environments (e.g., a VPS or a Autonomous Home Server) fragile and prone to version drift.
-** Solution
-1. **Dockerfile:** Created a multi-step build process that installs Debian Bookworm, SBCL, Java, and `signal-cli 0.14.0`.
-2. **Pre-Caching:** The build process triggers a `ql:quickload` of the `:opencortex` system, ensuring all Lisp dependencies are pre-downloaded and stored in the image layer, drastically reducing startup time.
-3. **Compose Orchestration:** Standardized the runtime via `docker-compose.yml`, which handles volume mounting of the user's `memex` directory and injection of `.env` secrets.
-
-* 2. Volume Mapping & Persistence
-** Strategy
-To maintain the "Autonomous" mandate, the agent's code is isolated, but its memory (the `memex`) remains on the host. 
- **Mapping:** `../..` (host) -> `/memex` (container).
- **State:** Created a named Docker volume `signal-state` to ensure that `signal-cli` identities and cryptographic keys survive container restarts and image updates.
-
-* 3. Alignment with opencortex Mandates
-** Evolutionary Completion
-By moving to Docker, we have achieved "Evolutionary Completion" for the deployment track. The system is no longer a collection of scripts; it is a deployable appliance.
-** Documentation
-A new `Deployment Guide` was added to `docs/deployment.org` to ensure standard operating procedures are preserved.
-
-* 4. Permanent Learnings
- **Lisp Build Layers:** Always push the system to the ASDF registry and quickload during Docker build to bake dependencies into the image.
- **Compose Locality:** Placing the `docker-compose.yml` inside the `projects/opencortex/` folder keeps infrastructure code close to the implementation logic.
--- a/docs/rca/rca-lisp-repair-async.org
+++ b/docs/rca/rca-lisp-repair-async.org
@@ -1,33 +0,0 @@
-#+TITLE: Root Cause Analysis: Asynchronous Lisp Repair Syntax Gate
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:lisp:repair:decoupling:architecture:autonomy:
-
-* Executive Summary
-Reimplemented the `org-skill-lisp-repair` to align with the "Autonomous Boundary" mandate. The previously synchronous, core-blocking repair logic has been replaced with an asynchronous, event-driven architecture using the Reactive Signal Pipeline.
-
-* 1. Issue: Core Bloat & Synchronous Coupling
-** Symptoms
-The initial implementation of the Lisp Repair gate placed a `handler-case` and a dynamic function call (`repair-lisp-syntax`) directly inside the core `think` function (`probabilistic.lisp`). This forced the core to wait for repairs and made it "aware" of specific repair logic.
-** Root Cause
-Architectural shortcutting. By placing repair logic in the core execution path, we violated the microkernel principle which mandates that the core should be a "dumb" signal processor.
-** Resolution
-1. **Refactored Core:** `think` now only emits a `:syntax-error` stimulus if parsing fails. It no longer attempts to repair.
-2. **Asynchronous Skill:** `skill-lisp-repair` now triggers on the `:syntax-error` event. It performs the repair and returns the corrected action, which is then dispatched by the pipeline.
-
-* 2. Side-Issue: Nested Signal Payloads
-** Symptoms
-`TYPE-ERROR` during testing when extracting the broken code from the stimulus.
-** Root Cause
-Mismatched expectations of signal nesting. The skill expected the code at `(getf context :payload)`, but in the `decide-gate`, `context` is the full signal, and the error details were nested inside the `:candidate` field of that signal.
-** Resolution
-Updated the deterministic logic to correctly traverse the nested signal structure: `(getf (getf context :candidate) :payload)`.
-
-* 3. opencortex Mandate Alignment
-** Autonomous Boundary
-The core is now strictly a parser. Repair is an optional, user-space service.
-** Reactive Signal Pipeline
-Leveraged the pipeline's ability to re-inject `EVENT` signals to flatten the recursion of the repair loop.
-
-* 4. Permanent Learnings
- **Emit, Don't Call:** In a microkernel, if a non-fatal error occurs, always emit a signal rather than calling a recovery function. This allows the system to remain asynchronous and modular.
- **Signal Inspection:** When writing deterministic gates, always verify the exact shape of the `context` signal being passed by the harness to avoid nesting errors.
--- a/docs/rca/rca-playwright-bridge.org
+++ b/docs/rca/rca-playwright-bridge.org
@@ -1,39 +0,0 @@
-#+TITLE: Root Cause Analysis: Playwright-Python Bridge (High-Fidelity Browsing)
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:intelligence:browsing:automation:autonomy:
-
-* Executive Summary
-Successfully implemented a high-fidelity browsing bridge using Playwright and Python. This allows the `opencortex` to interact with modern, JavaScript-rendered web applications that were previously inaccessible via simple HTTP clients.
-
-* 1. Architectural Strategy: The I/O Bridge
-** Problem
-Common Lisp lacks a mature, native Playwright implementation. Direct bindings are complex and fragile.
-** Resolution
-Implemented a **JSON-over-STDIO Bridge**. 
- A standalone Python script (`browser-bridge.py`) manages the Playwright lifecycle and Chromium instance.
- The Lisp kernel communicates with this script using `uiop:run-program`, passing parameters via `stdin` and receiving structured results via `stdout`. This provides a stable, decoupled interface.
-
-* 2. Environment & Dependency Management
-** Issue
-Playwright requires a specific version of Chromium and several system-level libraries not present in the base Debian image.
-** Resolution
-Updated the `Dockerfile` to:
-1. Install Python3, pip, and venv.
-2. Create a virtual environment for isolated dependency management.
-3. Install the `playwright` package and execute `playwright install --with-deps chromium` during the image build. This ensures the production container is ready for high-fidelity browsing immediately upon startup.
-
-* 3. Cognitive Tooling
-Created the `:browser` cognitive tool, which exposes three primary capabilities to Probabilistic Engine:
- **Navigation:** Full JS rendering and waiting for network idle.
- **Extraction:** Targeted text retrieval via CSS selectors.
- **Vision:** Base64-encoded screenshot capture for future multimodal processing.
-
-* 4. opencortex Mandate Alignment
-** Zero-Bloat (Managed)
-While adding Playwright increases the image size, it is a "Complexity Earned" trade-off that dramatically expands the agent's capability frontier.
-** Literate Granularity
-The `org-skill-playwright.org` file strictly follows the "one definition per block" mandate.
-
-* 5. Permanent Learnings
- **Inter-Process JSON:** JSON is the ideal lingua franca for Lisp-Python bridges.
- **Path Portability:** Always use `uiop:native-namestring` when passing Lisp paths to external shell commands to ensure OS compatibility.
--- a/docs/rca/rca-provider-verification.org
+++ b/docs/rca/rca-provider-verification.org
@@ -1,40 +0,0 @@
-#+TITLE: Root Cause Analysis: Individual Provider Track Verification
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:providers:llm:testing:autonomy:
-
-* Executive Summary
-Verified the unified LLM gateway implementation for all 6 individual provider tracks (Anthropic, Gemini, Groq, OpenAI, OpenRouter, Ollama). Identified and resolved critical parsing failures in the Gemini track and integration gaps in the system build definition.
-
-* 1. Issue: Fragile Response Parsing (Gemini)
-** Symptoms
-Gemini API responses were returning `NIL` content during mocked unit tests, despite the JSON structure being seemingly correct.
-** Root Cause
-Recursive `assoc` / `car` / `cdr` chains were hardcoded and brittle. Specifically, the Gemini extraction logic was incorrectly attempting to treat a single alist pair as a list of pairs, causing `assoc` to fail on the `:TEXT` key.
-** Resolution
-Implemented a robust `get-nested` helper function that safely traverses both nested objects (alists) and arrays (lists of alists). This normalized the extraction logic across all providers.
-
-* 2. Issue: Decoupled Build Configuration
-** Symptoms
-Provider logic was present in the codebase but inaccessible during tests and runtime.
-** Root Cause
-The `credentials-vault.lisp` and `llm-gateway.lisp` files (consolidated in a previous session) were never added to the `opencortex.asd` system definition. Furthermore, an incorrect loading order caused `UNDEFINED-FUNCTION` errors for `register-probabilistic-backend`.
-** Resolution
-1. Added both files to `opencortex.asd`.
-2. Enforced strict loading order: `probabilistic` (defines registry) -> `credentials-vault` -> `llm-gateway` (uses registry).
-
-* 3. Issue: Credential Key Mismatch
-** Symptoms
-Gemini requests failed with "API Key missing" even when environment variables were set.
-** Root Cause
-`llm-gateway` requested secrets for the `:gemini-api` provider, but the `credentials-vault` fallback logic only recognized the `:gemini` keyword.
-** Resolution
-Updated `vault-get-secret` to map both `:gemini` and `:gemini-api` to the same `GEMINI_API_KEY` environment variable.
-
-* 4. opencortex Mandate Alignment
-** Invariant Check
- *High-Integrity Memory:* All individual provider tracks are now backed by automated unit tests (`llm-gateway-tests.lisp`).
- *Literate Programming:* Updated `org-skill-llm-gateway.org` to reflect the improved `get-nested` utility.
-
-* 5. Permanent Learnings
- **Tooling vs Source:** Tangled `.lisp` files are not enough; always ensure new modules are registered in the `.asd` file to be part of the official kernel build.
- **Robustness over Brevity:** Use abstraction helpers like `get-nested` instead of deep `car/cdr` chains when dealing with external JSON structures that may have varying array/object nesting.
--- a/docs/rca/rca-self-fix-loop.org
+++ b/docs/rca/rca-self-fix-loop.org
@@ -1,40 +0,0 @@
-#+TITLE: Root Cause Analysis: Autonomous Self-Fix Loop Verification
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:self-fix:autonomy:testing:
-
-* Executive Summary
-Verified the autonomous repair capability of the `Self-Fix Agent`. The system successfully detected a deterministic type error in a secondary skill, initiated a repair request, and programmatically patched the source code via the `:repair-file` tool.
-
-* 1. Issue: Self-Fix Mechanism Verification
-** Symptoms
-Manual verification was required to prove that `org-skill-self-fix` could transition from "Thinking" about a bug to "Acting" on the file system.
-** Root Cause
-N/A (Deterministic test injection).
-** Resolution
-Created `self-fix-tests.lisp` which:
-1. Generates `org-skill-broken-math.org` with a `(+ 1 "two")` bug.
-2. Triggers the bug to produce a `PIPELINE CRASH`.
-3. Injects a `:repair-request` stimulus.
-4. Executes `self-fix-apply` to replace the bug with `(+ 1 2)`.
-5. Verifies the file content and successful hot-reload.
-
-* 2. Side-Issue: ASDF Configuration Fragility
-** Symptoms
-Repeated `LOAD-SYSTEM-DEFINITION-ERROR` and "unmatched close parenthesis" errors during test integration.
-** Root Cause
-Complexity in the `:components` nesting of `opencortex.asd` led to repeated syntax errors when using automated editing tools. The deep nesting made manual paren counting prone to "off-by-one" errors.
-** Resolution
-Refactored `opencortex.asd` to use a **Flat Component Structure**. 
- *Before:* `:components ((:module "src" :components (...)))`
- *After:* `:components ((:file "src/package") ...)`
-This eliminates unnecessary nesting levels and drastically reduces the surface area for syntax errors.
-
-* 3. opencortex Mandate Alignment
-** Invariant Check
- *Lisp Machine Autonomousty:* Verification utilized hot-reloading (`load-skill-from-org`) without restarting the SBCL image.
- *Literate Programming:* Updated `org-skill-self-fix.org` to match the finalized `self-fix.lisp` logic.
- *Institutional Memory:* This RCA documents the decision to flatten the `.asd` structure to prevent future "Parenthesis Hell" incidents.
-
-* 4. Permanent Learnings
- **Flatten Configuration:** Keep `defsystem` definitions as flat as possible. The overhead of `:module` blocks often outweighs their organizational benefit in a probabilistic-deterministic environment where agents frequently edit these files.
- **Mocking Probabilistic Engine:** For verifying *loop mechanics*, mocking LLM responses is essential to ensure test determinism, while integration tests can use live LLM calls.
--- a/docs/rca/rca-shell-hardening.org
+++ b/docs/rca/rca-shell-hardening.org
@@ -1,33 +0,0 @@
-#+TITLE: Root Cause Analysis: Shell Actuator Security Hardening
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:security:shell:injection:autonomy:
-
-* Executive Summary
-During the formal verification of the `org-skill-shell-actuator`, a critical command injection vulnerability was identified and patched. The previous implementation relied on a naive whitelist check that could be bypassed using shell metacharacters.
-
-* 1. Issue: Command Injection Vulnerability
-** Symptoms
-Commands like `ls ; rm -rf /` were potentially executable if the first word (`ls`) was in the whitelist. 
-** Root Cause
-The `execute-shell-safely` function only checked the first space-delimited word of the command string against the `*allowed-commands*` whitelist. Since `uiop:run-program` executes string-based commands via `/bin/sh -c`, the shell would process the entire string, including injected commands following metacharacters like `;`, `&`, or `|`.
-** Resolution
-1. **Metacharacter Blacklist:** Introduced `*shell-metacharacters*` containing dangerous shell symbols (`; & | > < $ \` \ !`).
-2. **Strict Validation:** Updated `execute-shell-safely` to scan the *entire* command string for these characters before performing the whitelist check.
-3. **Defense-in-Depth:** Any command containing a metacharacter is now rejected with a "Security Violation" error, even if the primary command is whitelisted.
-
-* 2. Side-Issue: Missing Package Context
-** Symptoms
-`UNDEFINED-FUNCTION EXECUTE-SHELL-SAFELY` during unit tests.
-** Root Cause
-`src/shell-logic.lisp` was missing an `(in-package :opencortex)` declaration, causing symbols to be defined in the default `COMMON-LISP-USER` package instead of the harness package.
-** Resolution
-Added the `in-package` header to `shell-logic.lisp`.
-
-* 3. opencortex Mandate Alignment
-** Invariant Check
- *High-Integrity Memory:* The shell actuator is now formally verified with 4 new unit tests covering whitelist enforcement and injection blocking.
- *Literate Programming:* Updated `org-skill-shell-actuator.org` Phase A and Build sections to reflect the hardened logic.
-
-* 4. Permanent Learnings
- **Whole-String Validation:** Never assume that whitelisting the "head" of a command string is sufficient when passing that string to a shell. 
- **Subshell Avoidance:** While the current fix blacklists metacharacters, future iterations should move toward passing command arguments as a Lisp list to `uiop:run-program`, bypassing the shell entirely.
--- a/docs/rca/rca-task-orchestrator.org
+++ b/docs/rca/rca-task-orchestrator.org
@@ -1,48 +0,0 @@
-#+TITLE: Root Cause Analysis: Consolidation VI - Task Orchestrator Implementation
-#+DATE: 2026-04-11
-#+FILETAGS: :rca:orchestrator:consensus:integrity:
-
-* Executive Summary
-The implementation of Consolidation VI (Task Orchestrator) aimed to introduce parallel multi-backend consensus, GTD task integrity, and delegation. During the build, a critical dependency failure was identified in the `lisp-validator` module.
-
-* 1. Issue: Undefined `SAFETY-HARNESS-VALIDATE`
-** Symptoms
-Existing `SAFETY-SUITE` tests failed with `#<UNDEFINED-FUNCTION SAFETY-HARNESS-VALIDATE>`.
-** Root Cause
-The function `lisp-validator-validate` was exported in `package.lisp` but never actually defined in `lisp-validator.lisp`. Only the internal recursive walker `lisp-validator-ast-walk` existed. This represents a "Hollow Export" bug where the interface was designed but the implementation was truncated or skipped in a previous session.
-** Resolution
-Defined `lisp-validator-validate` as a wrapper around `read-from-string` and `lisp-validator-ast-walk`.
-
-* 2. Design Decision: Deterministic Consensus
-** Requirement
-Multi-backend support to reduce hallucinations and increase reliability.
-** Solution
-Implemented `bt:make-thread` parallel queries in `ask-probabilistic`.
-** Trade-off
-Selected "Majority Rules" over "First-to-Finish".
- *Pros:* Higher accuracy, mathematically consistent.
- *Cons:* Slower (latency limited by the slowest provider).
-** Invariant Alignment
-Aligns with opencortex Mandate 4 (Radical Transparency) and Invariant 2 (Technical Mastery) by ensuring decisions are auditable and consistent across multiple brains.
-
-* 3. Design Decision: Task Integrity Gate
-** Requirement
-Prevent illegal GTD state transitions.
-** Solution
-Added `task-integrity-check` in `deterministic.lisp`.
-** Invariant Alignment
-Enforces the "High-Integrity Memory" mandate by ensuring the Org-mode AST remains semantically valid according to GTD rules (e.g., no orphaned active tasks).
-
-* 4. opencortex Mandate Violations during Session (Corrected)
-** Violations
-1. Editing without prior commit.
-2. Direct `.lisp` edits vs Literate Org tangling.
-3. Multi-function edits per block.
-** Correction
-1. Performed a retrospective commit.
-2. Synchronized `probabilistic-deterministic.org` and `core.org` with source code.
-3. Refactored the Markdown flight plan into an Org-mode flight plan.
-
-* 5. Permanent Learnings
- *Check Exports:* Always verify that symbols exported in `package.lisp` have a corresponding definition in the literate source.
- *Strict opencortex Mode:* Enable a pre-save hook or agent check to ensure all edits are performed within `#+begin_src` blocks in Literate Org files to avoid synchronization debt.
--- a/environment/system/state/memory-image.lisp
+++ b/environment/system/state/memory-image.lisp
@@ -1,16 +0,0 @@
-(in-package :opencortex)
-
-(SETF (GETHASH "fake-hash-123" *HISTORY-STORE*)
-        #S(ORG-OBJECT
-           :ID "persist-test-1"
-           :TYPE NIL
-           :ATTRIBUTES NIL
-           :CONTENT "Integrity Check"
-           :VECTOR NIL
-           :PARENT-ID NIL
-           :CHILDREN NIL
-           :VERSION NIL
-           :LAST-SYNC NIL
-           :HASH "fake-hash-123")) 
-(SETF (GETHASH "persist-test-1" *MEMORY*)
-        (GETHASH "fake-hash-123" *HISTORY-STORE*)) 
--- a/extras/passepartout.el
+++ b/extras/passepartout.el
@@ -0,0 +1,214 @@
+;;; passepartout.el --- Emacs bridge for Passepartout AI assistant  -*- lexical-binding: t; -*-
+
+;; Author: Passepartout Project
+;; Version: 0.4.0
+;; Keywords: tools, processes, lisp
+;; URL: https://github.com/amrgharbeia/passepartout
+
+;;; Commentary:
+
+;; Connects to the Passepartout daemon on localhost:9105 via TCP.
+;; Speaks the framed plist protocol — 6-character hex length prefix
+;; followed by a prin1'd S-expression — identical to the TUI and CLI.
+;; The daemon does not know or care whether the client is the Croatoan
+;; TUI, the CLI, or Emacs.
+
+;; Framed protocol (per core-communication.org):
+;;   SEND: 6-char hex length + prin1'd plist
+;;   RECV: read 6-char header → parse hex length → read N bytes →
+;;         read-from-string (with read-eval nil on daemon side)
+
+;; Usage:
+;;   M-x passepartout RET        — connect to daemon, open response buffer
+;;   M-x passepartout-send-region — send selected region as user-input
+;;   M-x passepartout-send-buffer — send entire buffer
+;;   M-x passepartout-disconnect  — close connection
+
+;;; Code:
+
+(require 'cl-lib)
+
+(defgroup passepartout nil
+  "Emacs bridge for Passepartout AI assistant."
+  :group 'applications)
+
+(defcustom passepartout-host "127.0.0.1"
+  "Host where the Passepartout daemon is running."
+  :type 'string
+  :group 'passepartout)
+
+(defcustom passepartout-port 9105
+  "Port where the Passepartout daemon is listening."
+  :type 'integer
+  :group 'passepartout)
+
+(defvar passepartout-process nil
+  "Network process for the Passepartout connection.")
+
+(defvar passepartout--buffer ""
+  "Accumulation buffer for partial framed messages.")
+
+(defvar passepartout-response-buffer-name "*passepartout*"
+  "Name of the buffer where daemon responses are rendered.")
+
+;;;###autoload
+(defun passepartout ()
+  "Connect to the Passepartout daemon and open the response buffer."
+  (interactive)
+  (unless (and passepartout-process (process-live-p passepartout-process))
+    (setq passepartout-process
+          (make-network-process
+           :name "passepartout"
+           :host passepartout-host
+           :service passepartout-port
+           :filter #'passepartout--filter
+           :sentinel #'passepartout--sentinel
+           :coding 'utf-8-unix
+           :noquery t))
+    (setq passepartout--buffer ""))
+  (switch-to-buffer (get-buffer-create passepartout-response-buffer-name))
+  (passepartout-response-mode)
+  (message "Passepartout: connecting to %s:%d..." passepartout-host passepartout-port))
+
+(defun passepartout-disconnect ()
+  "Disconnect from the Passepartout daemon."
+  (interactive)
+  (when passepartout-process
+    (delete-process passepartout-process)
+    (setq passepartout-process nil
+          passepartout--buffer "")
+    (message "Passepartout: disconnected.")))
+
+;;; Protocol: framing
+
+(defun passepartout--frame-message (msg)
+  "Serialize MSG as a framed plist: 6-char hex length + prin1 output."
+  (let* ((payload (prin1-to-string msg))
+         (len (string-bytes payload)))
+    (format "%06x%s" len payload)))
+
+(defun passepartout--send (msg)
+  "Send a framed message to the daemon."
+  (when (and passepartout-process (process-live-p passepartout-process))
+    (process-send-string passepartout-process (passepartout--frame-message msg))))
+
+;;; Protocol: receive
+
+(defun passepartout--filter (proc string)
+  "Accumulate data and extract complete framed messages."
+  (setq passepartout--buffer (concat passepartout--buffer string))
+  (while (>= (length passepartout--buffer) 6)
+    (let* ((hex-len (substring passepartout--buffer 0 6))
+           (len (condition-case nil
+                    (string-to-number hex-len 16)
+                  (error nil))))
+      (if (not len)
+          (progn
+            (setq passepartout--buffer (substring passepartout--buffer 1))
+            (message "Passepartout: invalid frame header, skipping byte"))
+        (let ((total-needed (+ 6 len)))
+          (if (>= (length passepartout--buffer) total-needed)
+              (let* ((payload-str (substring passepartout--buffer 6 total-needed))
+                     (msg (condition-case nil
+                              (read-from-string payload-str)
+                            (error nil))))
+                (setq passepartout--buffer (substring passepartout--buffer total-needed))
+                (when msg
+                  (passepartout--handle-message msg)))
+            ;; Need more data, wait for next chunk
+            (setq passepartout--buffer passepartout--buffer)))))))
+
+(defun passepartout--sentinel (proc event)
+  "Handle connection state changes."
+  (when (string-match-p "closed\\|failed" event)
+    (setq passepartout-process nil
+          passepartout--buffer "")
+    (with-current-buffer (get-buffer-create passepartout-response-buffer-name)
+      (let ((inhibit-read-only t))
+        (goto-char (point-max))
+        (insert (format "* Connection lost: %s\n\n" event))))
+    (message "Passepartout: connection lost (%s)" event)))
+
+;;; Message handling
+
+(defun passepartout--handle-message (msg)
+  "Process a parsed daemon message and render in the response buffer."
+  (with-current-buffer (get-buffer-create passepartout-response-buffer-name)
+    (let ((inhibit-read-only t)
+          (payload (when (listp msg) (plist-get msg :PAYLOAD)))
+          (gate-trace (when (listp msg) (plist-get msg :GATE-TRACE))))
+      (goto-char (point-max))
+      (cond
+       ;; Agent text response
+       ((and payload (plist-get payload :TEXT))
+        (insert (format "* Agent [%s]\n%s\n"
+                        (format-time-string "%H:%M")
+                        (plist-get payload :TEXT)))
+        (when gate-trace
+          (passepartout--render-gate-trace gate-trace))
+        (insert "\n"))
+       ;; Handshake
+       ((and payload (eq (plist-get payload :ACTION) :HANDSHAKE))
+        (insert (format "* Connected to Passepartout v%s\n\n"
+                        (or (plist-get payload :VERSION) "?"))))
+       ;; Rule count / foveal update — display in mode line
+       ((and payload (plist-get payload :RULE-COUNT))
+        (setq passepartout-rule-count (plist-get payload :RULE-COUNT))
+        (force-mode-line-update))
+       ;; Fallback: dump raw
+       (t
+        (insert (format "* [%s] %s\n\n"
+                        (format-time-string "%H:%M")
+                        (prin1-to-string msg))))))))
+
+(defvar passepartout-rule-count 0
+  "Number of pending HITL rules from the Dispatcher.")
+
+(defun passepartout--render-gate-trace (trace)
+  "Render the gate trace as property drawer entries."
+  (insert ":PROPERTIES:\n")
+  (dolist (entry trace)
+    (when (listp entry)
+      (let ((gate (plist-get entry :GATE))
+            (result (plist-get entry :RESULT)))
+        (insert (format ":GATE: %s — %s\n"
+                        (if gate (symbol-name gate) "?")
+                        (symbol-name result))))))
+  (insert ":END:\n"))
+
+;;; Interactive commands
+
+(defun passepartout-send-region (beg end)
+  "Send the selected region as user input to Passepartout."
+  (interactive "r")
+  (unless passepartout-process
+    (passepartout))
+  (let ((text (buffer-substring-no-properties beg end)))
+    (passepartout--send (list :TYPE :EVENT
+                              :PAYLOAD (list :SENSOR :user-input :TEXT text)))
+    (message "Passepartout: sent %d chars" (length text))))
+
+(defun passepartout-send-buffer ()
+  "Send the entire buffer content as user input to Passepartout."
+  (interactive)
+  (unless passepartout-process
+    (passepartout))
+  (passepartout-send-region (point-min) (point-max)))
+
+;;; Response buffer mode
+
+(defvar passepartout-response-mode-map
+  (let ((map (make-sparse-keymap)))
+    (define-key map (kbd "q") #'quit-window)
+    (define-key map (kbd "g") #'passepartout)
+    map)
+  "Keymap for `passepartout-response-mode'.")
+
+(define-derived-mode passepartout-response-mode special-mode "Passepartout"
+  "Major mode for viewing Passepartout daemon responses.
+\\{passepartout-response-mode-map}"
+  (setq buffer-read-only t)
+  (setq-local font-lock-defaults nil))
+
+(provide 'passepartout)
+;;; passepartout.el ends here
--- a/harness/act.org
+++ b/harness/act.org
@@ -1,429 +0,0 @@
-#+TITLE: Stage 3: Act (act.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:act:
-#+STARTUP: content
-
-* Stage 3: Act (act.lisp)
-
-** Architectural Intent: The Last Mile
-
-The Act stage is where cognition meets reality. After the Probabilistic engine proposes and the Deterministic engine verifies, Act executes the approved action.
-
-The key insight of the Act stage is that *execution is the point of no return*. Once a command is sent to the shell or a file is written, side effects have occurred. Therefore, Act implements a "last-mile" safety check - even after skills have verified the action, there's a final validation before dispatch.
-
-** Why Separate Actuators?
-
-The actuator pattern decouples /what to do/ from /how to do it/:
-
- The reasoning engine generates action plists like `(:TYPE :REQUEST :TARGET :SHELL :PAYLOAD ...)`
- The actuator interprets the target and executes appropriately
- Adding a new actuator (Telegram, Matrix, etc.) doesn't require changing the reasoning code
-
-This follows the Open/Closed principle: open for extension, closed for modification.
-
-** The Feedback Loop
-
-Act is unique in the pipeline because it can generate new signals. When a tool executes and returns data, that data becomes a new signal that feeds back into Perceive → Reason → Act.
-
-Example feedback chain:
-1. User asks "What files changed today?"
-2. Reason generates shell command action
-3. Act executes shell, gets file list
-4. Act returns file list as feedback signal
-5. Reason processes file list, generates human-readable response
-6. Act displays response
-
-* Package Context
-
-#+begin_src lisp :tangle ../library/act.lisp
-(in-package :opencortex)
-#+end_src
-
-* Actuator Configuration
-
-** Actuator Registry Variables
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defvar *default-actuator* :cli
-  "The actuator used when no explicit target is specified.
-  Override with DEFAULT_ACTUATOR environment variable.")
-
-(defvar *silent-actuators* '(:cli :system-message :emacs)
-  "List of actuators that don't generate tool-output feedback.
-  These typically have their own feedback mechanisms (CLI prints directly, etc.)")
-#+end_src
-
-** initialize-actuators: System Bootstrap
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun initialize-actuators ()
-  "Load actuator configuration from environment and register core actuators.
-
-  Environment variables:
-  - DEFAULT_ACTUATOR: Keyword for default target (:cli, :shell, etc.)
-  - SILENT_ACTUATORS: Comma-separated list of actuators that skip feedback
-
-  Registers three core actuators:
-  1. :system - Internal commands (eval, create-skill, message)
-  2. :tool - Cognitive tool execution
-  3. :tui - Terminal UI output via reply stream"
-
-  ;; Load environment configuration
-  (let ((def (uiop:getenv "DEFAULT_ACTUATOR"))
-        (silent (uiop:getenv "SILENT_ACTUATORS")))
-
-    ;; Set default actuator
-    (when def
-      (setf *default-actuator*
-            (intern (string-upcase def) "KEYWORD")))
-
-    ;; Parse silent actuators list
-    (when silent
-      (setf *silent-actuators*
-            (mapcar (lambda (s)
-                      (intern (string-upcase (string-trim '(#\Space) s))
-                             "KEYWORD"))
-                    (str:split "," silent)))))
-
-  ;; Register core harness actuators
-  (register-actuator :system #'execute-system-action)
-  (register-actuator :tool #'execute-tool-action)
-
-  ;; TUI actuator: sends response back through the reply stream
-  (register-actuator :tui (lambda (action context)
-                            (let* ((meta (getf context :meta))
-                                   (stream (getf meta :reply-stream)))
-                              (when (and stream (open-stream-p stream))
-                                (format stream "~a" (frame-message action))
-                                (finish-output stream))))))
-#+end_src
-
-* Action Dispatching
-
-** dispatch-action: The Router
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun dispatch-action (action context)
-  "Route an approved action to its registered actuator.
-
-  ACTION is a plist with structure:
-    (:TYPE :REQUEST :TARGET :shell :PAYLOAD (...))
-
-  CONTEXT is the signal being processed (for metadata access)
-
-  The target is resolved in order of priority:
-  1. Explicit :target in the action
-  2. :source from the original signal's metadata
-  3. *default-actuator* configuration variable
-
-  Returns the actuator's result (may be a feedback signal or NIL)."
-
-  (let ((payload (proto-get action :payload)))
-
-    ;; Heartbeats don't generate actuation
-    (when (eq (proto-get payload :sensor) :heartbeat)
-      (return-from dispatch-action nil))
-
-    (when (and action (listp action))
-      (let* ((meta (proto-get context :meta))
-             (source (proto-get meta :source))
-             (raw-target (or (ignore-errors (getf action :TARGET))
-                            (ignore-errors (getf action :target))
-                            source
-                            *default-actuator*))
-             (target (intern (string-upcase (string raw-target)) :keyword))
-             (actuator-fn (gethash target *actuator-registry*)))
-
-        ;; Preserve metadata in outbound action
-        (when (and meta (null (getf action :meta)))
-          (setf (getf action :meta) meta))
-
-        ;; Execute or log error
-        (if actuator-fn
-            (funcall actuator-fn action context)
-            (harness-log "ACT ERROR: No actuator registered for '~s' (requested by ~s)"
-                         target raw-target))))))
-#+end_src
-
-* Actuator Implementations
-
-** execute-system-action: Internal Commands
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun execute-system-action (action context)
-  "Execute internal harness commands.
-
-  This actuator handles meta-commands that affect the harness itself,
-  rather than external side effects. Commands include:
-
-  - :eval - Evaluate arbitrary Lisp code (DANGEROUS, validate first!)
-  - :create-skill - Write a new skill org file and reload
-  - :message - Log a message to the harness log
-
-  These commands bypass the normal actuator system since they operate
-  on the harness internals rather than external systems."
-
-  (declare (ignore context))
-
-  (let* ((payload (ignore-errors (getf action :payload)))
-         (cmd (ignore-errors (getf payload :action))))
-
-    (case cmd
-      ;; Evaluate Lisp code - guarded by lisp-validator skill
-      (:eval
-       (let ((code (getf payload :code)))
-         (eval (read-from-string code))))
-
-      ;; Create and load a new skill from content
-      (:create-skill
-       (let* ((filename (getf payload :filename))
-              (content (getf payload :content))
-              (skills-dir (merge-pathnames "skills/"
-                                          (asdf:system-source-directory :opencortex)))
-              (full-path (merge-pathnames filename skills-dir)))
-         (with-open-file (out full-path
-                             :direction :output
-                             :if-exists :supersede)
-           (write-string content out))
-         (load-skill-from-org full-path)))
-
-      ;; Log an informational message
-      (:message
-       (harness-log "ACT [System]: ~a" (getf payload :text)))
-
-      ;; Unknown command
-      (t
-       (harness-log "ACT ERROR [System]: Unknown command '~s'" cmd)))))
-#+end_src
-
-** execute-tool-action: Cognitive Tool Execution
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun execute-tool-action (action context)
-  "Execute a registered cognitive tool.
-
-  Tools are registered functions with:
-  - A guard function (optional, for safety checks)
-  - A body function (the actual implementation)
-  - Metadata (description, parameter specs)
-
-  This actuator:
-  1. Looks up the tool by name
-  2. Runs the guard function (if present)
-  3. Executes the body function with parsed arguments
-  4. Returns a feedback signal with the result
-
-  The feedback mechanism allows tool results to trigger further reasoning."
-
-  (let* ((payload (getf action :payload))
-         (tool-name (getf payload :tool))
-         (tool-args (getf payload :args))
-         (depth (getf context :depth 0))
-         (meta (getf context :meta))
-         (source (getf meta :source))
-         (tool (gethash (string-downcase (string tool-name)) *cognitive-tools*)))
-
-    (if tool
-        (handler-case
-            ;; Parse arguments (handle both flat and nested plists)
-            (let* ((clean-args (if (and (listp tool-args)
-                                      (listp (car tool-args)))
-                                 (car tool-args)
-                                 tool-args))
-                   (result (funcall (cognitive-tool-body tool) clean-args)))
-
-              ;; Format result for source
-              (when source
-                (dispatch-action (list :TYPE :REQUEST
-                                     :TARGET source
-                                     :PAYLOAD (list :ACTION :MESSAGE
-                                                  :TEXT (format-tool-result tool-name result)))
-                              context))
-
-              ;; Return feedback signal for potential further processing
-              (list :TYPE :EVENT
-                    :DEPTH (1+ depth)
-                    :META meta
-                    :PAYLOAD (list :SENSOR :tool-output
-                                 :RESULT result
-                                 :TOOL tool-name)))
-
-          ;; Tool execution error
-          (error (c)
-            (list :TYPE :EVENT
-                  :DEPTH (1+ depth)
-                  :META meta
-                  :PAYLOAD (list :SENSOR :tool-error
-                               :TOOL tool-name
-                               :MESSAGE (format nil "~a" c)))))
-
-        ;; Tool not found
-        (list :TYPE :EVENT
-              :DEPTH (1+ depth)
-              :META meta
-              :PAYLOAD (list :SENSOR :tool-error
-                            :MESSAGE (format nil "Tool '~a' not found" tool-name))))))
-#+end_src
-
-** format-tool-result: Human-Readable Output
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun format-tool-result (tool-name result)
-  "Format a tool result for human-readable display.
-
-  Tools return either:
-  - A plist: (:status :success :content \"...\") or (:status :error :message \"...\")
-  - A raw value (string, number, etc.)
-
-  This function normalizes both formats into a consistent string presentation."
-
-  (if (listp result)
-      (let ((status (getf result :status))
-            (content (getf result :content))
-            (msg (getf result :message)))
-        (cond
-          ((and (eq status :success) content)
-           (format nil "~a" content))
-          ((and (eq status :error) msg)
-           (format nil "ERROR [~a]: ~a" tool-name msg))
-          (t
-           (format nil "TOOL [~a] RESULT: ~s" tool-name result))))
-      (format nil "TOOL [~a] RESULT: ~a" tool-name result)))
-#+end_src
-
-* The Act Gate
-
-** act-gate: Final Pipeline Stage
-
-#+begin_src lisp :tangle ../library/act.lisp
-(defun act-gate (signal)
-  "Final stage of the metabolic pipeline: Actuation.
-
-  This stage has three responsibilities:
-
-  1. Last-mile safety check: Run deterministic gates one more time
-     before execution (handles race conditions, concurrent modifications)
-
-  2. Actuation: Dispatch the approved action to its target actuator
-
-  3. Feedback generation: If the action produced results, create a
-     feedback signal that feeds back into the pipeline
-
-  Modifies the signal:
-  - :approved-action - May be modified by last-mile verification
-  - :status - Set to :acted
-
-  Returns a feedback signal if the action produced results, otherwise NIL."
-
-  (let* ((approved (getf signal :approved-action))
-         (type (getf signal :type))
-         (meta (getf signal :meta))
-         (source (getf meta :source))
-         (feedback nil)
-         (context signal))
-
-    ;; Step 1: Last-mile deterministic verification
-    ;; This catches any issues that arose between reasoning and acting
-    (when approved
-      (let* ((original-type (getf approved :type))
-             (verified (deterministic-verify approved signal)))
-
-        ;; Check if deterministic verification blocked the action
-        (if (and (listp verified)
-                 (member (getf verified :type) '(:LOG :EVENT :log :event))
-                 (not (member original-type '(:LOG :EVENT :log :event))))
-
-            ;; Action was blocked by verification
-            (progn
-              (harness-log "ACT BLOCKED: Action failed last-mile deterministic check.")
-              (setf (getf signal :approved-action) nil)
-              (setf approved nil)
-              (setf feedback verified))
-
-            ;; Action passed verification
-            (progn
-              (setf (getf signal :approved-action) verified)
-              (setf approved verified)))))
-
-    ;; Step 2: Actuation based on signal type
-    (case type
-      ;; Explicit requests go directly to dispatch
-      (:REQUEST
-       (dispatch-action signal context))
-
-      ;; Log messages also dispatch
-      (:LOG
-       (dispatch-action signal context))
-
-      ;; Events with approved actions dispatch to their target
-      (:EVENT
-       (if approved
-           (let* ((target (getf approved :target))
-                  (result (dispatch-action approved context)))
-
-             ;; Determine feedback based on actuator response
-             (cond
-               ;; Actuator returned a signal - use it as feedback
-               ((and (listp result)
-                     (member (getf result :type) '(:EVENT :LOG)))
-                (setf feedback result))
-
-               ;; Non-silent actuator with result - format as tool-output
-               ((and result
-                     (not (member target *silent-actuators*)))
-                (setf feedback (list :type :EVENT
-                                    :depth (1+ (getf signal :depth 0))
-                                    :meta meta
-                                    :payload (list :sensor :tool-output
-                                                 :result result
-                                                 :tool approved))))))
-
-           ;; No approved action, but have source - might be raw event
-           (when source
-             (dispatch-action signal context)))))
-
-    ;; Step 3: Update signal status
-    (setf (getf signal :status) :acted)
-    feedback))
-#+end_src
-
-* Test Suite
-
-These tests verify the Act pipeline. Run with:
-~(fiveam:run! 'pipeline-act-suite)~
-
-#+begin_src lisp :tangle ../tests/pipeline-act-tests.lisp
-(defpackage :opencortex-pipeline-act-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:pipeline-act-suite))
-
-(in-package :opencortex-pipeline-act-tests)
-
-(def-suite pipeline-act-suite
-  :description "Test suite for Act pipeline")
-
-(in-suite pipeline-act-suite)
-
-(test test-act-gate-symbolic-guard-bypass
-  "Verify that act-gate proceeds normally when no skill intercepts."
-  (clrhash opencortex::*skills-registry*)
-  (let* ((signal (list :type :EVENT :status nil :depth 0 :approved-action '(:target :cli :payload (:text "Hello"))))
-         (result (opencortex:act-gate signal)))
-    (is (eq :acted (getf signal :status)))
-    (is (null result))))
-
-(test test-act-gate-symbolic-guard-interception
-  "Verify that act-gate intercepts actions when a skill returns a LOG/EVENT."
-  (clrhash opencortex::*skills-registry*)
-  (opencortex::defskill :mock-bouncer
-    :priority 200
-    :trigger (lambda (ctx) t)
-    :deterministic (lambda (action ctx)
-                     (list :type :LOG :payload (:text "BLOCKED BY SYMBOLIC GUARD"))))
-  (let* ((signal (list :type :EVENT :status nil :depth 0 :approved-action '(:target :shell :payload (:cmd "ls"))))
-         (result (opencortex:act-gate signal)))
-    (is (eq :acted (getf signal :status)))
-    (is (not (null result)))
-    (is (eq :LOG (getf result :type)))
-    (is (search "BLOCKED BY SYMBOLIC GUARD" (getf (getf result :payload) :text))))))
-#+end_src
--- a/harness/communication.org
+++ b/harness/communication.org
@@ -1,198 +0,0 @@
-#+TITLE: Communication Protocol (communication.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:protocol:
-#+STARTUP: content
-
-* Communication Protocol (communication.lisp)
-** Architectural Intent: Secure Inter-Process Communication & Deterministic Framing
-
-The ~communication.lisp~ module defines the low-level transport and framing logic for OpenCortex stimuli. 
-
-* Implementation (communication.lisp)
-
-#+begin_src lisp :tangle ../library/communication.lisp
-(in-package :opencortex)
-
-(defun proto-get (plist key)
-  "Robustly retrieves a value from a plist, checking both uppercase and lowercase keyword versions."
-  (let* ((s (string key))
-         (up (intern (string-upcase s) :keyword))
-         (dn (intern (string-downcase s) :keyword)))
-    (or (getf plist up) (getf plist dn))))
-#+end_src
-
-#+begin_src lisp :tangle ../library/communication.lisp
-(in-package :opencortex)
-
-(defvar *actuator-registry* (make-hash-table :test 'equalp)
-  "Global registry mapping target keywords to their physical actuator functions.")
-
-(defun register-actuator (name fn) 
-  "Registers an actuator function. Actuators receive: (ACTION CONTEXT)."
-  (let ((key (if (keywordp name) name (intern (string-upcase (string name)) :keyword))))
-    (setf (gethash key *actuator-registry*) fn)))
-
-;; Removed duplicate frame-message - kept the sanitized version below
-
-(defun read-framed-message (stream)
-  "Reads a hex-length prefixed S-expression from the stream securely. Skips leading whitespace."
-  (let ((length-buffer (make-string 6)))
-    (handler-case
-        (progn
-          ;; 1. Skip leading whitespace (newlines, spaces, etc.)
-          (loop for char = (peek-char nil stream nil :eof)
-                while (and (not (eq char :eof)) (member char '(#\Space #\Newline #\Tab #\Return)))
-                do (read-char stream))
-          
-          ;; 2. Read the 6-char hex length
-          (let ((count (read-sequence length-buffer stream)))
-            (cond ((< count 6) :eof)
-                  (t (let ((len (ignore-errors (parse-integer length-buffer :radix 16))))
-                       (if (not len)
-                           (progn
-                             (harness-log "PROTOCOL ERROR: Invalid header ~s. Attempting resync..." length-buffer)
-                             :error)
-                           (let ((msg-buffer (make-string len)))
-                             (read-sequence msg-buffer stream)
-                             (let ((*read-eval* nil)
-                                   (*print-pretty* nil))
-                               (handler-case 
-                                   (let ((msg (read-from-string msg-buffer)))
-                                     (validate-communication-protocol-schema msg)
-                                     msg)
-                                 (error (c)
-                                   (harness-log "PROTOCOL PARSE ERROR: ~a in ~s" c msg-buffer)
-                                   :error))))))))))
-      (error (c) 
-        (harness-log "PROTOCOL READ ERROR: ~a" c)
-        :error))))
-
-(defun make-hello-message (version)
-  "Constructs the standard HELLO handshake message."
-  (list :TYPE :EVENT 
-        :PAYLOAD (list :ACTION :handshake 
-                       :VERSION version 
-                       :CAPABILITIES '(:AUTH :SWANK :ORG-AST))))
-#+end_src
-
-** Structural Validation (communication-validator.lisp)
-The validator ensures that incoming messages adhere to the strict property list schema of the communication protocol.
-
-#+begin_src lisp :tangle ../library/communication-validator.lisp
-(in-package :opencortex)
-
-(defun validate-communication-protocol-schema (msg)
-  "Strict structural validation for incoming communication protocol messages."
-  (unless (listp msg)
-    (error "Communication Protocol Schema Error: Message must be a property list (got ~s)" (type-of msg)))
-  
-  (let ((type (let ((raw (proto-get msg :type))) (if (keywordp raw) (intern (string-upcase (string raw)) :keyword) raw))))
-    (unless (member type '(:REQUEST :EVENT :RESPONSE :LOG :STATUS))
-      (progn (harness-log "REJECTED MSG: ~s" msg) (error "Communication Protocol Schema Error: Invalid message type '~a'" type)))
-    
-    (case type
-      (:REQUEST 
-       ;; Allow missing :target if :source is present in :meta, since reason-gate
-       ;; will infer :target from :source downstream. This preserves "equality of
-       ;; clients" — gateways need not duplicate routing logic.
-       (let ((target (proto-get msg :target))
-             (source (proto-get (proto-get msg :meta) :source)))
-         (unless (or target source)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :target and no :source in :meta to infer it"))
-         (unless (proto-get msg :payload)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :payload"))))
-      
-      (:EVENT
-       (let ((payload (proto-get msg :payload)))
-         (unless (and payload (listp payload))
-           (error "Communication Protocol Schema Error: EVENT missing or invalid :payload"))
-         (unless (or (proto-get payload :action) (proto-get payload :sensor))
-           (error "Communication Protocol Schema Error: EVENT payload must contain :action or :sensor"))))
-      
-      (:RESPONSE
-       (unless (proto-get msg :payload)
-         (error "Communication Protocol Schema Error: RESPONSE missing mandatory :payload"))))
-    
-    t))
-
-(defskill :skill-communication-protocol-validator
-  :priority 95
-  :trigger (lambda (ctx) (member (getf (getf ctx :payload) :sensor) '(:protocol-received)))
-  :probabilistic nil
-  :deterministic (lambda (action ctx)
-              (declare (ignore ctx))
-              (validate-communication-protocol-schema action)
-              action))
-#+end_src
-
-** Message Framing (communication.lisp)
-Frames a message with a hex length prefix and ensures all data is serializable.
-
-#+begin_src lisp :tangle ../library/communication.lisp
-(defun sanitize-protocol-message (msg)
-  "Recursively strips non-serializable objects from a protocol plist."
-  (if (and msg (listp msg))
-      (let ((clean nil))
-        (loop for (k v) on msg by #'cddr
-              do (unless (member k '(:reply-stream :socket :stream))
-                   (push k clean)
-                   (push (if (listp v) (sanitize-protocol-message v) v) clean)))
-        (nreverse clean))
-      msg))
-
-(defun frame-message (msg)
-  "Serializes a message plist and prefixes it with a 6-character hex length."
-  (let* ((sanitized (sanitize-protocol-message msg))
-         (payload (let ((*print-pretty* nil) (*read-eval* nil)) (format nil "~s" sanitized)))
-         (len (length payload)))
-    (format nil "~6,'0x~a" len payload)))
-#+end_src
-
-* Test Suite
-
-These tests verify the communication protocol functions. Run with:
-~(fiveam:run! 'communication-protocol-suite)~
-
-#+begin_src lisp :tangle ../library/communication-tests.lisp
-(defpackage :opencortex-communication-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:communication-protocol-suite))
-
-(in-package :opencortex-communication-tests)
-
-(def-suite communication-protocol-suite
-  :description "Test suite for opencortex Communication Protocol")
-
-(in-suite communication-protocol-suite)
-
-(test test-framing
-  "Verify that messages are correctly prefixed with a 6-character hex length."
-  (let* ((msg '(:type :EVENT :payload (:action :handshake)))
-         (framed (frame-message msg))
-         (len-str (subseq framed 0 6))
-         (payload (subseq framed 6)))
-    (is (string= "00002C" (string-upcase len-str)))
-    (is (equalp msg (read-from-string payload)))))
-
-(test test-parse-message
-  "Verify that incoming framed strings are parsed into Lisp plists."
-  (let ((framed "00002c(:type :EVENT :payload (:action :handshake))"))
-    (is (equal '(:type :EVENT :payload (:action :handshake))
-               (read-from-string (subseq framed 6))))))
-
-(test test-hello-handshake
-  "Verify the structure of the HELLO handshake message."
-  (let ((hello (make-hello-message "0.1.0")))
-    (is (eq :EVENT (getf hello :type)))
-    (is (eq :handshake (getf (getf hello :payload) :action)))
-    (is (string= "0.1.0" (getf (getf hello :payload) :version)))))
-
-(test test-find-missing-id
-  "Verify that the daemon can find a headline missing an ID."
-  (let* ((ast '(:type :org-data :contents
-                   ((:type :HEADLINE :properties (:TITLE "No ID Here") :contents nil)
-                    (:type :HEADLINE :properties (:ID "exists" :TITLE "Has ID") :contents nil))))
-         (found (find-headline-missing-id ast)))
-    (is (not (null found)))
-    (is (string= "No ID Here" (getf (getf found :properties) :TITLE)))))
-#+end_src
--- a/harness/context.org
+++ b/harness/context.org
@@ -1,262 +0,0 @@
-#+TITLE: Peripheral Vision (context.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:context:
-#+STARTUP: content
-
-* Peripheral Vision (context.lisp)
-** Architectural Intent: Context Optimization & The Foveal-Peripheral Hybrid
-
-A common failure mode for Large Language Models (LLMs) is the "Lost in the Middle" phenomenon, where the model's reasoning accuracy degrades as its context window becomes saturated with irrelevant data. Naive approaches to context management—such as simple character-count truncation or sliding windows—often sever the structural relationships that define an Org-mode Memex.
-
-The ~opencortex~ harness implements a deterministic, tree-aware solution: the **Foveal-Peripheral Hybrid Model**.
-
-*** 1. The Foveal Focus (High Resolution)
-When the harness prepares a prompt for the Probabilistic Engine, it identifies a "Foveal Focus"—typically the specific Org headline or task the user is currently interacting with. This node, along with its immediate children and semantically relevant neighbors, is rendered at "High Resolution," meaning its full body text, properties, and metadata are included in the prompt.
-
-*** 2. The Peripheral Vision (Low Resolution)
-To maintain global awareness without bloating the context window, the rest of the Memex is rendered at "Low Resolution." The harness recursively walks the Memory and generates a skeletal outline consisting only of titles and IDs. This gives the LLM a "mental map" of the entire system, allowing it to reference other projects or skills without needing to see their full content until they are explicitly brought into focus.
-
-*** 3. Deterministic Tree-Walking
-By leveraging Common Lisp's strengths in recursive tree manipulation, the harness can surgically prune the AST before it ever reaches the LLM. This ensures that the structural hierarchy of the Memex is preserved perfectly, even when the content is compressed.
-
-** The Context Pipeline
-#+begin_src mermaid
-flowchart TD
-    Store[(Memory)] --> Filter[Context Query Filter]
-    Filter --> Identification{Identify Foveal ID}
-    Identification --> Foveal[Render Focus: Full Content]
-    Identification --> Peripheral[Render Outline: Titles Only]
-    Foveal --> Assembly[Assemble Global Awareness String]
-    Peripheral --> Assembly
-    Assembly --> LLM[Probabilistic Engine Proposal]
-#+end_src
-
-* Context Assembly (context.lisp)
-The ~context.lisp~ module provides the deterministic functional layer for querying the Memory and transforming its internal pointers into the precise context strings required for neural reasoning.
-
-** Package Context
-We begin by ensuring we are executing within the correct isolated package namespace.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(in-package :opencortex)
-#+end_src
-
-** Querying the Store (context-query-store)
-A generalized filter for the Memory. This function allows skills to perform high-level semantic sweeps of the Memex based on tags, TODO states, or Org element types. It returns a list of ~org-object~ structures.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-query-store (&key tag todo-state type)
-  "Filters the Memory based on tags, todo states, or types."
-  (let ((results nil))
-    (maphash (lambda (id obj)
-               (declare (ignore id))
-               (let* ((attrs (org-object-attributes obj)) (state (getf attrs :TODO-STATE)) (match t))
-                 (when (and type (not (eq (org-object-type obj) type))) (setf match nil))
-                 (when tag (unless (search tag (format nil "~a" (getf attrs :TAGS)) :test #'string-equal) (setf match nil)))
-                 (when (and todo-state (not (equal state todo-state))) (setf match nil))
-                 (when match (push obj results))))
-             *memory*)
-    results))
-#+end_src
-
-** Active Projects (context-get-active-projects)
-Identifies headlines tagged with ~project~ that have not yet reached a terminal ~DONE~ state. This provides the primary high-level structure for the agent's global awareness.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-get-active-projects ()
-  "Returns headlines tagged as 'project' that are not yet marked DONE."
-  (remove-if (lambda (obj) (equal (getf (org-object-attributes obj) :TODO-STATE) "DONE"))
-             (context-query-store :tag "project" :type :HEADLINE)))
-#+end_src
-
-** Completed Tasks (context-get-recent-completed-tasks)
-Retrieves a list of tasks that have reached the terminal ~DONE~ state. This is useful for providing the agent with historical context or for generating summaries of recent work.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-get-recent-completed-tasks () 
-  "Retrieves recently finished tasks from the store."
-  (context-query-store :todo-state "DONE" :type :HEADLINE))
-#+end_src
-
-** Capability Discovery (context-list-all-skills)
-Provides a sorted list of all currently loaded skills. In a "Self-Writing" environment, the agent must be able to discover and understand its own capabilities. This function provides the metadata necessary for the agent to decide which skill to trigger or how to resolve dependencies.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-list-all-skills ()
-  "Provides a sorted overview of currently loaded system capabilities."
-  (let ((results nil))
-    (maphash (lambda (name skill)
-               (declare (ignore name))
-               (push (list :name (skill-name skill) :priority (skill-priority skill) :dependencies (skill-dependencies skill)) results))
-             *skills-registry*)
-    (sort results #'> :key (lambda (x) (getf x :priority)))))
-#+end_src
-
-** Skill Inspection (context-get-skill-source)
-Reads the raw literate Org source of a specific skill. This is a foundational capability for an agent expected to eventually "self-write" or perform its own maintenance. By reading the literate source, the agent can understand the *intent* behind a skill's logic before proposing a modification. We use the `SKILLS_DIR` environment variable to locate the source files.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-get-skill-source (skill-name)
-  "Reads the raw literate source of a specific skill for inspection."
-  (let* ((filename (format nil "~a.org" skill-name))
-         (skills-dir-str (or (uiop:getenv "SKILLS_DIR") (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-         (skills-dir (uiop:ensure-directory-pathname (context-resolve-path skills-dir-str)))
-         (full-path (merge-pathnames filename skills-dir)))
-    (if (uiop:file-exists-p full-path) (uiop:read-file-string full-path) nil)))
-#+end_src
-
-** Harness Logs (context-get-system-logs)
-Retrieves the most recent entries from the harness's internal circular log buffer. This allows the Probabilistic Engine to see recent errors or successful dispatches, enabling it to course-correct or explain failures to the user. The log limit is externalized to `CONTEXT_LOG_LIMIT`.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-get-system-logs (&optional limit)
-  "Retrieves the most recent lines from the harness's internal log."
-  (let ((log-limit (or limit (ignore-errors (parse-integer (uiop:getenv "CONTEXT_LOG_LIMIT"))) 20)))
-    (bt:with-lock-held (*logs-lock*)
-      (let ((count (min log-limit (length *system-logs*)))) 
-        (subseq *system-logs* 0 count)))))
-#+end_src
-
-** AST to Org Rendering (context-render-to-org)
-This is the core engine of the Foveal-Peripheral model. It recursively transforms the internal ~org-object~ graph back into an Org-mode string. 
-
-It implements the following deterministic logic:
-1.  **Depth 1 & 2:** Always rendered (High-level mental map).
-2.  **Foveal Node:** Rendered with full body content.
-3.  **Semantic Neighbors:** Rendered with full content if their similarity score exceeds the threshold.
-4.  **Peripheral Nodes:** Rendered as skeletal headlines (titles and IDs only).
-
-The semantic threshold is externalized to `CONTEXT_SEMANTIC_THRESHOLD`.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-render-to-org (obj &key (depth 1) (foveal-id nil) semantic-threshold (foveal-vector nil))
-  "Recursively renders an org-object and its children to an Org string using a Foveal-Peripheral Hybrid model."
-  (let* ((id (org-object-id obj))
-         (is-foveal (equal id foveal-id))
-         (title (or (getf (org-object-attributes obj) :TITLE) "Untitled"))
-         (content (org-object-content obj))
-         (children (org-object-children obj))
-         (stars (make-string depth :initial-element #\*))
-         (obj-vector (org-object-vector obj))
-         (threshold (or semantic-threshold (ignore-errors (read-from-string (uiop:getenv "CONTEXT_SEMANTIC_THRESHOLD"))) 0.75))
-         (similarity (if (and foveal-vector obj-vector (not is-foveal))
-                         (cosine-similarity foveal-vector obj-vector)
-                         0.0))
-         (is-semantically-relevant (>= similarity threshold))
-         ;; We always render depth 1 and 2 (Projects and main tasks).
-         ;; We always render the foveal node and its immediate children.
-         ;; We render deeper nodes ONLY if they are semantically relevant.
-         (should-render (or (<= depth 2) is-foveal is-semantically-relevant))
-         (output ""))
-    
-    (when should-render
-      (setf output (format nil "~a ~a~%:PROPERTIES:~%:ID: ~a~%" stars title id))
-      (when is-semantically-relevant
-        (setf output (concatenate 'string output (format nil ":SEMANTIC_SCORE: ~,2f~%" similarity))))
-      (setf output (concatenate 'string output (format nil ":END:~%")))
-      
-      ;; Only include full body content if this is the Foveal focus or highly relevant
-      (when (and content (or is-foveal is-semantically-relevant))
-        (setf output (concatenate 'string output content (string #\Newline))))
-      
-      ;; Recursively render children
-      (dolist (child-id children)
-        (let ((child-obj (lookup-object child-id)))
-          (when child-obj
-            ;; If the current node is Foveal, its children should be rendered (depth effectively resets)
-            (let ((next-foveal (if is-foveal child-id foveal-id)))
-              (setf output (concatenate 'string output 
-                                        (context-render-to-org child-obj 
-                                                               :depth (1+ depth) 
-                                                               :foveal-id next-foveal
-                                                               :semantic-threshold threshold
-                                                               :foveal-vector foveal-vector))))))))
-    output))
-#+end_src
-
-** Path Resolution (context-resolve-path)
-A utility function that expands environment variables (like ~$HOME~ or ~$MEMEX_ROOT~) within path strings. This ensures that the agent can interact with files across different machine configurations without hardcoding absolute paths. This version is more robust, supporting multiple environment variables throughout the string.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-resolve-path (path-string)
-  "Expands environment variables and strips literal quotes from a path string."
-  (let ((path (if (stringp path-string) 
-                  (string-trim '(#\" #\' #\Space) path-string)
-                  path-string)))
-    (if (and (stringp path) (search "$" path))
-        (let ((result path))
-          (ppcre:do-register-groups (var-name) ("\\$([A-Za-z0-9_]+)" path)
-            (let ((var-val (uiop:getenv var-name)))
-              (when var-val
-                (setf result (ppcre:regex-replace (format nil "\\$~a" var-name) result var-val)))))
-          result)
-        path)))
-#+end_src
-
-** Global Awareness (context-assemble-global-awareness)
-The primary entry point for context generation. This function identifies active projects and the current user focus (captured during the Perceive stage), then invokes the recursive renderer to assemble the pruned Org-mode skeletal outline sent to the LLM.
-
-#+begin_src lisp :tangle ../library/context.lisp
-(defun context-assemble-global-awareness (&optional signal)
-  "Produces a high-level skeletal outline of the current Memory for the LLM."
-  (let* ((foveal-id (or (getf signal :foveal-focus) 
-                        (ignore-errors (getf (getf signal :payload) :target-id))))
-         (projects (context-get-active-projects))
-         (output "GLOBAL MEMEX AWARENESS (Peripheral Vision):
-"))
-    (if projects
-        (dolist (project projects)
-          (setf output (concatenate 'string output
-                                    (context-render-to-org project :foveal-id foveal-id))))
-        (setf output (concatenate 'string output "No active projects found.~%")))
-    output))
-#+end_src
-
-* Phase E: Chaos (Verification)
-Following the Engineering Standards, the peripheral vision extraction and rendering logic must be empirically verified. 
-
-** Test Suite Context
-#+begin_src lisp :tangle ../tests/peripheral-vision-tests.lisp
-(defpackage :opencortex-peripheral-vision-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:vision-suite))
-(in-package :opencortex-peripheral-vision-tests)
-
-(def-suite vision-suite
-  :description "Verification of Foveal-Peripheral context model.")
-(in-suite vision-suite)
-#+end_src
-
-** Foveal Rendering Test
-Verify that the foveal target is rendered with content, while siblings are skeletal.
-
-#+begin_src lisp :tangle ../tests/peripheral-vision-tests.lisp
-(test test-foveal-rendering
-  "Verify that the foveal target is rendered with content, while siblings are skeletal."
-  (clrhash opencortex::*memory*)
-  (let* ((ast '(:type :HEADLINE :properties (:ID "proj-root" :TITLE "Project" :TAGS "project")
-                :contents ((:type :HEADLINE :properties (:ID "node-foveal" :TITLE "Foveal Node")
-                            :raw-content "FOVEAL CONTENT" :contents nil)
-                           (:type :HEADLINE :properties (:ID "node-peripheral" :TITLE "Peripheral Node")
-                            :raw-content "PERIPHERAL CONTENT" :contents nil)))))
-    (ingest-ast ast)
-    ;; Test both foveal focus in signal top-level and in payload (legacy)
-    (let ((output (context-assemble-global-awareness (list :foveal-focus "node-foveal"))))
-      (is (search "FOVEAL CONTENT" output))
-      (is (search "* Peripheral Node" output))
-      (is (not (search "PERIPHERAL CONTENT" output))))))
-#+end_src
-
-** Awareness Budget Test
-Verify that context-assemble-global-awareness handles multiple projects correctly.
-
-#+begin_src lisp :tangle ../tests/peripheral-vision-tests.lisp
-(test test-awareness-budget
-  "Verify that context-assemble-global-awareness handles multiple projects."
-  (clrhash opencortex::*memory*)
-  (ingest-ast '(:type :HEADLINE :properties (:ID "p1" :TITLE "Project 1" :TAGS "project") :contents nil))
-  (ingest-ast '(:type :HEADLINE :properties (:ID "p2" :TITLE "Project 2" :TAGS "project") :contents nil))
-  (let ((output (context-assemble-global-awareness)))
-    (is (search "Project 1" output))
-    (is (search "Project 2" output))))
-#+end_src
--- a/harness/loop.org
+++ b/harness/loop.org
@@ -1,318 +0,0 @@
-#+TITLE: The Metabolic Loop (loop.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:loop:
-#+STARTUP: content
-
-* The Metabolic Loop (loop.lisp)
-** Architectural Intent
-
-The Metabolic Loop is the /cranial nerve reflex/ of OpenCortex. While skills provide specialized intelligence, the loop provides the fundamental rhythm of existence: the continuous processing of signals from perception through cognition to action.
-
-Unlike a simple event loop, the Metabolic Loop implements a sophisticated error recovery model. When the system encounters an error, it distinguishes between:
-
-1. *Transient errors* (tool failures, network timeouts) - recoverable, no state rollback
-2. *Critical errors* (undefined functions, malformed data structures) - require memory rollback
-3. *Recursive loops* (signals generating more signals indefinitely) - depth limit enforcement
-
-This design ensures the agent remains stable under adverse conditions while preserving the ability to recover from genuine system failures.
-
-** Why Separate Perceive-Reason-Act?
-
-The three-stage pipeline mirrors the classical sense-think-act paradigm but with a crucial difference: each stage is a pure function that transforms a signal. This allows:
-
- *Perceive* to normalize raw input into a standardized signal format
- *Reason* to transform the perceived signal into an approved action (or reject it)
- *Act* to execute the approved action and potentially generate a feedback signal
-
-The feedback loop (Act returning a signal that feeds back into Perceive) enables complex multi-step operations where each action can trigger subsequent reasoning.
-
-** Thread Safety
-
-The loop operates in a multi-threaded environment:
- The main thread runs the heartbeat and idle loop
- Async sensors spawn threads for non-blocking I/O
- Interrupt handling requires mutex protection to prevent race conditions
-
-* Package and Thread-Safe Variables
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(in-package :opencortex)
-
-(defvar *interrupt-flag* nil
-  "Atomic flag set by signal handlers to trigger graceful shutdown.
-  Using a dedicated variable avoids race conditions in interrupt handling.")
-
-(defvar *interrupt-lock* (bt:make-lock "harness-interrupt-lock")
-  "Mutex protecting *interrupt-flag* access.
-  Locking is required because SBCL's interrupt handlers run in uncertain contexts.")
-
-(defvar *heartbeat-thread* nil
-  "Handle to the heartbeat thread, allowing explicit termination on shutdown.")
-#+end_src
-
-* The Metabolic Pipeline
-
-** process-signal: The Core Engine
-
-This function implements the Perceive-Reason-Act pipeline. It processes a signal through all three stages and handles the feedback loop where Actions can generate new signals.
-
-The depth counter prevents infinite recursion—a signal that generates another signal that generates another, etc. By limiting to depth 10, we ensure the system eventually converges or gracefully terminates.
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(defun process-signal (signal)
-  "The entry point to the Metabolic Pipeline: Perceive -> Reason -> Act.
-
-  SIGNAL is a property list with the following structure:
-  - :type - :EVENT, :REQUEST, :RESPONSE, etc.
-  - :payload - The actual content (sensor data, approved actions, etc.)
-  - :meta - Metadata including source, session, reply stream
-  - :depth - Recursion depth counter (starts at 0)
-  - :status - Processing status (:perceived, :reasoned, :acted)
-
-  Returns NIL when processing is complete, or a new signal for feedback loop."
-
-  (let ((current-signal signal))
-    (loop while current-signal do
-
-      ;; Depth limiting prevents infinite recursion from feedback loops
-      (let ((depth (getf current-signal :depth 0))
-            (meta (getf current-signal :meta)))
-        (when (> depth 10)
-          (harness-log "METABOLISM ERROR: Max recursion depth reached.")
-          (return nil))
-
-        ;; Check for graceful shutdown interrupt
-        (when (bt:with-lock-held (*interrupt-lock*) *interrupt-flag*)
-          (harness-log "METABOLISM: Interrupted by shutdown signal.")
-          (bt:with-lock-held (*interrupt-lock*) (setf *interrupt-flag* nil))
-          (return nil))
-
-        ;; The three-stage pipeline wrapped in error handling
-        (handler-case
-            (progn
-              ;; Stage 1: Perceive - normalize sensory input
-              (setf current-signal (perceive-gate current-signal))
-
-              ;; Stage 2: Reason - generate and verify action proposals
-              (setf current-signal (reason-gate current-signal))
-
-              ;; Stage 3: Act - execute approved actions
-              (let ((feedback (act-gate current-signal)))
-                (if feedback
-                    ;; Action generated a feedback signal - continue processing
-                    (progn
-                      ;; Preserve metadata from original signal
-                      (unless (getf feedback :meta)
-                        (setf (getf feedback :meta) meta))
-                      (setf current-signal feedback))
-                    ;; No feedback - pipeline complete
-                    (setf current-signal nil))))
-
-          ;; Error recovery with differentiated response
-          (error (c)
-            (let ((sensor (ignore-errors (getf (getf current-signal :payload) :sensor))))
-              (harness-log "METABOLISM CRASH [~a]: ~a" (or sensor :unknown) c)
-
-              ;; Only rollback memory on critical errors, not transient tool failures
-              ;; This prevents losing recent context due to a single bad API call
-              (unless (member sensor '(:loop-error :tool-error :syntax-error))
-                (harness-log "CRITICAL ERROR: Initiating Micro-Rollback.")
-                (rollback-memory 0))
-
-              ;; At deep recursion or known error types, terminate gracefully
-              (if (or (> depth 2) (member sensor '(:loop-error :tool-error)))
-                  (setf current-signal nil)
-                  ;; Otherwise, convert error to a loop-error signal for retry
-                  (setf current-signal
-                        (list :type :EVENT
-                              :depth (1+ depth)
-                              :meta meta
-                              :payload (list :sensor :loop-error
-                                           :message (format nil "~a" c)
-                                           :depth depth)))))))))))
-#+end_src
-
-** The Feedback Loop Explained
-
-The pipeline implements a feedback loop where Act can return a new signal:
-
-1. User input arrives → Perceive normalizes it
-2. Reason generates an action → Act executes it
-3. If the action was a tool call that returned new information → Act returns a feedback signal
-4. Feedback signal feeds back into step 1 for further reasoning
-
-This enables multi-step workflows where each action can trigger additional analysis.
-
-* Heartbeat Mechanism
-
-The heartbeat thread ensures the agent remains alive even without external input. It drives two critical functions:
-
-1. **Latent reflection** - the agent can think without external prompting
-2. **Periodic maintenance** - memory auto-save, orphan detection, etc.
-
-** Heartbeat Configuration Variables
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(defvar *auto-save-interval* 300
-  "Interval in seconds between automatic memory saves.
-  Defaults to 300 seconds (5 minutes). Set via MEMORY_AUTO_SAVE_INTERVAL env var.")
-
-(defvar *heartbeat-save-counter* 0
-  "Tracks heartbeats since last save, used to calculate auto-save timing.")
-#+end_src
-
-** start-heartbeat: The Pulsing Heart
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(defun start-heartbeat ()
-  "Starts the background heartbeat thread.
-
-  The heartbeat runs in a dedicated thread to avoid blocking the main
-  signal processing loop. Each heartbeat:
-
-  1. Injects a :HEARTBEAT signal into the metabolic pipeline
-  2. Checks if memory should be auto-saved (based on interval ratio)
-
-  Configuration via environment:
-  - HEARTBEAT_INTERVAL: Seconds between heartbeats (default: 60)
-  - MEMORY_AUTO_SAVE_INTERVAL: Seconds between auto-saves (default: 300)"
-
-  (let ((interval (or (ignore-errors (parse-integer (uiop:getenv "HEARTBEAT_INTERVAL"))) 60))
-        (auto-save (or (ignore-errors (parse-integer (uiop:getenv "MEMORY_AUTO_SAVE_INTERVAL"))) *auto-save-interval*)))
-    (setf *auto-save-interval* auto-save)
-    (setf *heartbeat-save-counter* 0)
-
-    (setf *heartbeat-thread*
-          (bt:make-thread
-           (lambda ()
-             (loop
-               ;; Wait for interval
-               (sleep interval)
-
-               ;; Update counter and check if it's time to save
-               (incf *heartbeat-save-counter*)
-               (when (>= *heartbeat-save-counter* (/ *auto-save-interval* interval))
-                 (setf *heartbeat-save-counter* 0)
-                 (save-memory-to-disk))
-
-               ;; Inject heartbeat signal - this runs through the full pipeline
-               ;; allowing the agent to do latent reflection even with no input
-               (inject-stimulus
-                 (list :type :EVENT
-                       :payload (list :sensor :heartbeat
-                                    :unix-time (get-universal-time)))))
-
-            :name "opencortex-heartbeat")))))
-#+end_src
-
-* Main Entry Point
-
-** Shutdown Configuration
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(defvar *shutdown-save-enabled* t
-  "When T, save memory to disk on graceful shutdown.
-  Disable for testing or when memory persistence is handled externally.")
-#+end_src
-
-** main: System Bootstrap and Idle Loop
-
-The main function orchestrates system startup:
-
-1. Load environment variables from ~/.local/share/opencortex/.env
-2. Restore memory from previous snapshot (crash recovery)
-3. Initialize actuators and load all skills
-4. Start the heartbeat thread
-5. Register SIGINT handler for graceful Ctrl+C shutdown
-6. Enter idle loop (sleeping in 1-hour increments)
-
-#+begin_src lisp :tangle ../library/loop.lisp
-(defun main ()
-  "Entry point for OpenCortex. Initializes the system and enters idle loop.
-
-  Startup sequence:
-  1. Load environment from ~/.local/share/opencortex/.env
-  2. Restore memory from disk (if snapshot exists)
-  3. Initialize actuators (shell, cli, system)
-  4. Load all skills from SKILLS_DIR
-  5. Start heartbeat thread
-  6. Register SIGINT handler for graceful shutdown
-  7. Enter idle loop (sleeps in DAEMON_SLEEP_INTERVAL chunks)
-
-  The idle loop checks for interrupts and saves memory before exit."
-
-  ;; Step 1: Load environment variables from standard location
-  (let* ((home (uiop:getenv "HOME"))
-         (env-file (uiop:merge-pathnames*
-                     ".local/share/opencortex/.env"
-                     (uiop:ensure-directory-pathname home))))
-    (when (uiop:file-exists-p env-file)
-      (cl-dotenv:load-env env-file)))
-
-  ;; Step 2: Crash recovery - load memory from previous snapshot
-  (load-memory-from-disk)
-
-  ;; Step 3-4: Initialize actuators and load skills
-  (initialize-actuators)
-  (initialize-all-skills)
-
-  ;; Step 5: Start the heartbeat
-  (start-heartbeat)
-
-  ;; Step 6: Register graceful shutdown handler
-  ;; SBCL-specific: catches Ctrl+C (SIGINT) and saves before exit
-  #+sbcl
-  (sb-sys:enable-interrupt sb-unix:sigint
-                           (lambda (sig code scp)
-                             (declare (ignore sig code scp))
-                             (harness-log "SHUTDOWN: SIGINT received. Saving memory...")
-                             (when *shutdown-save-enabled*
-                               (save-memory-to-disk))
-                             (uiop:quit 0)))
-
-  ;; Step 7: Idle loop - sleep in chunks, checking for interrupts
-  (let ((sleep-interval (or (ignore-errors
-                              (parse-integer (uiop:getenv "DAEMON_SLEEP_INTERVAL")))
-                            3600)))
-    (loop
-      ;; Check for interrupt before each sleep cycle
-      (when (bt:with-lock-held (*interrupt-lock*) *interrupt-flag*)
-        (harness-log "SHUTDOWN: Interrupt flag set. Saving memory...")
-        (when *shutdown-save-enabled*
-          (save-memory-to-disk))
-        (return))
-
-      ;; Sleep in configured intervals (default: 1 hour)
-      (sleep sleep-interval))))
-#+end_src
-
-* Test Suite
-
-These tests verify the metabolic loop and error recovery. Run with:
-~(fiveam:run! 'immune-suite)~
-
-#+begin_src lisp :tangle ../tests/immune-system-tests.lisp
-(defpackage :opencortex-immune-system-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:immune-suite))
-
-(in-package :opencortex-immune-system-tests)
-
-(def-suite immune-suite
-  :description "Verification of the Immune System (Core Error Hooks)")
-
-(in-suite immune-suite)
-
-(test loop-error-injection
-  "Verify that a crash in think/decide triggers a :loop-error stimulus."
-  (clrhash opencortex::*skills-registry*)
-  (opencortex:defskill :evil-skill
-    :priority 100
-    :trigger (lambda (ctx) (eq (getf (getf ctx :payload) :sensor) :user-input))
-    :probabilistic (lambda (ctx) (error "CRITICAL BRAIN FAILURE"))
-    :deterministic nil)
-  (opencortex:harness-log "CLEAN LOG")
-  (opencortex:process-signal '(:type :EVENT :payload (:sensor :user-input)))
-  (let ((logs (opencortex:context-get-system-logs 20)))
-    (is (not (null (find-if (lambda (line) (search "CRITICAL BRAIN FAILURE" line)) logs))))))
-#+end_src
--- a/harness/manifest.org
+++ b/harness/manifest.org
@@ -1,242 +0,0 @@
-#+TITLE: Manifest (opencortex.asd)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:system:
-#+STARTUP: content
-
-* Manifest (opencortex.asd)
-
-** Architectural Intent: The Thin Harness Philosophy
-
-The ~opencortex.asd~ file is the physical blueprint of the Lisp Machine. It uses **ASDF** (Another System Definition Facility) to orchestrate compilation and loading of all harness modules.
-
-The core design principle is *Thin Harness, Fat Skills*:
-
- **Harness** = The minimal, unbreakable core (protocol, signal processing, memory)
- **Skills** = The intelligence layer (policy, validation, actuation, LLM integration)
-
-This separation means:
- The harness rarely changes (immune system)
- Skills can be hot-loaded, modified, and swapped without touching the core
- Bugs in skills don't crash the system
-
-** Why ASDF?**
-
-ASDF is the de facto standard for Common Lisp project management. It:
-1. Handles dependency resolution and loading order
-2. Compiles files in the right order (preventing "undefined function" errors)
-3. Supports system building for deployment
-4. Integrates with Quicklisp for dependency management
-
-* The Build Pipeline
-
-#+begin_src mermaid
-flowchart TD
-    Org[Literate Org Files] -- Org-Babel Tangle --> Lisp[Source .lisp Files]
-    Lisp --> ASDF[ASDF Manifest: opencortex.asd]
-    ASDF --> Loader[SBCL Compiler / Loader]
-    Loader --> Image[Live Harness Image]
-    Image -- Build --> Binary[Standalone Binary]
-
-    subgraph Skills["Skills Layer (Dynamic)"]
-        S1[Policy Skill]
-        S2[Bouncer Skill]
-        S3[LLM Gateway]
-        S4[...other skills]
-    end
-
-    Image --> Skills
-#+end_src
-
-* Design Decisions
-
-** Strict Serial Loading
-
-The harness uses ~:serial t~ in the ASDF definition. This means:
-
-1. Files are loaded in order: package → skills → communication → memory → context → perceive → reason → act → loop
-2. ~package.lisp~ is always loaded before any code that uses its symbols
-3. ~skills.lisp~ (defining macros like ~defskill~, ~def-cognitive-tool~) loads before skills
-
-This eliminates "macro not found" errors that plague non-linear loading systems.
-
-** Why Not Module Dependencies?**
-
-Traditional ASDF uses ~:depends-on~ to declare dependencies. We use ~:serial t~ because:
-
-1. *Explicit is better than implicit* - the loading order is visible in one place
-2. *Prevents circular dependencies* - skills are loaded after the harness, never before
-3. *Simpler debugging* - when something fails, the loading order is always clear
-
-** Isolation of Tests
-
-The testing system (~:opencortex/tests~) is separate from the production system (~:opencortex~). This means:
-
- Production deployments don't load FiveAM (saves memory, reduces attack surface)
- Tests can be run independently: ~(ql:quickload :opencortex/tests)~
- Test data doesn't pollute the production image
-
-* System Definitions
-
-** Main Harness System
-
-#+begin_src lisp :tangle ../opencortex.asd
-(defsystem :opencortex
-  :name "opencortex"
-  :author "Amr"
-  :version "0.1.0"
-  :license "AGPLv3"
-  :description "The Probabilistic-Deterministic Lisp Machine Harness"
-
-  :depends-on (:usocket              ; TCP socket networking
-               :bordeaux-threads     ; Threading (heartbeat, async sensors)
-               :dexador              ; HTTP client (LLM APIs)
-               :uiop                 ; Portable I/O, file operations
-               :cl-dotenv            ; Environment variable loading
-               :cl-ppcre             ; Regular expressions (parsing)
-               :hunchentoot          ; HTTP server (optional web interface)
-               :ironclad             ; Cryptography (Merkle hashing)
-               :str                  ; String utilities
-               :cl-json              ; JSON parsing/serialization
-               :uuid)                ; UUID generation for org-mode IDs
-
-  :serial t                          ; Load files in order listed below
-
-   :components ((:file "library/package")           ; Package definitions, core vars
-                (:file "library/skills")            ; Skill engine, cognitive tools
-                (:file "library/communication")     ; Protocol, framing
-                (:file "library/communication-validator") ; Schema validation
-                (:file "library/memory")            ; Org-object store, snapshots
-                (:file "library/context")           ; Context assembly, query
-                (:file "library/perceive")         ; Stage 1: Sensory normalization
-                (:file "library/reason")           ; Stage 2: Neural + deterministic
-                (:file "library/act")               ; Stage 3: Actuation
-                (:file "library/loop"))             ; Main entry, heartbeat
-
-  :build-operation "program-op"
-  :build-pathname "opencortex-server"
-  :entry-point "opencortex:main")
-#+end_src
-
-** Test System
-
-#+begin_src lisp :tangle ../opencortex.asd
-(defsystem :opencortex/tests
-  :depends-on (:opencortex           ; The harness we're testing
-               :fiveam)              ; Testing framework
-
-   :components ((:file "library/gen/org-skill-emacs-edit")
-                (:file "library/gen/org-skill-lisp-utils")
-                (:file "tests/communication-tests")
-                (:file "tests/pipeline-tests")
-                (:file "tests/act-tests")
-                (:file "tests/boot-sequence-tests")
-                (:file "tests/memory-tests")
-                (:file "tests/immune-system-tests")
-                (:file "tests/emacs-edit-tests")
-                (:file "tests/lisp-utils-tests"))
-
-   :perform (test-op (o s)
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :communication-protocol-suite :opencortex-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :pipeline-suite :opencortex-pipeline-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :boot-suite :opencortex-boot-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :memory-suite :opencortex-memory-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :immune-suite :opencortex-immune-system-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :emacs-edit-suite :opencortex-emacs-edit-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :lisp-utils-suite :opencortex-lisp-utils-tests))))
-#+end_src
-
-** TUI Client System
-
-#+begin_src lisp :tangle ../opencortex.asd
-(defsystem :opencortex/tui
-  :depends-on (:opencortex           ; The daemon we're connecting to
-               :croatoan            ; Terminal UI library
-               :usocket              ; Socket communication
-               :bordeaux-threads)    ; Background listening thread
-
-  :components ((:file "library/tui-client")))
-#+end_src
-
-* The Harness Boundary Contract
-
-** Why a Boundary Contract?
-
-The harness is the immune system of OpenCortex. If it grows fat (accumulating features, dependencies, complexity), it becomes harder to:
- Verify for security
- Debug when things go wrong
- Maintain across versions
-
-The Boundary Contract defines what IS the harness vs. what belongs in skills.
-
-** Primary Boundary Files
-
-| File | Purpose | Modification |
-|------|---------|--------------|
-| ~harness/*.org~ | Literate source of truth | Only via Org edits + tangle |
-| ~opencortex.asd~ | System manifest | Only via Org edits + tangle |
-| ~library/*.lisp~ | Tangled from .org | NEVER edit directly |
-
-** Generated Artifacts (NOT Primary)
-
-The ~library/*.lisp~ files are tangles from the ~harness/*.org~ files. They are derivative artifacts. Direct modification violates the Literate Granularity standard.
-
-** Protected Paths
-
-The Policy skill guards these paths by default:
-
-#+begin_src lisp
-(defvar *modularity-protected-paths*
-  '("harness/"
-    "opencortex.asd"
-    "library/package.lisp"
-    "library/communication.lisp"
-    "library/memory.lisp"
-    "library/context.lisp"
-    "library/perceive.lisp"
-    "library/reason.lisp"
-    "library/act.lisp"
-    "library/loop.lisp"))
-#+end_src
-
-Any agent action proposing to modify these files must include a ~:modularity-justification~ field explaining why the change cannot be implemented as a skill.
-
-** Enforcement Chain
-
-1. *Policy Skill* (priority 500) - Checks for missing justifications
-2. *Bouncer Skill* (priority 100) - Intercepts unauthorized modifications
-3. *Git Hooks* (optional) - Prevents direct .lisp commits
-
-* Quick Reference
-
-** Building the System
-
-#+begin_src bash
-# Development: Load source
-(ql:quickload :opencortex)
-
-# Build standalone binary
-(asdf:make :opencortex)
-
-# Run tests
-(ql:quickload :opencortex/tests)
-(asdf:test-system :opencortex/tests)
-#+end_src
-
-** Loading Order
-
-1. ~library/package.lisp~ - Creates ~:opencortex~ package
-2. ~library/skills.lisp~ - Defines ~defskill~, ~def-cognitive-tool~ macros
-3. ~library/communication.lisp~ - Protocol, framing, validation
-4. ~library/memory.lisp~ - Org-object, Merkle tree, snapshots
-5. ~library/context.lisp~ - Context assembly functions
-6. ~library/perceive.lisp~ - Stage 1: Perceive gate
-7. ~library/reason.lisp~ - Stage 2: Reason (think + verify)
-8. ~library/act.lisp~ - Stage 3: Act (dispatch + execute)
-9. ~library/loop.lisp~ - Main entry point, heartbeat
--- a/harness/memory.org
+++ b/harness/memory.org
@@ -1,486 +0,0 @@
-#+TITLE: The System Memory (memory.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:memory:
-#+STARTUP: content
-
-* The System Memory (memory.lisp)
-** Architectural Intent: The Single Address Space (Live Memory)
-
-Yes, the Memory module is the cognitive bedrock of the opencortex. It is not a database; it is the agent's live, active "brain" state.
-
-Traditional architectures rely on external databases (SQLite, Vector DBs) which introduce I/O latency and structural impedance. The opencortex architecture chooses a different path: the **Single Address Space**. By treating the entire knowledge base as a graph of Lisp pointers, we achieve microsecond recollection and total structural transparency.
-
- **Pointer-Based Reasoning:** By loading the entire knowledge graph into a live Common Lisp hash table, we achieve microsecond recollection. The harness doesn't "search a file"; it traverses a memory pointer.
- **Memory Imaging:** The ability to snapshot the Lisp image allows the agent to resume its entire cognitive state instantly, solving the "Cold Start" problem.
- **Merkle-Tree Integrity:** Every node in the Memory is cryptographically hashed. By recursively hashing content and children, the root hash provides a single, immutable fingerprint of the entire system state.
-
-** System Architecture
-#+begin_src mermaid
-flowchart TD
-    subgraph LispMachine[Lisp Machine]
-        H[Harness Pipeline] --> OS[(Memory)]
-        S1[Skill: Architect] --> OS
-        S2[Skill: Analyst] --> OS
-        S3[Skill: GTD] --> OS
-        H -- Pointers --> S1
-        H -- Pointers --> S2
-    end
-    subgraph IPCSlow[External Layer]
-        E[Emacs / Actuators] -. communication protocol .-> H
-    end
-#+end_src
-
-** Package Context
-#+begin_src lisp :tangle ../library/memory.lisp
-(in-package :opencortex)
-#+end_src
-
-** The Object Repository
-The `*memory*` is the global hash table that holds every Org element by its unique ID. This is the "live RAM" of the agent's memory.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defvar *memory* (make-hash-table :test 'equal))
-
-(defvar *history-store* (make-hash-table :test 'equal)
-  "Immutable Merkle-Tree versioning store mapping hashes to objects.")
-#+end_src
-
-** The Data Structure (org-object)
-Every element in the Memex (headlines, paragraphs, etc.) is represented by an `org-object` structure. It contains both semantic metadata (attributes, content) and structural metadata (parent/child pointers, Merkle hashes).
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defstruct org-object
-  id type attributes content vector parent-id children version last-sync hash)
-
-;; Enable serialization via make-load-form (standard CL)
-(defmethod make-load-form ((obj org-object) &optional env)
-  (make-load-form-saving-slots obj :environment env))
-#+end_src
-
-** Merkle Tree Integrity (compute-merkle-hash)
-The `compute-merkle-hash` function ensures the cryptographic integrity of the knowledge graph. A node's hash depends on its own properties and the hashes of all its children. This creates a recursive fingerprint where any change to a single note propagates up to the root hash.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defun compute-merkle-hash (id type attributes content child-hashes)
-  "Computes a SHA-256 Merkle hash for a node based on its core properties and children's hashes."
-  (let* ((alist (loop for (k v) on attributes by #'cddr collect (cons k v)))
-         (sorted-alist (sort alist #'string< :key (lambda (x) (format nil "~a" (car x)))))
-         (attr-string (format nil "~s" sorted-alist))
-         (children-string (format nil "~{~a~}" child-hashes))
-         (data-string (format nil "ID:~a|TYPE:~s|ATTRS:~a|CONTENT:~a|CHILDREN:~a"
-                              id type attr-string (or content "") children-string))
-         (digester (ironclad:make-digest :sha256)))
-    (ironclad:update-digest digester (ironclad:ascii-string-to-byte-array data-string))
-    (ironclad:byte-array-to-hex-string (ironclad:produce-digest digester))))
-#+end_src
-
-** Ingesting the AST (ingest-ast)
-The `ingest-ast` function is the primary bridge between the external world (Emacs/JSON) and the internal Lisp machine. It recursively parses an Org-mode Abstract Syntax Tree (AST) into `org-object` structures and registers them in the store.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defun ingest-ast (ast &optional parent-id)
-  "Parses an Org AST into the recursive Lisp Memory with Merkle hashing."
-  (let* ((type (getf ast :type))
-         (props (getf ast :properties))
-         (id (or (getf props :ID) (format nil "temp-~a" (get-universal-time))))
-         (contents (getf ast :contents))
-         (raw-content (when (eq type :HEADLINE)
-                        (format nil "~a~%~a" (getf props :TITLE) (or (cl:getf ast :raw-content) ""))))
-         (should-embed (and raw-content (equal (getf props :EMBED) "t")))
-         (child-ids nil)
-         (child-hashes nil))
-    (dolist (child contents)
-      (when (listp child)
-        (let ((child-id (ingest-ast child id)))
-          (push child-id child-ids)
-          (let ((child-id-val child-id))
-             (let ((child-obj (lookup-object child-id-val)))
-               (when child-obj (push (org-object-hash child-obj) child-hashes)))))))
-    (setf child-ids (nreverse child-ids))
-    (setf child-hashes (nreverse child-hashes))
-    (let* ((hash (compute-merkle-hash id type props raw-content child-hashes))
-           (existing-obj (gethash hash *history-store*))
-           (obj (or existing-obj
-                    (make-org-object 
-                     :id id :type type :attributes props :content raw-content
-                     :vector (when should-embed (get-embedding raw-content))
-                     :parent-id parent-id :children child-ids
-                     :version (get-universal-time) :last-sync (get-universal-time)
-                     :hash hash))))
-      (unless existing-obj
-        (setf (gethash hash *history-store*) obj))
-      (setf (gethash id *memory*) obj)
-      id)))
-#+end_src
-
-** Memory Snapshots (snapshot-memory)
-Because objects are stored immutably in the `*history-store*`, a snapshot is a lightweight shallow copy of the active `*memory*` pointers. The system maintains a rolling buffer of 20 snapshots, allowing for near-instant, zero-cost rollback.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defvar *object-store-snapshots* nil)
-
-(defun copy-hash-table (hash-table)
-  "Creates a shallow copy of a hash table."
-  (let ((new-table (make-hash-table :test (hash-table-test hash-table) 
-                                    :size (hash-table-size hash-table))))
-    (maphash (lambda (k v) (setf (gethash k new-table) v)) hash-table)
-    new-table))
-
-(defun snapshot-memory ()
-  "Creates a lightweight, Copy-on-Write snapshot using Merkle-Tree pointers."
-  (let ((snapshot (copy-hash-table *memory*)))
-    (push (list :timestamp (get-universal-time) :data snapshot) *object-store-snapshots*)
-    (when (> (length *object-store-snapshots*) 20)
-      (setf *object-store-snapshots* (subseq *object-store-snapshots* 0 20)))
-    (harness-log "MEMORY - CoW Memory snapshot created.")))
-#+end_src
-
-** Memory Rollback (rollback-memory)
-Restores the state of the Memex from one of the previous snapshots.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defun rollback-memory (&optional (index 0))
-  "Restores the Memory to a previously captured snapshot using immutable history pointers."
-  (let ((snapshot (nth index *object-store-snapshots*)))
-    (if snapshot
-        (progn (setf *memory* (copy-hash-table (getf snapshot :data)))
-               (harness-log "MEMORY - Memory rolled back to snapshot ~a" index))
-        (harness-log "MEMORY ERROR - Snapshot ~a not found." index))))
-#+end_src
-
-* Test Suite
-
-These tests verify the Memory system. Run with:
-~(fiveam:run! 'memory-suite)~
-
-#+begin_src lisp :tangle ../tests/memory-tests.lisp
-(defpackage :opencortex-memory-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:memory-suite))
-
-(in-package :opencortex-memory-tests)
-
-(def-suite memory-suite
-  :description "Tests for the Merkle-Tree Memory")
-
-(in-suite memory-suite)
-
-(test merkle-hash-consistency
-  "Verify identical ASTs produce identical Merkle hashes."
-  (let* ((ast1 '(:type :HEADLINE :properties (:ID "test-1" :TITLE "Node 1") :contents nil)))
-    (clrhash *memory*)
-    (let ((id1 (ingest-ast ast1)))
-      (let ((hash1 (org-object-hash (lookup-object id1))))
-        (clrhash *memory*)
-        (let ((id2 (ingest-ast ast1)))
-          (let ((hash2 (org-object-hash (lookup-object id2))))
-            (is (equal hash1 hash2))))))))
-
-(test history-store-immutability
-  "Verify that *history-store* retains old versions."
-  (clrhash *memory*)
-  (clrhash *history-store*)
-  (let* ((ast-v1 '(:type :HEADLINE :properties (:ID "test-node" :TITLE "Version 1") :contents nil))
-         (id-v1 (ingest-ast ast-v1))
-         (obj-v1 (lookup-object id-v1))
-         (hash-v1 (org-object-hash obj-v1)))
-    (let* ((ast-v2 '(:type :HEADLINE :properties (:ID "test-node" :TITLE "Version 2") :contents nil))
-           (id-v2 (ingest-ast ast-v2))
-           (hash-v2 (org-object-hash (lookup-object id-v2))))
-      (is (equal (org-object-hash (lookup-object "test-node")) hash-v2))
-      (is (not (null (gethash hash-v1 *history-store*)))
-      (is (not (null (gethash hash-v2 *history-store*))))))
-
-(test cow-snapshot-and-rollback
-  "Verify that lightweight snapshots restore previous pointer states."
-  (clrhash *memory*)
-  (setf *object-store-snapshots* nil)
-  (let* ((ast-v1 '(:type :HEADLINE :properties (:ID "cow-node" :TITLE "State A") :contents nil))
-         (id-v1 (ingest-ast ast-v1))
-         (hash-v1 (org-object-hash (lookup-object id-v1))))
-    (snapshot-memory)
-    (let* ((ast-v2 '(:type :HEADLINE :properties (:ID "cow-node" :TITLE "State B") :contents nil))
-           (id-v2 (ingest-ast ast-v2))
-           (hash-v2 (org-object-hash (lookup-object id-v2))))
-       
-** Disk Persistence (save-memory / load-memory)
-Essential for surviving crashes. Saves the in-memory hash tables to disk and loads them back on restart. The path is controlled by the `MEMORY_SNAPSHOT_PATH` environment variable.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defvar *memory-snapshot-path* nil
-  "Path to the memory snapshot file. Set from MEMORY_SNAPSHOT_PATH env or default.")
-
-(defun ensure-memory-snapshot-path ()
-  "Initializes the snapshot path from environment or default location."
-  (or *memory-snapshot-path*
-      (let ((env-path (uiop:getenv "MEMORY_SNAPSHOT_PATH")))
-        (setf *memory-snapshot-path*
-              (or env-path
-                  (uiop:merge-pathnames* "memory.snap" (user-homedir-pathname)))))))
-
-(defun save-memory-to-disk ()
-  "Serializes *memory* and *history-store* to disk for crash recovery.
-Converts hash tables to alists for proper serialization."
-  (let ((path (ensure-memory-snapshot-path)))
-    (with-open-file (stream path :direction :output :if-exists :supersede :if-does-not-exist :create)
-      (format stream ";; OpenCortex Memory Snapshot~%")
-      (format stream ";; Created: ~a~%~%" (format nil "~a" (get-universal-time)))
-      (let ((memory-alist nil)
-            (history-alist nil))
-        (maphash (lambda (k v) (push (cons k v) memory-alist)) *memory*)
-        (maphash (lambda (k v) (push (cons k v) history-alist)) *history-store*)
-        (prin1 (list :memory memory-alist :history-store history-alist) stream)))
-    (harness-log "MEMORY - Saved to ~a" path)
-    path))
-
-(defun load-memory-from-disk ()
-  "Loads *memory* and *history-store* from disk if the snapshot exists.
-Reconstitutes alists into hash tables."
-  (let ((path (ensure-memory-snapshot-path)))
-    (when (uiop:file-exists-p path)
-      (handler-case
-          (with-open-file (stream path :direction :input)
-            (let ((data (read stream nil)))
-              (when data
-                (let ((memory-alist (getf data :memory))
-                      (history-alist (getf data :history-store)))
-                  (setf *memory* (make-hash-table :test 'equal :size (length memory-alist)))
-                  (dolist (kv memory-alist)
-                    (setf (gethash (car kv) *memory*) (cdr kv)))
-                  (setf *history-store* (make-hash-table :test 'equal :size (length history-alist)))
-                  (dolist (kv history-alist)
-                    (setf (gethash (car kv) *history-store*) (cdr kv)))
-                  (harness-log "MEMORY - Loaded from ~a (~a objects)" path (hash-table-size *memory*))))))
-          (error (c)
-            (harness-log "MEMORY WARNING - Failed to load snapshot: ~a" c))))
-    t))
-#+end_src
-
-** Semantic Search (get-embedding, semantic-search)
-Support for vector embeddings via Ollama and semantic search with cosine similarity.
-
-The vector slot on org-objects enables semantic recall - searching memory by meaning rather than just keywords. Embeddings are generated on ingest when the :EMBED property is set to "t", and cached locally to avoid redundant API calls.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defvar *embedding-cache* (make-hash-table :test 'equal)
-  "Cache for embeddings to avoid redundant API calls.")
-
-(defun get-embedding (text)
-  "Generates a vector embedding for the given text via Ollama. Returns nil on failure."
-  (when (or (null text) (string= text ""))
-    (return-from get-embedding nil))
-  (let ((cached (gethash text *embedding-cache*)))
-    (when cached (return-from get-embedding cached)))
-  (let ((result (funcall (get-cognitive-tool-body :get-ollama-embedding) (list :text text))))
-    (when (eq (getf result :status) :success)
-      (let ((vec (getf result :vector)))
-        (setf (gethash text *embedding-cache*) vec)
-        vec))))
-
-(defun cosine-similarity (vec-a vec-b)
-  "Computes cosine similarity between two vectors. Both should be sequences of numbers."
-  (when (or (null vec-a) (null vec-b) (zerop (length vec-a)) (zerop (length vec-b)))
-    (return-from cosine-similarity 0.0))
-  (let ((dot-product (loop for a across vec-a
-                          for b across vec-b
-                          sum (* a b)))
-        (norm-a (sqrt (loop for a across vec-a sum (* a a))))
-        (norm-b (sqrt (loop for b across vec-b sum (* b b)))))
-    (if (or (zerop norm-a) (zerop norm-b))
-        0.0
-        (/ dot-product (* norm-a norm-b)))))
-
-(defun semantic-search (query &key (limit 10) (min-similarity 0.5))
-  "Searches memory for objects semantically similar to the query.
-Returns up to LIMIT objects with similarity >= MIN-SIMILARITY, sorted by similarity descending."
-  (let* ((query-vec (get-embedding query))
-         (results nil))
-    (unless query-vec
-      (harness-log "EMBEDDING: Failed to generate embedding for query: ~a" query)
-      (return-from semantic-search nil))
-    (maphash (lambda (id obj)
-               (let ((obj-vec (org-object-vector obj)))
-                 (when obj-vec
-                   (let ((sim (cosine-similarity query-vec obj-vec)))
-                     (when (>= sim min-similarity)
-                       (push (list :id id :object obj :similarity sim) results))))))
-             *memory*)
-    (setf results (sort results #'> :key (lambda (r) (getf r :similarity))))
-    (subseq results 0 (min limit (length results)))))
-
-(def-cognitive-tool :semantic-search
-  "Searches memory for objects semantically similar to a query."
-  ((:query :type :string :description "The search query.")
-   (:limit :type :integer :description "Maximum results to return." :default 10)
-   (:min-similarity :type :number :description "Minimum similarity threshold (0-1)." :default 0.5))
-  :body (lambda (args)
-          (semantic-search (getf args :query)
-                        :limit (or (getf args :limit) 10)
-                        :min-similarity (or (getf args :min-similarity) 0.5))))
-#+end_src
-
-** Lookup Utilities
-Basic functions for retrieving objects by ID or type.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defun org-id-new ()
-  "Generates a new UUID string for Org-mode identification."
-  (string-downcase (format nil "~a" (uuid:make-v4-uuid))))
-
-(defun lookup-object (id) 
-  "Retrieves an object from the store by its unique ID."
-  (gethash id *memory*))
-
-(defun list-objects-by-type (type)
-  "Returns a list of all objects matching a specific Org element type."
-  (let ((results nil))
-    (maphash (lambda (id obj) (declare (ignore id)) (when (eq (org-object-type obj) type) (push obj results))) *memory*)
-    results))
-(defun list-objects-with-attribute (attr-name value)
-  "Returns a list of all objects where ATTR-NAME matches VALUE."
-  (let ((results nil))
-    (maphash (lambda (id obj)
-               (declare (ignore id))
-               (let ((attrs (org-object-attributes obj)))
-                 (when (equal (getf attrs attr-name) value)
-                   (push obj results))))
-             *memory*)
-    results))
-#+end_src
-
-** Structural Helpers
-Utility functions for AST traversal and path resolution.
-
-#+begin_src lisp :tangle ../library/memory.lisp
-(defun find-headline-missing-id (ast)
-  "Traverses an AST to find headlines that lack an :ID: property."
-  (when (listp ast)
-    (if (and (eq (getf ast :type) :HEADLINE) (not (getf (getf ast :properties) :ID)))
-        ast
-        (cl:some #'find-headline-missing-id (getf ast :contents)))))
-
-(defun file-name-nondirectory (path)
-  "Extracts the filename from a full path string."
-  (let ((pos (position #\/ path :from-end t))) (if pos (subseq path (1+ pos)) path)))
-#+end_src
-
-* Phase E: Chaos (Verification)
-Following the Engineering Standards, the Memory must be empirically verified through automated testing. The following test suite ensures the mathematical integrity of the Merkle hashes and the behavioral correctness of the immutable versioning and rollback systems.
-
-#+begin_src lisp :tangle ../tests/memory-tests.lisp
-(defpackage :opencortex-memory-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:memory-suite))
-
-(in-package :opencortex-memory-tests)
-
-(def-suite memory-suite
-  :description "Tests for the Merkle-Tree Memory.")
-
-(in-suite memory-suite)
-
-(test merkle-hash-consistency
-  (let* ((ast1 '(:type :HEADLINE :properties (:ID "test-1" :TITLE "Node 1") :contents nil))
-         (ast2 '(:type :HEADLINE :properties (:ID "test-1" :TITLE "Node 1") :contents nil)))
-    (clrhash *memory*)
-    (let ((id1 (ingest-ast ast1)))
-      (let ((hash1 (org-object-hash (lookup-object id1))))
-        (clrhash *memory*)
-        (let ((id2 (ingest-ast ast2)))
-          (let ((hash2 (org-object-hash (lookup-object id2))))
-            (is (equal hash1 hash2))))))))
-
-(test merkle-hash-cascading
-  (let* ((ast-leaf '(:type :HEADLINE :properties (:ID "leaf" :TITLE "Leaf") :contents nil))
-         (ast-root-full '(:type :HEADLINE :properties (:ID "root" :TITLE "Root") 
-                           :contents ((:type :HEADLINE :properties (:ID "leaf" :TITLE "Leaf") :contents nil))))
-         (id-root (progn (clrhash *memory*) (ingest-ast ast-root-full)))
-         (initial-root-hash (org-object-hash (lookup-object id-root))))
-      
-      ;; Now ingest a modified version (title change)
-      (let* ((ast-root-modified '(:type :HEADLINE :properties (:ID "root" :TITLE "Root") 
-                                 :contents ((:type :HEADLINE :properties (:ID "leaf" :TITLE "Leaf Modified") :contents nil))))
-             (id-root-mod (progn (clrhash *memory*) (ingest-ast ast-root-modified)))
-             (modified-root-hash (org-object-hash (lookup-object id-root-mod))))
-        (is (not (equal initial-root-hash modified-root-hash))))))
-
-(test history-store-immutability
-  "Verify that *history-store* retains old versions even after *memory* updates."
-  (clrhash *memory*)
-  (clrhash *history-store*)
-  (let* ((ast-v1 '(:type :HEADLINE :properties (:ID "test-node" :TITLE "Version 1") :contents nil))
-         (id-v1 (ingest-ast ast-v1))
-         (obj-v1 (lookup-object id-v1))
-         (hash-v1 (org-object-hash obj-v1)))
-    
-    (let* ((ast-v2 '(:type :HEADLINE :properties (:ID "test-node" :TITLE "Version 2") :contents nil))
-           (id-v2 (ingest-ast ast-v2))
-           (obj-v2 (lookup-object id-v2))
-           (hash-v2 (org-object-hash obj-v2)))
-      
-      ;; The active pointer should be v2
-      (is (equal (org-object-hash (lookup-object "test-node")) hash-v2))
-      
-      ;; Both v1 and v2 should exist in the immutable history store
-      (is (not (null (gethash hash-v1 *history-store*))))
-      (is (not (null (gethash hash-v2 *history-store*))))
-      
-      ;; Modifying v2 should not affect v1 in the history store
-      (is (equal (org-object-content (gethash hash-v1 *history-store*)) "Version 1
-"))
-      (is (equal (org-object-content (gethash hash-v2 *history-store*)) "Version 2
-")))))
-
-(test cow-snapshot-and-rollback
-  "Verify that lightweight snapshots can accurately restore previous pointer states."
-  (clrhash *memory*)
-  (clrhash *history-store*)
-  (setf *object-store-snapshots* nil)
-  
-  (let* ((ast-v1 '(:type :HEADLINE :properties (:ID "cow-node" :TITLE "State A") :contents nil))
-         (id-v1 (ingest-ast ast-v1))
-         (hash-v1 (org-object-hash (lookup-object id-v1))))
-     
-    ;; Take a snapshot at State A
-    (snapshot-memory)
-    
-    (let* ((ast-v2 '(:type :HEADLINE :properties (:ID "cow-node" :TITLE "State B") :contents nil))
-           (id-v2 (ingest-ast ast-v2))
-           (hash-v2 (org-object-hash (lookup-object id-v2))))
-      
-      ;; Verify we are currently in State B
-      (is (equal (org-object-hash (lookup-object "cow-node")) hash-v2))
-      
-      ;; Rollback to State A (index 0 because we only took 1 snapshot)
-      (rollback-memory 0)
-      
-      ;; Verify we are back in State A
-      (is (equal (org-object-hash (lookup-object "cow-node")) hash-v1))
-      
-;; Verify State B is still safely in the history store (no data loss)
-      (is (not (null (gethash hash-v2 *history-store*)))))))
-
-(test merkle-hash-consistency
-  "Verify that identical ASTs produce identical Merkle hashes."
-  (let* ((ast1 '(:type :HEADLINE :properties (:ID "test-1" :TITLE "Node 1") :contents nil)))
-    (clrhash *memory*)
-    (let ((id1 (ingest-ast ast1)))
-      (let ((hash1 (org-object-hash (lookup-object id1))))
-        (clrhash *memory*)
-        (let ((id2 (ingest-ast ast1)))
-          (let ((hash2 (org-object-hash (lookup-object id2))))
-            (is (equal hash1 hash2))))))))
-
-(test merkle-hash-cascading
-  "Verify that child changes propagate to parent hashes."
-  (let* ((ast-root '(:type :HEADLINE :properties (:ID "root" :TITLE "Root")
-                      :contents ((:type :HEADLINE :properties (:ID "leaf" :TITLE "Leaf") :contents nil))))
-         (id-root (progn (clrhash *memory*) (ingest-ast ast-root)))
-         (root-hash (org-object-hash (lookup-object id-root))))
-    ;; Now ingest a modified child - parent hash should change
-    (let* ((ast-mod '(:type :HEADLINE :properties (:ID "root" :TITLE "Root")
-                    :contents ((:type :HEADLINE :properties (:ID "leaf" :TITLE "Changed") :contents nil))))
-           (id-mod (progn (clrhash *memory*) (ingest-ast ast-mod)))
-            (mod-hash (org-object-hash (lookup-object id-mod))))
-      (is (not (equal root-hash mod-hash))))))
-#+end_src
--- a/harness/package.org
+++ b/harness/package.org
@@ -1,227 +0,0 @@
-#+TITLE: System Interface (package.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:interface:
-#+STARTUP: content
-
-* System Interface (package.lisp)
-
-The ~package.lisp~ file defines the public API of the ~opencortex~ harness. It serves as the primary membrane between the deterministic core modules and the dynamic world of skills and actuators.
-
-** Public API Export
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defpackage :opencortex
-  (:use :cl)
-  (:export
-   ;; --- communication protocol ---
-   #:frame-message
-   #:read-framed-message
-   #:PROTO-GET
-   #:LIST-OBJECTS-WITH-ATTRIBUTE
-   #:COSINE-SIMILARITY
-   #:VAULT-MASK-STRING
-   #:*VAULT-MEMORY*
-   #:parse-message
-   #:make-hello-message
-   #:validate-communication-protocol-schema
-
-   ;; --- Daemon Lifecycle ---
-   #:start-daemon
-   #:stop-daemon
-   #:harness-log
-   #:main
-
-   ;; --- Memory (CLOSOS) ---
-   #:ingest-ast
-   #:lookup-object
-   #:list-objects-by-type
-   #:org-id-new
-   #:*memory*
-   #:*history-store*
-   #:org-object
-   #:make-org-object
-   #:org-object-id
-   #:org-object-type
-   #:org-object-attributes
-   #:org-object-parent-id
-   #:org-object-children
-   #:org-object-version
-   #:org-object-last-sync
-   #:org-object-vector
-   #:org-object-content
-   #:org-object-hash
-   #:snapshot-memory
-   #:rollback-memory
-
-   ;; --- Context API (Peripheral Vision) ---
-   #:context-query-store
-   #:context-get-active-projects
-   #:context-get-recent-completed-tasks
-   #:context-list-all-skills
-   #:context-get-skill-source
-   #:context-get-system-logs
-   #:context-resolve-path
-   #:context-get-skill-telemetry
-   #:harness-track-telemetry
-   #:context-assemble-global-awareness
-
-   ;; --- Reactive Signal Pipeline ---
-   #:process-signal
-   #:perceive-gate
-   #:probabilistic-gate
-   #:consensus-gate
-   #:act-gate
-   #:reason-gate
-   #:perceive-gate
-   #:dispatch-gate
-   #:inject-stimulus
-   #:initialize-actuators
-   #:dispatch-action
-   #:register-actuator
-
-   ;; --- Skill Engine ---
-   #:load-skill-from-org
-   #:initialize-all-skills
-   #:load-skill-with-timeout
-   #:topological-sort-skills
-   #:validate-lisp-syntax
-   #:defskill
-   #:*skills-registry*
-   #:skill
-   #:skill-name
-   #:skill-priority
-   #:skill-dependencies
-   #:skill-trigger-fn
-   #:skill-probabilistic-prompt
-   #:skill-deterministic-fn
-
-   ;; --- Tool Registry ---
-   #:def-cognitive-tool
-   #:*cognitive-tools*
-   #:cognitive-tool
-   #:cognitive-tool-name
-   #:cognitive-tool-description
-   #:cognitive-tool-parameters
-   #:cognitive-tool-guard
-   #:cognitive-tool-body
-
-   ;; --- Emacs Client Registry ---
-   #:*emacs-clients*
-   #:*clients-lock*
-   #:register-emacs-client
-   #:unregister-emacs-client
-
-   ;; --- Probabilistic Engine ---
-   #:ask-probabilistic
-   #:register-probabilistic-backend
-   #:distill-prompt
-   #:*provider-cascade*
-
-   ;; --- Security Vault ---
-   #:vault-get-secret
-   #:vault-set-secret
-
-   ;; --- Deterministic Logic ---
-   #:list-objects-with-attribute
-   #:deterministic-verify
-
-   ;; --- AST Helpers ---
-   #:find-headline-missing-id))
-#+end_src
-
-* Package Implementation
-
-#+begin_src lisp :tangle ../library/package.lisp
-(in-package :opencortex)
-#+end_src
-
-** Robust Plist Accessor
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defun proto-get (plist key)
-  "Robustly retrieves a value from a plist, checking both uppercase and lowercase keyword versions."
-  (let* ((s (string key))
-         (up (intern (string-upcase s) :keyword))
-         (dn (intern (string-downcase s) :keyword)))
-    (or (getf plist up) (getf plist dn))))
-#+end_src
-
-** Harness Logging State
-
-The harness maintains a thread-safe circular log buffer to provide context for debugging and neural reasoning.
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defvar *system-logs* nil)
-(defvar *logs-lock* (bordeaux-threads:make-lock "harness-logs-lock"))
-(defvar *max-log-history* 100)
-#+end_src
-
-** Skills Registry
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defvar *skills-registry* (make-hash-table :test 'equal)
-  "Global registry of all loaded skills.")
-#+end_src
-
-** Skill Telemetry State
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defvar *skill-telemetry* (make-hash-table :test 'equal))
-(defvar *telemetry-lock* (bordeaux-threads:make-lock "harness-telemetry-lock"))
-#+end_src
-
-** Telemetry Implementation
-
-The system tracks the performance and reliability of individual skills.
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defun harness-track-telemetry (skill-name duration status)
-  "Updates performance metrics for a specific skill. Status should be :success or :rejected."
-  (when skill-name
-    (bordeaux-threads:with-lock-held (*telemetry-lock*)
-      (let ((entry (or (gethash skill-name *skill-telemetry*) (list :executions 0 :total-time 0 :failures 0))))
-        (incf (getf entry :executions))
-        (incf (getf entry :total-time) duration)
-        (when (eq status :rejected) (incf (getf entry :failures)))
-        (setf (gethash skill-name *skill-telemetry*) entry)))))
-#+end_src
-
-** Cognitive Tool Registry
-
-The Tool Registry allows the agent to interact with the physical world. Every tool must define a guard (for security) and a body (for execution).
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defvar *cognitive-tools* (make-hash-table :test 'equal))
-
-(defstruct cognitive-tool
-  name
-  description
-  parameters
-  guard
-  body)
-
-(defmacro def-cognitive-tool (name description parameters &key guard body)
-  "Registers a new cognitive tool into the global registry. Parameters must be a list of property lists."
-  `(setf (gethash (string-downcase (string ',name)) *cognitive-tools*)
-         (make-cognitive-tool :name (string-downcase (string ',name))
-                              :description ,description
-                              :parameters ',parameters
-                              :guard ,guard
-                              :body ,body)))
-#+end_src
-
-** Harness Logging Implementation
-
-Centralized logging function. It simultaneously writes to standard output and the in-memory circular buffer.
-
-#+begin_src lisp :tangle ../library/package.lisp
-(defun harness-log (msg &rest args)
-  "Centralized logging for the harness."
-  (let ((formatted-msg (apply #'format nil msg args)))
-    (bordeaux-threads:with-lock-held (*logs-lock*)
-      (push formatted-msg *system-logs*)
-      (when (> (length *system-logs*) *max-log-history*)
-        (setq *system-logs* (subseq *system-logs* 0 *max-log-history*))))
-    (format t "~a~%" formatted-msg)
-    (finish-output)))
-#+end_src
--- a/harness/perceive.org
+++ b/harness/perceive.org
@@ -1,253 +0,0 @@
-#+TITLE: Stage 1: Perceive (perceive.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:perceive:
-#+STARTUP: content
-
-* Stage 1: Perceive (perceive.lisp)
-
-** Architectural Intent: Sensory Normalization
-
-The Perceive stage is the "sensory cortex" of OpenCortex. Its job is to take raw stimuli from the outside world and transform them into standardized Signals that the rest of the pipeline can process.
-
-Raw stimuli come from diverse sources:
- Terminal input (CLI)
- Emacs org-mode buffers (via swank)
- Telegram/Signal messages
- Heartbeats (internal clock)
- Shell command outputs
-
-Each source has its own format and protocol. Perceive normalizes all of them into the Signal format:
-
-: (TYPE :EVENT META (...) PAYLOAD (...))
-
-** Why Normalize?
-
-Without normalization, each downstream component (Reason, Act) would need to understand each input format. With normalization:
-
-1. The gateway layer (CLI, Emacs, Telegram) just sends raw messages
-2. Perceive transforms them into Signals
-3. Reason and Act work with a single, consistent format
-4. Adding new input sources only requires gateway code, not changes to the core
-
-** The Signal Format
-
-Signals are property lists with a consistent structure:
-
-| Key | Description |
-|-----|-------------|
-| :type | :EVENT, :REQUEST, :RESPONSE, :LOG |
-| :payload | The actual content (sensor data, actions, etc.) |
-| :meta | Metadata: source, session, reply stream |
-| :status | Processing status: :perceived, :reasoned, :acted |
-| :depth | Recursion depth for feedback loops |
-| :approved-action | Set by Reason, executed by Act |
-| :foveal-focus | ID of the node user is interacting with |
-
-** Async vs Sync Processing
-
-Some sensors (user input, chat messages) are processed asynchronously in dedicated threads. This prevents:
- A slow API call from blocking the entire system
- Race conditions when multiple inputs arrive simultaneously
-
-Other sensors (heartbeats, interrupts) are processed synchronously to maintain ordering guarantees.
-
-* Package Context
-
-#+begin_src lisp :tangle ../library/perceive.lisp
-(in-package :opencortex)
-#+end_src
-
-* Sensor Configuration
-
-** Async Sensor Registry
-
-#+begin_src lisp :tangle ../library/perceive.lisp
-(defvar *async-sensors* '(:chat-message :delegation :user-command)
-  "Sensors that are processed in dedicated threads.
-
-  These sensors can block (waiting for API responses, user input, etc.)
-  so they run in separate threads to avoid blocking the main pipeline.
-
-  Other sensors (:heartbeat, :interrupt, :buffer-update) are processed
-  synchronously to maintain temporal ordering.")
-#+end_src
-
-** Foveal Focus State
-
-#+begin_src lisp :tangle ../library/perceive.lisp
-(defvar *foveal-focus-id* nil
-  "The Org ID of the node the user is currently interacting with.
-
-  This enables the reasoning engine to provide contextually relevant
-  responses. When editing a specific note, the agent knows which
-  note you're referring to without needing explicit ID references.
-
-  Updated on :point-update events from Emacs.")
-#+end_src
-
-* Stimulus Injection
-
-** inject-stimulus: Entry Point
-
-#+begin_src lisp :tangle ../library/perceive.lisp
-(defun inject-stimulus (raw-message &key stream (depth 0))
-  "Inject a raw message into the signal processing pipeline.
-
-  RAW-MESSAGE is a property list that will be normalized into a Signal.
-  STREAM is an optional output stream for responses (used by TUI/CLI).
-  DEPTH tracks recursion depth for feedback loops.
-
-  This function determines whether to process synchronously or
-  asynchronously based on the sensor type, then calls process-signal
-  to run through the Perceive -> Reason -> Act pipeline.
-
-  Error handling: Uses restarts to prevent individual signals from
-  crashing the entire system. Failed signals are logged and dropped."
-
-  (let* ((payload (getf raw-message :payload))
-         (sensor (getf payload :sensor))
-         (meta (getf raw-message :meta))
-         (async-p (or (getf payload :async-p)
-                     (member sensor *async-sensors*))))
-
-    ;; Ensure metadata exists
-    (unless meta
-      (setf meta (list :SOURCE :SYSTEM :SESSION-ID "internal")))
-
-    ;; Attach reply stream if provided
-    (when stream
-      (setf (getf meta :reply-stream) stream))
-
-    (setf (getf raw-message :meta) meta)
-
-    (if async-p
-        ;; Async: process in dedicated thread
-        (bt:make-thread
-         (lambda ()
-           (restart-case
-               (handler-bind ((error (lambda (c)
-                                       (harness-log "ASYNC ERROR: ~a" c)
-                                       (invoke-restart 'skip-event))))
-                 (process-signal raw-message))
-             (skip-event () nil)))
-         :name "opencortex-async-task")
-
-        ;; Sync: process in main thread with recovery
-        (restart-case
-            (handler-bind ((error (lambda (c)
-                                    (harness-log "SYSTEM ERROR: ~a" c)
-                                    (invoke-restart 'skip-event))))
-              (process-signal raw-message))
-          (skip-event ()
-            (harness-log "SYSTEM RECOVERY: Stimulus dropped."))))))
-#+end_src
-
-* The Perceive Gate
-
-** perceive-gate: Signal Normalization
-
-#+begin_src lisp :tangle ../library/perceive.lisp
-(defun perceive-gate (signal)
-  "Stage 1 of the metabolic pipeline: Normalize sensory input.
-
-  This function:
-  1. Logs the incoming signal for debugging
-  2. Handles special sensor types (:buffer-update, :point-update, etc.)
-  3. Updates the Memory graph with incoming data
-  4. Tracks foveal focus (user's current node)
-  5. Sets :status to :perceived
-
-  Modifies the signal in place and returns it for the next stage.
-
-  Memory snapshots are taken before AST updates to enable rollback
-  if the update causes issues."
-
-  (let* ((payload (getf signal :payload))
-         (type (getf signal :type))
-         (meta (getf signal :meta))
-         (sensor (getf payload :sensor)))
-
-    ;; Log the incoming signal for debugging
-    (harness-log "GATE [Perceive]: ~a (~a) [Source: ~s]"
-                 type (or sensor "no-sensor") (getf meta :source))
-
-    ;; Handle EVENT type sensors
-    (cond ((eq type :EVENT)
-           (case sensor
-
-             ;; Org buffer was modified - update memory
-             (:buffer-update
-              (let ((ast (getf payload :ast)))
-                (when ast
-                  (snapshot-memory)  ; Enable rollback if update causes issues
-                  (ingest-ast ast))))
-
-             ;; Point moved to different org node - update focus
-             (:point-update
-              (let ((element (getf payload :element)))
-                (when element
-                  (snapshot-memory)
-                  ;; Track foveal focus for contextual reasoning
-                  (setf *foveal-focus-id*
-                        (ignore-errors (getf element :id)))
-                  (ingest-ast element))))
-
-             ;; System interrupt - trigger shutdown
-             (:interrupt
-              (bt:with-lock-held (*interrupt-lock*)
-                (setf *interrupt-flag* t)))))
-
-          ;; Log responses from actuators
-          ((eq type :RESPONSE)
-           (harness-log "GATE [Perceive]: Act Result -> ~a"
-                       (getf payload :status))))
-
-    ;; Update signal status
-    (setf (getf signal :status) :perceived)
-    (setf (getf signal :foveal-focus) *foveal-focus-id*)
-    signal))
-#+end_src
-
-** Sensor Types Reference
-
-| Sensor | Source | Processing | Description |
-|--------|--------|------------|-------------|
-| :user-input | CLI/TUI | Async | Text input from terminal |
-| :chat-message | Telegram/Signal | Async | Messages from messaging apps |
-| :heartbeat | Internal | Sync | Periodic maintenance trigger |
-| :buffer-update | Emacs | Sync | Org buffer was modified |
-| :point-update | Emacs | Sync | Cursor moved to different headline |
-| :interrupt | System | Sync | SIGINT received |
-| :tool-output | Internal | Sync | Result from cognitive tool |
-| :loop-error | Internal | Sync | Error during signal processing |
-
-* Test Suite
-
-These tests verify the Perceive pipeline. Run with:
-~(fiveam:run! 'pipeline-perceive-suite)~
-
-#+begin_src lisp :tangle ../tests/pipeline-perceive-tests.lisp
-(defpackage :opencortex-pipeline-perceive-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:pipeline-perceive-suite))
-
-(in-package :opencortex-pipeline-perceive-tests)
-
-(def-suite pipeline-perceive-suite
-  :description "Test suite for Perceive pipeline")
-
-(in-suite pipeline-perceive-suite)
-
-(test test-perceive-gate
-  "Perceive gate should update the object store and normalize signal."
-  (clrhash opencortex::*memory*)
-  (let* ((signal (list :type :EVENT :payload (list :sensor :buffer-update :ast (list :type :HEADLINE :properties (list :ID "test-node" :TITLE "Test") :contents nil))))
-         (result (perceive-gate signal)))
-    (is (eq :perceived (getf result :status)))
-    (is (not (null (gethash "test-node" opencortex::*memory*))))))
-
-(test test-depth-limiting
-  "Verify that the pipeline terminates runaway feedback loops."
-  (let ((runaway-signal (list :type :EVENT :depth 11 :payload (list :sensor :heartbeat))))
-    (is (null (process-signal runaway-signal)))))
-#+end_src
--- a/harness/reason.org
+++ b/harness/reason.org
@@ -1,478 +0,0 @@
-#+TITLE: Stage 2: Reason (reason.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:reason:
-#+STARTUP: content
-
-* Stage 2: Reason (reason.lisp)
-
-** Architectural Intent: The Dual-Engine Cognitive Architecture
-
-The Reason stage implements the core innovation of OpenCortex: the separation of probabilistic reasoning (neural/LLM) from deterministic verification (logic/safety).
-
-This dual-engine design solves a fundamental problem in AI safety:
-
-1. *Probabilistic Engine* - Uses LLMs for semantic understanding, natural language generation, and complex reasoning. It is powerful but can hallucinate, make syntax errors, or propose unsafe actions.
-
-2. *Deterministic Engine* - Uses formal verification (skills) to check LLM proposals before execution. It is slower but provably correct.
-
-The LLM proposes; the skills verify. This is the "Bouncer Pattern" - the deterministic engine is literally a bouncer that checks the LLM's proposals at the door before letting them through to execution.
-
-** Why Plists for Communication?
-
-The Reason stage communicates exclusively through property lists (plists). This design choice reflects the homoiconic nature of Lisp - plists are native data structures that can be read, written, and manipulated by the same code that processes them.
-
-A plist message like:
-: (TYPE :REQUEST TARGET :CLI PAYLOAD (ACTION :MESSAGE TEXT "Hello"))
-
-Is simultaneously:
- Human-readable text
- Machine-parseable data structure
- Executable Lisp code
-
-This means the reasoning pipeline can generate, modify, and execute its own communication protocol without external parsing.
-
-* Package Context
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(in-package :opencortex)
-#+end_src
-
-* Probabilistic Engine (Neural/LLM Integration)
-
-The probabilistic engine is responsible for all neural/LLM operations. It maintains a registry of provider backends and implements a cascading failover mechanism.
-
-** Backend Registry Variables
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defvar *probabilistic-backends* (make-hash-table :test 'equal)
-  "Registry mapping provider keywords (:openrouter, :ollama) to their calling functions.")
-
-(defvar *provider-cascade* nil
-  "Ordered list of provider keywords to try. First available provider wins.")
-
-(defvar *model-selector-fn* nil
-  "Optional function that selects a specific model for each provider.
-  Signature: (funcall fn provider context) => model-name-string")
-
-(defvar *consensus-enabled-p* nil
-  "When T, run multiple providers and compare results for critical decisions.")
-#+end_src
-
-** register-probabilistic-backend: Backend Registration
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun register-probabilistic-backend (name fn)
-  "Register a neural provider backend.
-
-  NAME is a keyword like :openrouter or :ollama.
-  FN is a function with signature: (funcall fn prompt system-prompt &key model)
-     returning either:
-     - (list :status :success :content \"response text\")
-     - (list :status :error :message \"error description\")
-     - a simple string on success
-
-  Example registration:
-    (register-probabilistic-backend :openrouter #'openrouter-call)"
-
-  (setf (gethash name *probabilistic-backends*) fn))
-#+end_src
-
-** probabilistic-call: Cascade Dispatch
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun probabilistic-call (prompt &key
-                                (system-prompt "You are the Probabilistic engine.")
-                                (cascade nil)
-                                (context nil))
-  "Dispatch a neural request through the provider cascade.
-
-  PROMPT - The user's query or task description.
-  SYSTEM-PROMPT - Instructions for how the LLM should behave.
-  CASCADE - Override the default provider cascade.
-  CONTEXT - Current signal context (for model selection).
-
-  Returns the LLM response as a string, or a failure plist if all providers fail.
-
-  The cascade mechanism ensures reliability: if OpenRouter is rate-limited,
-  it automatically falls back to OpenAI, then Anthropic, etc."
-
-  (let ((backends (or cascade *provider-cascade*)))
-    (or (dolist (backend backends)
-          (let ((backend-fn (gethash backend *probabilistic-backends*)))
-            (when backend-fn
-              (harness-log "PROBABILISTIC: Attempting backend ~a..." backend)
-
-              ;; Optional model selection based on context
-              (let* ((model (when *model-selector-fn*
-                              (funcall *model-selector-fn* backend context)))
-                     (result (if model
-                                 (funcall backend-fn prompt system-prompt :model model)
-                                 (funcall backend-fn prompt system-prompt))))
-
-                ;; Normalize result format
-                (cond ((and (listp result) (eq (getf result :status) :success))
-                       (return (getf result :content)))
-                      ((stringp result)
-                       (return result))
-                      (t
-                       (harness-log "PROBABILISTIC: Backend ~a failed: ~a"
-                                   backend (getf result :message))))))))
-
-        ;; All providers failed
-        (list :type :LOG
-              :payload (list :text "Neural Cascade Failure: All providers exhausted.")))))
-#+end_src
-
-* Cognitive Proposal Generation (Think)
-
-The `think` function is the heart of the probabilistic engine. It constructs a prompt from context, sends it to the LLM, and parses the response into a structured action.
-
-** strip-markdown: Clean LLM Output
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun strip-markdown (text)
-  "Strip markdown formatting from LLM output.
-
-  LLMs often wrap their responses in code fences (```lisp ...```).
-  This function removes those markers to extract the raw plist.
-
-  Handles:
-  - Leading code fences with language tags: ```lisp
-  - Trailing code fences: ```
-  - Orphan closing fences: ```"
-
-  (if (and text (stringp text))
-      (let ((cleaned text))
-        (setf cleaned (cl-ppcre:regex-replace-all "^```[a-z]*\\n" cleaned ""))
-        (setf cleaned (cl-ppcre:regex-replace-all "\\n```$" cleaned ""))
-        (setf cleaned (cl-ppcre:regex-replace-all "```" cleaned ""))
-        (string-trim '(#\Space #\Newline #\Tab) cleaned))
-      text))
-#+end_src
-
-** normalize-plist-keywords: Fix LLM Keyword Output
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun normalize-plist-keywords (plist)
-  "Normalize all keys in a plist to keywords.
-
-  LLMs often return plists with unquoted keys: (TYPE REQUEST ...)
-  instead of keyword syntax: (:TYPE :REQUEST ...)
-
-  This function converts all symbol keys to their keyword equivalents,
-  making the plist compatible with standard Lisp property accessors.
-
-  Example transformation:
-    (TYPE REQUEST PAYLOAD (ACTION MESSAGE TEXT \"Hi\"))
-    => (:TYPE :REQUEST :PAYLOAD (:ACTION :MESSAGE :TEXT \"Hi\"))"
-
-  (when (listp plist)
-    (loop for (k . rest) on plist by #'cddr
-          collect (if (and (symbolp k) (not (keywordp k)))
-                       (intern (string k) :keyword)
-                       k)
-          collect (car rest))))
-#+end_src
-
-** think: Generate Action Proposal
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun think (context)
-  "Generate a Lisp action proposal based on current context.
-
-  This is the core cognitive function. It:
-
-  1. Finds the most relevant skill based on context
-  2. Assembles global awareness (memory context, system logs)
-  3. Constructs a detailed prompt with available tools
-  4. Calls the LLM via probabilistic-call
-  5. Parses the LLM response into a structured action plist
-
-  The LLM is instructed to respond with exactly ONE plist, never prose.
-  This constraint makes parsing deterministic and prevents rambling.
-
-  Returns a plist with structure:
-    (:TYPE :REQUEST :TARGET :CLI :PAYLOAD (:ACTION :MESSAGE :TEXT \"...\"))"
-
-  ;; Gather context components
-  (let* ((active-skill (find-triggered-skill context))
-         (tool-belt (generate-tool-belt-prompt))
-         (global-context (context-assemble-global-awareness))
-         (system-logs (context-get-system-logs))
-         (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
-
-    ;; Generate prompt from skill or raw text
-    (let* ((prompt-generator (when active-skill
-                              (skill-probabilistic-prompt active-skill)))
-           (raw-prompt (if prompt-generator
-                           (funcall prompt-generator context)
-                           ;; Fallback: use raw user input
-                           (let ((p (proto-get (proto-get context :payload) :text)))
-                             (if (and p (stringp p))
-                                 p
-                                 "Maintain metabolic stasis."))))
-           (system-prompt (format nil
-                                   "IDENTITY: ~a
-
-You are a component of the OpenCortex neurosymbolic AI agent.
-Your task is to generate exactly ONE valid Lisp plist response.
-
-MANDATE: Respond with ONE Lisp plist. Never output prose.
-
-IMPORTANT: To reply to the user, you MUST use:
-(:TYPE :REQUEST :PAYLOAD (:ACTION :MESSAGE :TEXT \"<Response Text>\"))
-
-To call a tool, you MUST use:
-(:TYPE :REQUEST :TARGET :TOOL :ACTION :CALL :TOOL \"<name>\" :ARGS (:arg1 \"val\"))
-
-MANDATORY VALIDATION RULE: Before declaring any Lisp code edit complete,
-you MUST call the `:validate-lisp` tool with the proposed code. If the tool
-returns `:status :error`, read the `:reason` and `:failed` fields, fix the
-defect, and re-validate. You are strictly forbidden from relying on your
-own paren-balancing or syntax intuition.
-
-PROVIDER RULE: Always use the default cascade provider unless a specific
-model or capability is required for the task.
-
-AVAILABLE TOOLS:
-~a
-
-GLOBAL CONTEXT:
-~a
-
-RECENT LOGS:
-~a"
-                                   assistant-name
-                                   tool-belt
-                                   global-context
-                                   system-logs)))
-
-      ;; Call LLM and process response
-      (let* ((thought (probabilistic-call raw-prompt
-                                           :system-prompt system-prompt
-                                           :context context))
-             (cleaned (strip-markdown thought))
-             (meta (proto-get context :meta))
-             (source (proto-get meta :source)))
-
-        (when cleaned
-          (harness-log "THINK: LLM raw output = ~a"
-                       (subseq cleaned 0 (min 200 (length cleaned)))))
-
-        ;; Parse LLM response
-        (if (and cleaned (stringp cleaned) (> (length cleaned) 0))
-            (let ((*read-eval* nil))
-              (if (char= (char cleaned 0) #\()
-                  ;; Response starts with paren - try to parse as plist
-                  (handler-case
-                      (let ((parsed (read-from-string cleaned)))
-                        (when parsed
-                          (harness-log "THINK: parsed = ~a" parsed)
-
-                          ;; Normalize keyword keys (LLM often returns TYPE instead of :TYPE)
-                          (let ((parsed-normalized (normalize-plist-keywords parsed))
-                                (type (proto-get parsed :TYPE))
-                                (target (or (proto-get parsed :TARGET)
-                                           (proto-get parsed :target))))
-
-                            (cond
-                              ;; Recognized message type - use directly
-                              ((member type '(:REQUEST :EVENT :STATUS :RESPONSE))
-                               (unless (proto-get parsed :target)
-                                 (setf (getf parsed :target) (or source :CLI)))
-                               parsed-normalized)
-
-                              ;; Tool call detected - wrap in standard envelope
-                              ((or (eq target :TOOL)
-                                   (eq target :tool)
-                                   (getf parsed :TOOL)
-                                   (getf parsed :tool)
-                                   (and (listp parsed)
-                                        (listp (car parsed))
-                                        (keywordp (caar parsed))))
-                               (list :TYPE :REQUEST
-                                     :TARGET :TOOL
-                                     :PAYLOAD (normalize-plist-keywords parsed)))
-
-                              ;; Unknown format - treat as user message
-                              (t
-                               (list :TYPE :REQUEST
-                                     :TARGET (or source :CLI)
-                                     :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned)))))))
-                    (error (c)
-                      (harness-log "THINK ERROR: ~a" c)
-                      (list :TYPE :REQUEST
-                            :TARGET (or source :CLI)
-                            :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned))))
-
-                  ;; No leading paren - treat as plain text message
-                  (list :TYPE :REQUEST
-                        :TARGET (or source :CLI)
-                        :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned))))
-
-            ;; No response from LLM
-            thought)))))
-#+end_src
-
-* Deterministic Engine (Formal Verification)
-
-The deterministic engine runs all registered skills' verification functions. This is where safety checks, policy enforcement, and skill-specific processing happen.
-
-** deterministic-verify: Skill Chain Verification
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun deterministic-verify (proposed-action context)
-  "Run all skill deterministic gates on a proposed action.
-
-  Each skill can define a deterministic function that either:
-  - Passes the action through unchanged
-  - Modifies the action (adds explanation, changes target, etc.)
-  - Blocks the action (returns a :LOG message instead)
-
-  Skills are sorted by priority (highest first). A skill with higher
-  priority can intercept and modify actions before lower-priority
-  skills see them.
-
-  The Bouncer Pattern: If any skill returns a :LOG or :EVENT type,
-  processing stops and that message is returned immediately. This
-  allows skills to veto actions.
-
-  Example skill chain:
-  1. Policy skill (priority 500) - checks for missing explanations
-  2. Protocol validator (priority 95) - validates message schema
-  3. Shell actuator guard (priority 50) - checks command whitelist"
-
-  (let ((current-action proposed-action)
-        (skills nil))
-
-    ;; Collect all skills with deterministic functions
-    (maphash (lambda (name skill)
-               (declare (ignore name))
-               (when (skill-deterministic-fn skill)
-                 (push skill skills)))
-             *skills-registry*)
-
-    ;; Sort by priority (highest first)
-    (setf skills (sort skills #'> :key #'skill-priority))
-
-    ;; Run each skill's gate
-    (dolist (skill skills)
-      (let ((trigger (skill-trigger-fn skill))
-            (gate (skill-deterministic-fn skill)))
-
-        ;; Skill activates if no trigger or trigger returns true
-        (when (or (null trigger)
-                  (ignore-errors (funcall trigger context)))
-
-          ;; Run the gate
-          (let ((next-action (funcall gate current-action context)))
-            (let ((original-type (proto-get current-action :type)))
-
-              ;; Check if skill intercepted (returned LOG/EVENT instead of REQUEST)
-              (when (and (listp next-action)
-                         (member (proto-get next-action :type)
-                                '(:LOG :EVENT :log :event))
-                         (or (not (member original-type '(:LOG :EVENT :log :event)))
-                             (not (eq next-action current-action))))
-
-                ;; Skill blocked or modified - stop processing
-                (harness-log "DETERMINISTIC: Intercepted by skill '~a'"
-                            (skill-name skill))
-                (return-from deterministic-verify next-action)))
-
-            ;; Action passed through - continue to next skill
-            (setf current-action next-action)))))
-
-    ;; Return final action (may be modified by skills, or original if all passed)
-    current-action))
-#+end_src
-
-* Reason Gate (Pipeline Stage)
-
-** reason-gate: The Stage Function
-
-#+begin_src lisp :tangle ../library/reason.lisp
-(defun reason-gate (signal)
-  "Stage 2 of the metabolic pipeline: Reason.
-
-  Transforms perceived signals into approved actions by combining:
-  1. Probabilistic reasoning (LLM generates proposal)
-  2. Deterministic verification (skills validate proposal)
-
-  Only processes :EVENT signals with :user-input or :chat-message sensors.
-  Other signals pass through unchanged (heartbeats, tool outputs, etc.).
-
-  Modifies the signal in place by setting:
-  - :approved-action - The final verified action, or NIL
-  - :status - :reasoned
-
-  Returns the modified signal."
-
-  (let* ((type (proto-get signal :type))
-         (payload (proto-get signal :payload))
-         (sensor (proto-get payload :sensor)))
-
-    ;; Only reason about user input, not internal signals
-    (unless (and (eq type :EVENT)
-                (member sensor '(:user-input :chat-message)))
-      (return-from reason-gate signal))
-
-    ;; Generate proposal via LLM
-    (let ((candidate (think signal)))
-
-      (harness-log "REASON: candidate type = ~a" (type-of candidate))
-
-      ;; Validate candidate is a proper plist (not an error string or symbol)
-      (if (and candidate
-               (listp candidate)
-               (or (keywordp (car candidate))
-                   (eq (car candidate) 'TYPE)
-                   (eq (car candidate) 'type)))
-
-          ;; Valid proposal - run through deterministic verification
-          (setf (getf signal :approved-action)
-                (deterministic-verify candidate signal))
-
-          ;; Invalid response - log and drop
-          (progn
-            (harness-log "REASON: Invalid candidate type ~a, dropping"
-                         (type-of candidate))
-            (setf (getf signal :approved-action) nil)))
-
-      (setf (getf signal :status) :reasoned)
-      signal)))
-#+end_src
-
-* Test Suite
-
-These tests verify the Reason (cognitive) pipeline. Run with:
-~(fiveam:run! 'pipeline-reason-suite)~
-
-#+begin_src lisp :tangle ../tests/pipeline-reason-tests.lisp
-(defpackage :opencortex-pipeline-reason-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:pipeline-reason-suite))
-
-(in-package :opencortex-pipeline-reason-tests)
-
-(def-suite pipeline-reason-suite
-  :description "Test suite for Reason pipeline")
-
-(in-suite pipeline-reason-suite)
-
-(test test-decide-gate-safety
-  "Decide gate should block unsafe LLM proposals."
-  ;; Setup: clear skills and register mock
-  (clrhash opencortex::*skills-registry*)
-  (opencortex::defskill :mock-safety
-    :priority 50
-    :trigger (lambda (ctx) t)
-    :probabilistic (lambda (ctx) "Mock probabilistic")
-    :deterministic (lambda (action ctx)
-                (list :type :LOG :payload (list :text "Action rejected by skill heuristics"))))
-  (let* ((candidate (list :type :REQUEST :payload (list :action :eval :code "(shell-command \"rm -rf /\")")))
-         (signal (list :type :EVENT :candidate candidate))
-         (result (deterministic-verify candidate signal)))
-    (is (eq :LOG (getf result :type)))
-    (is (search "Action rejected by skill heuristics" (getf (getf result :payload) :text)))))
-#+end_src
--- a/harness/setup.org
+++ b/harness/setup.org
@@ -1,280 +0,0 @@
-#+TITLE: Zero-to-One Setup (setup.org)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:setup:
-#+STARTUP: content
-
-* Zero-to-One Setup (setup.org)
-The ~setup.org~ file defines the automated installation and initialization sequence for the OpenCortex.
-
-** The Installer Script (opencortex.sh)
-#+begin_src bash :tangle ../opencortex.sh
-#!/bin/bash
-set -e
-
-PORT=9105
-HOST="localhost"
-RED='\033[0;31m'; GREEN='\033[0;32m'; BLUE='\033[0;34m'; YELLOW='\033[0;33m'; NC='\033[0m'
-
-command_exists() { command -v "$1" >/dev/null 2>&1; }
-
-# Resolve symlinks to find the actual repository location
-SOURCE="${BASH_SOURCE[0]}"
-while [ -h "$SOURCE" ]; do
-    DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-    SOURCE="$(readlink "$SOURCE")"
-    [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE"
-done
-export SCRIPT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-
-# Load environment variables if they exist
-if [ -f "$SCRIPT_DIR/.env" ]; then
-    while IFS="=" read -r key value || [ -n "$key" ]; do
-        if [[ $key =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then
-            val=$(echo "$value" | sed "s/^\"//;s/\"$//")
-            export "$key=$val"
-        fi
-    done < "$SCRIPT_DIR/.env"
-    [ -n "$ORG_AGENT_DAEMON_PORT" ] && PORT=$ORG_AGENT_DAEMON_PORT
-    [ -n "$DAEMON_HOST" ] && HOST=$DAEMON_HOST
-fi
-
-# --- 1. BOOTSTRAP ---
-# If the script is run standalone, it clones the full repo and restarts itself.
-if [ ! -d "$SCRIPT_DIR/.git" ] && [ ! -d "$HOME/.opencortex" ] && [[ ! "$(pwd)" =~ "opencortex" ]]; then
-    echo -e "${BLUE}=== OpenCortex: Zero-to-One Bootstrapper ===${NC}"
-    git clone ssh://git@10.10.10.201:2222/amr/opencortex.git ~/.opencortex
-    cd ~/.opencortex && git submodule update --init --recursive
-    exec ./opencortex.sh "$@"
-fi
-
-# --- 2. SETUP ---
-setup_system() {
-    NON_INTERACTIVE=false
-    for arg in "$@"; do
-        if [ "$arg" == "--non-interactive" ]; then NON_INTERACTIVE=true; fi
-    done
-
-    echo -e "${BLUE}=== OpenCortex: Initializing System ===${NC}"
-    echo -e "${YELLOW}--- Installing System Dependencies ---${NC}"
-    if command_exists apt-get; then
-        sudo apt-get update && sudo apt-get install -y sbcl emacs-nox rlwrap netcat-openbsd curl git socat libssl-dev libncurses5-dev libffi-dev zlib1g-dev libsqlite3-dev
-    fi
-    if [ ! -d "$HOME/quicklisp" ]; then
-        curl -O https://beta.quicklisp.org/quicklisp.lisp
-        sbcl --non-interactive --load quicklisp.lisp --eval "(quicklisp-quickstart:install)" --eval "(ql-util:without-prompting (ql:add-to-init-file))"
-        rm quicklisp.lisp
-    fi
-
-    cd "$SCRIPT_DIR"
-    if [ ! -f .env ]; then
-        if [ "$NON_INTERACTIVE" = true ]; then
-            echo "Non-interactive mode: Using environment variables for .env creation."
-            cp .env.example .env
-            [ -n "$MEMEX_USER" ] && sed -i "s|MEMEX_USER=.*|MEMEX_USER=\"$MEMEX_USER\"|" .env
-            [ -n "$MEMEX_ASSISTANT" ] && sed -i "s|MEMEX_ASSISTANT=.*|MEMEX_ASSISTANT=\"$MEMEX_ASSISTANT\"|" .env
-            [ -n "$OPENROUTER_API_KEY" ] && sed -i "s|OPENROUTER_API_KEY=.*|OPENROUTER_API_KEY=\"$OPENROUTER_API_KEY\"|" .env
-            [ -n "$MEMEX_DIR" ] && sed -i "s|MEMEX_DIR=.*|MEMEX_DIR=\"$MEMEX_DIR\"|" .env
-        else
-            cp .env.example .env
-            echo -e "\n${YELLOW}--- Identity Configuration ---${NC}"
-            read -p "Your Name [User]: " user_name < /dev/tty
-            user_name=${user_name:-User}
-            sed -i "s|MEMEX_USER=.*|MEMEX_USER=\"$user_name\"|" .env
-
-            read -p "Agent Name [OpenCortex]: " agent_name < /dev/tty
-            agent_name=${agent_name:-OpenCortex}
-            sed -i "s|MEMEX_ASSISTANT=.*|MEMEX_ASSISTANT=\"$agent_name\"|" .env
-
-            echo -e "\n${YELLOW}--- LLM Configuration ---${NC}"
-            read -p "OpenRouter API Key: " openrouter_key < /dev/tty
-            [ -n "$openrouter_key" ] && sed -i "s|OPENROUTER_API_KEY=.*|OPENROUTER_API_KEY=\"$openrouter_key\"|" .env
-
-            echo -e "\n${YELLOW}--- Memex Folder Structure ---${NC}"
-            read -p "Memex Root [\$HOME/memex]: " memex_dir < /dev/tty
-            memex_dir=${memex_dir:-\$HOME/memex}
-            sed -i "s|MEMEX_DIR=.*|MEMEX_DIR=\"$memex_dir\"|" .env
-        fi
-
-        # Hydrate default paths
-        M_DIR=$(grep MEMEX_DIR .env | cut -d'"' -f2 | sed "s|\$HOME|$HOME|")
-        sed -i "s|SKILLS_DIR=.*|SKILLS_DIR=\"$SCRIPT_DIR/skills\"|" .env
-        sed -i "s|ZETTELKASTEN_DIR=.*|ZETTELKASTEN_DIR=\"$M_DIR/notes\"|" .env
-        mkdir -p "$M_DIR" "$M_DIR/notes" "$M_DIR/areas" "$M_DIR/resources" "$M_DIR/archives" "$M_DIR/system" "$M_DIR/inbox" "$M_DIR/daily" "$M_DIR/projects"
-    fi
-
-    mkdir -p library
-    for f in harness/*.org skills/*.org; do
-        emacs -Q --batch --eval "(require 'org)" --eval "(org-babel-tangle-file \"$f\")" >/dev/null 2>&1 || true
-    done
-
-    mkdir -p "$HOME/.local/bin"
-    ln -sf "$SCRIPT_DIR/opencortex.sh" "$HOME/.local/bin/opencortex"
-
-    for shell_config in "$HOME/.bashrc" "$HOME/.profile"; do
-        if [ -f "$shell_config" ]; then
-            if ! grep -q ".local/bin" "$shell_config"; then
-                echo 'export PATH="$HOME/.local/bin:$PATH"' >> "$shell_config"
-            fi
-        fi
-    done
-    export PATH="$HOME/.local/bin:$PATH"
-
-    echo -e "${YELLOW}--- Compiling and Loading OpenCortex ---${NC}"
-    sbcl --non-interactive --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval "(ql:quickload '(:opencortex :croatoan))"
-
-    if [ $? -ne 0 ]; then
-        echo -e "${RED}✗ Compilation failed.${NC}"
-        exit 1
-    fi
-
-    if [ "$NON_INTERACTIVE" = true ]; then
-        echo "Setup complete (Non-interactive)."
-        exit 0
-    fi
-
-    echo -e "${YELLOW}--- Finalizing: Awakening the Brain ---${NC}"
-    "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-
-    success=false
-    for i in {1..30}; do
-        if nc -z localhost $PORT 2>/dev/null; then success=true; break; fi
-        sleep 2
-        echo -n "."
-    done
-
-    if [ "$success" = true ]; then
-        echo -e "\n${GREEN}✓ Brain is alive on port $PORT.${NC}"
-        exit 0
-    else
-        echo -e "\n${RED}✗ Brain failed to wake up.${NC}"
-        exit 1
-    fi
-}
-
-# --- 3. COMMAND ROUTER ---
-COMMAND=$1
-[ -z "$COMMAND" ] && COMMAND="cli"
-shift || true
-
-DEFAULT_PORT=9105
-DEFAULT_HOST="localhost"
-TARGET_PORT=${PORT:-$DEFAULT_PORT}
-TARGET_HOST=${HOST:-$DEFAULT_HOST}
-
-# If uninitialized, force setup.
-if [ ! -f "$SCRIPT_DIR/library/package.lisp" ] || [ ! -f "$SCRIPT_DIR/.env" ]; then
-    COMMAND="setup"
-fi
-
-case "$COMMAND" in
-    setup)
-        setup_system "$@"
-        ;;
-
-    --boot|boot)
-        export SKILLS_DIR="${SCRIPT_DIR}/skills"
-        [ -z "$MEMEX_DIR" ] && export MEMEX_DIR="$HOME/memex"
-        if [ -f "$SCRIPT_DIR/.env" ]; then
-           export OPENROUTER_API_KEY=$(grep OPENROUTER_API_KEY "$SCRIPT_DIR/.env" | cut -d'"' -f2)
-        fi
-        exec sbcl --non-interactive --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(setf *debugger-hook* (lambda (c h) (declare (ignore h)) (format *error-output* "FATAL LISP ERROR: ~a~%" c) (uiop:print-backtrace :stream *error-output*) (uiop:quit 1)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval '(format t "--- Quickloading OpenCortex ---~%")' --eval "(ql:quickload '(:opencortex :croatoan))" --eval '(opencortex:main)'
-        ;;
-
-    tui)
-        if ! nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then
-            echo -e "Brain is offline. Awakening..."
-            "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-            for i in {1..15}; do
-                sleep 2
-                if nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then break; fi
-                echo -n "."
-            done
-            echo ""
-        fi
-        echo -e "Launching Croatoan TUI..."
-        export SKILLS_DIR="${SCRIPT_DIR}/skills"
-        [ -z "$MEMEX_DIR" ] && export MEMEX_DIR="$HOME/memex"
-        exec sbcl --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval '(ql:quickload :opencortex/tui)' --eval '(opencortex.tui:main)'
-        ;;
-
-    cli)
-        if ! nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then
-            echo -e "Brain is offline. Awakening..."
-            "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-            for i in {1..15}; do
-                sleep 2
-                if nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then break; fi
-                echo -n "."
-            done
-            echo ""
-        fi
-        if command_exists socat; then
-            echo -e "Connected to OpenCortex on $TARGET_HOST:$TARGET_PORT (Channel: CLI)"
-            while true; do
-                read -p "User: " MESSAGE
-                if [ -z "$MESSAGE" ]; then continue; fi
-                if [ "$MESSAGE" = "/exit" ]; then break; fi
-                
-                # Frame the message
-                PAYLOAD="(:TYPE :EVENT :META (:SOURCE :CLI) :PAYLOAD (:SENSOR :USER-INPUT :TEXT \"$MESSAGE\"))"
-                LEN=$(printf "%s" "$PAYLOAD" | wc -c)
-                HEXLEN=$(printf "%06x" $LEN)
-                
-                # Send and read response
-                (printf "%s%s" "$HEXLEN" "$PAYLOAD" | nc -N $TARGET_HOST $TARGET_PORT) | while read -r LINE; do
-                    CLEAN=$(echo "$LINE" | sed 's/^......//')
-                    if [[ "$CLEAN" == *":TEXT"* ]]; then
-                         TEXT=$(echo "$CLEAN" | sed -n 's/.*:TEXT "\([^"]*\)".*/\1/p')
-                         echo -e "Agent: $TEXT"
-                    fi
-                done
-            done
-        else
-            echo "Error: socat required for CLI interaction."
-            exit 1
-        fi
-        ;;
-
-    *)
-        echo -e "Unknown command: $COMMAND"
-        echo "Available commands: setup, boot, tui, cli"
-        exit 1
-        ;;
-esac
-#+end_src
-
-** Metabolic Docker Infrastructure (Dockerfile)
-#+begin_src dockerfile :tangle ../infrastructure/docker/Dockerfile
-FROM debian:bullseye-slim
-
-ENV DEBIAN_FRONTEND=noninteractive
-
-RUN apt-get update && apt-get install -y \
-    sbcl \
-    emacs-nox \
-    curl \
-    git \
-    socat \
-    netcat-openbsd \
-    libssl-dev \
-    libncurses5-dev \
-    libffi-dev \
-    zlib1g-dev \
-    libsqlite3-dev \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install Quicklisp
-RUN curl -O https://beta.quicklisp.org/quicklisp.lisp \
-    && sbcl --non-interactive --load quicklisp.lisp --eval "(quicklisp-quickstart:install)" --eval "(ql-util:without-prompting (ql:add-to-init-file))" \
-    && rm quicklisp.lisp
-
-WORKDIR /app
-COPY . .
-
-# Initialize system in non-interactive mode
-RUN mkdir -p /root/memex && ./opencortex.sh setup --non-interactive
-
-EXPOSE 9105
-
-CMD ["./opencortex.sh", "boot"]
-#+end_src
--- a/harness/skills.org
+++ b/harness/skills.org
@@ -1,535 +0,0 @@
-#+TITLE: The Skill Engine (skills.lisp)
-#+AUTHOR: Amr
-#+FILETAGS: :harness:skills:
-#+STARTUP: content
-
-* The Skill Engine (skills.lisp)
-** Architectural Intent: Late-Binding Intelligence
-
-A static, hardcoded architecture is inherently fragile. The ~opencortex~ Skill Engine enables **Late-Binding Intelligence**, allowing the system to discover and integrate new cognitive capabilities (actuators, solvers, sensors) at runtime without a kernel restart.
-
-** Global Skill Registry
-
-#+begin_src lisp :tangle ../library/skills.lisp
-(in-package :opencortex)
-
-(defun COSINE-SIMILARITY (v1 v2)
-  "Computes the cosine similarity between two vectors.
-Both arguments should be sequences of numbers. Returns a value between -1.0 and 1.0."
-  (let ((len1 (length v1)) (len2 (length v2)))
-    (if (or (zerop len1) (zerop len2))
-        0.0
-        (let ((dot-product 0.0d0)
-              (norm1 0.0d0)
-              (norm2 0.0d0))
-          (let ((len (min len1 len2)))
-            (dotimes (i len)
-              (let ((x (coerce (elt v1 i) 'double-float)))
-                (let ((y (coerce (elt v2 i) 'double-float)))
-                  (incf dot-product (* x y))
-                  (incf norm1 (* x x))
-                  (incf norm2 (* y y))))))
-          (if (or (zerop norm1) (zerop norm2))
-              0.0
-              (/ dot-product (sqrt (* norm1 norm2))))))))
-(defun VAULT-MASK-STRING (s) "[MASKED]") ; Stub
-(defvar *VAULT-MEMORY* (make-hash-table :test 'equal))
-
-
-(defstruct skill name priority dependencies trigger-fn probabilistic-prompt deterministic-fn)
-
-(defvar *skill-catalog* (make-hash-table :test 'equal)
-  "A stateful tracking table for all skill files discovered in the environment.")
-
-(defstruct skill-entry 
-  filename 
-  (status :discovered) ;; :discovered, :loading, :ready, :failed
-  error-log
-  (load-time 0))
-
-(defun find-triggered-skill (context)
-  "Returns the highest priority skill whose trigger matches context AND has a probabilistic prompt."
-  (let ((triggered nil))
-    (maphash (lambda (name skill) 
-               (declare (ignore name)) 
-               (when (and (skill-probabilistic-prompt skill)
-                          (ignore-errors (funcall (skill-trigger-fn skill) context)))
-                 (push skill triggered))) 
-             *skills-registry*)
-    (first (sort triggered #'> :key #'skill-priority))))
-
-(defmacro defskill (name &key priority dependencies trigger probabilistic deterministic)
-  "Registers a new skill into the global registry."
-  `(setf (gethash (string-downcase (string ,name)) *skills-registry*)
-         (make-skill :name (string-downcase (string ,name)) 
-                     :priority (or ,priority 10) 
-                     :dependencies ',dependencies
-                     :trigger-fn ,trigger 
-                     :probabilistic-prompt ,probabilistic 
-                     :deterministic-fn ,deterministic)))
-
-(defun resolve-skill-dependencies (skill-name)
-  "Recursively resolves dependencies for a given skill name."
-  (let ((resolved nil) (seen nil))
-    (labels ((visit (name) 
-               (unless (member name seen :test #'equal) 
-                 (push name seen)
-                 (let ((skill (gethash (string-downcase (string name)) *skills-registry*)))
-                   (when skill 
-                     (dolist (dep (skill-dependencies skill)) 
-                       (visit dep))))
-                 (push name resolved))))
-      (visit skill-name) 
-      (nreverse resolved))))
-#+end_src
-
-** Skill File Analysis (parse-skill-metadata)
-#+begin_src lisp :tangle ../library/skills.lisp
-(defun parse-skill-metadata (filepath)
-  "Extracts ID and DEPENDS_ON tags using robust regex scanning."
-  (let ((dependencies nil)
-        (id nil)
-        (content (uiop:read-file-string filepath)))
-    ;; Extract ID
-    (multiple-value-bind (match regs)
-        (ppcre:scan-to-strings "(?im:^:ID:\\s*([^\\s\\r\\n]+))" content)
-      (when match (setf id (aref regs 0))))
-    ;; Extract all DEPENDS_ON lines
-    (ppcre:do-register-groups (deps-string)
-        ("(?im:^#\\+DEPENDS_ON:\\s*(.*))" content)
-      (let ((deps (ppcre:split "\\s+" (string-trim " " deps-string))))
-        (setf dependencies (append dependencies (mapcar (lambda (s) (string-trim "[] " s)) deps)))))
-    (values id (remove-if (lambda (s) (= 0 (length s))) dependencies))))
-#+end_src
-
-** Dependency Resolution (topological-sort-skills)
-#+begin_src lisp :tangle ../library/skills.lisp
-(defun topological-sort-skills (skills-dir)
-  "Returns a list of skill filepaths sorted by dependency (dependencies first)."
-  (let ((files (uiop:directory-files skills-dir "org-skill-*.org"))
-        (adj (make-hash-table :test 'equal))
-        (name-to-file (make-hash-table :test 'equal))
-        (id-to-file (make-hash-table :test 'equal))
-        (result nil)
-        (visited (make-hash-table :test 'equal))
-        (stack (make-hash-table :test 'equal)))
-    (dolist (file files)
-      (let ((filename (pathname-name file)))
-        (multiple-value-bind (id deps) (parse-skill-metadata file)
-          (setf (gethash (string-downcase filename) name-to-file) file)
-          (when id (setf (gethash (string-downcase id) id-to-file) file))
-          (setf (gethash (string-downcase filename) adj) deps))))
-    (labels ((visit (file)
-               (let* ((filename (pathname-name file))
-                      (node-key (string-downcase filename)))
-                 (unless (gethash node-key visited)
-                   (setf (gethash node-key stack) t)
-                   (dolist (dep (gethash node-key adj))
-                     (let* ((is-id-p (uiop:string-prefix-p "id:" (string-downcase dep)))
-                            (dep-key (string-downcase (if is-id-p (subseq dep 3) dep)))
-                            (dep-file (if is-id-p 
-                                          (gethash dep-key id-to-file)
-                                          (or (gethash dep-key id-to-file)
-                                              (gethash dep-key name-to-file)))))
-                       (when dep-file
-                         (let ((dep-filename (pathname-name dep-file)))
-                           (if (gethash (string-downcase dep-filename) stack)
-                               (error "Circular dependency detected: ~a -> ~a" filename dep-filename)
-                               (visit dep-file))))))
-                   (setf (gethash node-key stack) nil)
-                   (setf (gethash node-key visited) t)
-                   (push file result)))))
-      (let ((filenames (sort (mapcar #'pathname-name files) #'string<)))
-        (dolist (name filenames)
-          (let ((file (gethash (string-downcase name) name-to-file)))
-            (when file (visit file)))))
-      (nreverse result))))
-#+end_src
-
-** Jailed Loading (load-skill-from-org)
-#+begin_src lisp :tangle ../library/skills.lisp
-(defun validate-lisp-syntax (code-string)
-  "Checks if a string contains valid, readable Common Lisp forms.
-Delegates to the Lisp Validator skill when available; falls back to a basic
-reader check during early boot before the validator skill is loaded."
-  (let ((result
-          (if (fboundp 'lisp-validator-validate)
-              (lisp-validator-validate code-string :strict nil)
-              (handler-case
-                  (let ((*read-eval* nil))
-                    (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-                      (loop for form = (read stream nil :eof) until (eq form :eof)))
-                    (list :status :success))
-                (error (c)
-                  (list :status :error :reason (format nil "~a" c)))))))
-    (if (eq (getf result :status) :success)
-        (values t nil)
-        (values nil (or (getf result :reason) "Lisp Validator rejected code.")))))
-
-(defun load-skill-from-org (filepath)
-  "Parses and evaluates Lisp blocks with :tangle directives from an Org file.
-Only loads blocks that specify a .lisp tangle target, ignoring tests and examples."
-  (let* ((skill-base-name (pathname-name filepath))
-         (entry (or (gethash skill-base-name *skill-catalog*) (make-skill-entry :filename skill-base-name))))
-    (setf (skill-entry-status entry) :loading)
-    (setf (gethash skill-base-name *skill-catalog*) entry)
-    
-    (handler-case
-        (let* ((content (uiop:read-file-string filepath)) 
-               (lines (uiop:split-string content :separator '(#\Newline)))
-               (in-lisp-block nil) 
-               (collect-this-block nil)
-               (lisp-code "") 
-               (pkg-name (intern (string-upcase (format nil "OPENCORTEX.SKILLS.~a" skill-base-name)) :keyword)))
-          
-          (dolist (line lines)
-            (let ((clean-line (string-trim '(#\Space #\Tab #\Return) line)))
-              (cond ((uiop:string-prefix-p "#+begin_src lisp" (string-downcase clean-line))
-                     (setf in-lisp-block t)
-                     ;; Only collect blocks with a :tangle directive pointing to a
-                     ;; runtime .lisp file (exclude tests and :tangle no)
-                     (let ((tl (string-downcase clean-line)))
-                       (setf collect-this-block
-                             (and (search ":tangle" tl)
-                                  (not (search ":tangle no" tl))
-                                  (search ".lisp" tl)
-                                  (not (search "tests/" tl))
-                                  (not (search "test/" tl))))))
-                     ((uiop:string-prefix-p "#+end" (string-downcase clean-line))
-                      (setf in-lisp-block nil)
-                      (setf collect-this-block nil))
-                    ((and in-lisp-block collect-this-block)
-                     (unless (or (uiop:string-prefix-p ":PROPERTIES:" (string-upcase clean-line))
-                                 (uiop:string-prefix-p ":END:" (string-upcase clean-line)))
-                       (setf lisp-code (concatenate 'string lisp-code line (string #\Newline))))))))
-          
-          (if (= (length lisp-code) 0)
-              (progn (setf (skill-entry-status entry) :ready) t)
-              (progn
-                (multiple-value-bind (valid-p err) (validate-lisp-syntax lisp-code)
-                  (unless valid-p (error "Syntax Error: ~a" err)))
-                (harness-log "HARNESS: Jailing skill '~a' in package ~a" skill-base-name pkg-name)
-                (unless (find-package pkg-name)
-                  (let ((new-pkg (make-package pkg-name :use '(:cl))))
-                    (use-package :opencortex new-pkg)))
-                (let ((*read-eval* nil) (*package* (find-package pkg-name)))
-                  (eval (read-from-string (format nil "(progn ~a)" lisp-code))))
-                (setf (skill-entry-status entry) :ready)
-                t)))
-      (error (c)
-        (let ((msg (format nil "~a" c)))
-          (harness-log "LOADER ERROR in skill '~a': ~a" skill-base-name msg)
-          (setf (skill-entry-status entry) :failed)
-          (setf (skill-entry-error-log entry) msg)
-          nil)))))
-
-(defun load-skill-with-timeout (filepath timeout-seconds)
-  "Loads a skill Org file with a hard execution timeout."
-  (let* ((finished nil)
-         (thread (bt:make-thread (lambda () 
-                                   (if (load-skill-from-org filepath)
-                                       (setf finished t)
-                                       (setf finished :error)))
-                                 :name (format nil "loader-~a" (pathname-name filepath))))
-         (start-time (get-internal-real-time))
-         (timeout-units (truncate (* timeout-seconds internal-time-units-per-second))))
-    (loop 
-      (when (eq finished t) (return :success))
-      (when (eq finished :error) (return :error))
-      (unless (bt:thread-alive-p thread) (return :error))
-      (when (> (- (get-internal-real-time) start-time) timeout-units)
-        (harness-log "HARNESS: Timing out skill ~a..." (pathname-name filepath))
-        #+sbcl (sb-thread:terminate-thread thread)
-        #-sbcl (bt:destroy-thread thread)
-        (return :timeout))
-      (sleep 0.05))))
-#+end_src
-
-** Initializing All Skills (initialize-all-skills)
-#+begin_src lisp :tangle ../library/skills.lisp
-(defun initialize-all-skills ()
-  "Scans the directory defined by SKILLS_DIR and hot-loads skills using topological order."
-  (let* ((env-path (uiop:getenv "SKILLS_DIR"))
-         (skills-dir-str (or env-path (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-         (resolved-path (context-resolve-path skills-dir-str))
-         (skills-dir (if resolved-path (uiop:ensure-directory-pathname resolved-path) nil)))
-    
-    (unless (and skills-dir (uiop:directory-exists-p skills-dir))
-      (harness-log "HARNESS ERROR: Skills directory not found: ~a" skills-dir-str)
-      (return-from initialize-all-skills nil))
-
-    (let ((sorted-files (topological-sort-skills skills-dir)))
-      (let* ((mandatory-env (uiop:getenv "MANDATORY_SKILLS"))
-             (mandatory-skills (if mandatory-env 
-                                   (mapcar (lambda (s) (string-trim '(#\Space #\" #\') s)) 
-                                           (uiop:split-string mandatory-env :separator '( #\,)))
-                                   '("org-skill-policy" "org-skill-bouncer"))))
-        (dolist (req mandatory-skills)
-          (unless (member req sorted-files :key #'pathname-name :test #'string-equal)
-            (error "BOOT FAILURE: Mandatory skill '~a' not found in skills directory: ~a" req (uiop:native-namestring skills-dir))))
-      
-        (harness-log "==================================================")
-        (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
-      
-        (dolist (file sorted-files)
-          (let* ((skill-name (pathname-name file))
-                 (is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
-            (harness-log " LOADER: Loading ~a..." skill-name)
-            (let ((status (load-skill-with-timeout file 5)))
-              (unless (eq status :success)
-                (if is-mandatory
-                    (error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
-                    (harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
-      
-        (let ((ready 0) (failed 0))
-          (maphash (lambda (k v) 
-                     (declare (ignore k))
-                     (if (eq (skill-entry-status v) :ready) (incf ready) (incf failed)))
-                   *skill-catalog*)
-          (harness-log " LOADER: Boot Complete. [Ready: ~a] [Failed: ~a]" ready failed)
-          (harness-log "==================================================")
-          (values ready failed))))))
-#+end_src
-
-** Toolbelt Prompt Generation (generate-tool-belt-prompt)
-#+begin_src lisp :tangle ../library/skills.lisp
-(defun generate-tool-belt-prompt ()
-  "Aggregates all registered cognitive tools into a descriptive prompt."
-  (let ((output (format nil "AVAILABLE TOOLS:
-You can call tools by returning a Lisp plist: (:target :tool :action :call :tool <name> :args (...))
-
-EXAMPLES:
-(:target :tool :action :call :tool \"eval\" :args (:code \"(+ 1 1)\"))
-(:target :tool :action :call :tool \"grep-search\" :args (:pattern \"autonomousty\"))
-(:target :tool :action :call :tool \"shell\" :args (:cmd \"ls -la\"))
-
---
-" )))
-    (maphash (lambda (name tool)
-               (setf output (concatenate 'string output
-                                         (format nil "- ~a: ~a~%  Parameters: ~s~%~%"
-                                                 name
-                                                 (cognitive-tool-description tool)
-                                                 (cognitive-tool-parameters tool)))))
-             *cognitive-tools*)
-    output))
-#+end_src
-
-** The Default Tool Belt
-*** The Eval Tool (Internal Inspection)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :eval "Evaluates raw Common Lisp code in the harness image. Use this for complex calculations or internal state inspection."
-  ((:code :type :string :description "The Lisp code to evaluate"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((code (getf args :code)))
-             (let ((harness-pkg (find-package :opencortex.skills.org-skill-lisp-validator)))
-               (if harness-pkg 
-                   (uiop:symbol-call :opencortex.skills.org-skill-lisp-validator :lisp-validator-validate code)
-                   t))))
-  :body (lambda (args)
-          (let ((code (getf args :code)))
-            (handler-case (let ((result (eval (read-from-string code))))
-                            (format nil "~s" result))
-              (error (c) (format nil "ERROR: ~a" c))))))
-#+end_src
-
-*** The Grep Tool (File Discovery)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :grep-search "Searches for a pattern in the project files."
-  ((:pattern :type :string :description "The regex pattern to search for")
-   (:dir :type :string :description "Directory to search in (default is project root)"))
-  :body (lambda (args)
-          (let ((pattern (getf args :pattern))
-                (dir (or (getf args :dir) (uiop:getenv "MEMEX_DIR"))))
-            (uiop:run-program (list "grep" "-r" "-n" "--exclude-dir=node_modules" pattern dir) 
-                              :output :string :ignore-error-status t))))
-#+end_src
-
-*** The Shell Tool (Machine Actuation)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :shell "Executes a shell command on the local machine. Use this for file operations, system checks, or running tests."
-  ((:cmd :type :string :description "The full bash command to execute"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((cmd (getf args :cmd)))
-             (not (or (search "rm -rf /" cmd) (search ":(){ :|:& };:" cmd)))))
-  :body (lambda (args)
-          (let ((cmd (getf args :cmd)))
-            (multiple-value-bind (out err code)
-                (uiop:run-program (list "bash" "-c" cmd) :output :string :error-output :string :ignore-error-status t)
-              (format nil "EXIT-CODE: ~a~%~%STDOUT:~%~a~%~%STDERR:~%~a" code out err)))))
-#+end_src
-
-*** The Reload-Skill Tool (Hot Reload)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :reload-skill "Reloads a skill from its Org-mode source file, recompiling into the live image without restarting the daemon."
-  ((:skill :type :string :description "The skill name (e.g., \"org-skill-policy\") or full path to the .org file"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((skill (getf args :skill)))
-             (or (uiop:file-exists-p skill)
-                 (let ((skills-dir (or (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                       (namestring (merge-pathnames "notes/" (user-homedir-pathname))))))
-                   (uiop:file-exists-p (merge-pathnames (format nil "~a.org" skill) skills-dir))))))
-  :body (lambda (args)
-          (let ((skill (getf args :skill)))
-            (snapshot-memory)
-            (let ((skills-dir (or (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                  (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-                 (resolved-path (context-resolve-path skills-dir))
-                 (skills-dir-actual (if (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                        (uiop:ensure-directory-pathname (context-resolve-path (uiop:getenv "SKILLS_DIR")))
-                                        (uiop:ensure-directory-pathname (user-homedir-pathname)))))
-              (let ((file (if (uiop:file-exists-p skill)
-                             (uiop:ensure-pathname skill)
-                             (merge-pathnames (format nil "~a.org" skill) skills-dir-actual))))
-                (cond
-                  ((not (uiop:file-exists-p file))
-                   (format nil "ERROR: Skill file not found: ~a" (uiop:native-namestring file)))
-                  (t
-                   (harness-log "SKILL: Hot-reloading ~a..." (pathname-name file))
-                   (let ((status (load-skill-with-timeout file 10)))
-                     (if (eq status :success)
-                         (let ((base-name (pathname-name file)))
-                           (setf (skill-entry-status (gethash base-name *skill-catalog*)) :ready)
-                           (format nil "OK: Skill '~a' reloaded successfully." base-name))
-                         (format nil "ERROR: Reload failed with status ~a" status))))))))))
-#+end_src
-
-*** The File Read Tool (V 0.2.0 File I/O)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :read-file "Reads the contents of a file as a string."
-  ((:file :type :string :description "The path to the file to read"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file)))
-            (handler-case
-                (uiop:read-file-string file)
-              (error (c)
-                (format nil "ERROR reading ~a: ~a" file c))))))
-#+end_src
-
-*** The File Write Tool (V 0.2.0 File I/O)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :write-file "Writes content to a file, creating it if it doesn't exist."
-  ((:file :type :string :description "The path to the file to write")
-   (:content :type :string :description "The content to write")
-   (:append :type :string :description "\"t\" to append instead of overwriting (optional)"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (content (getf args :content))
-                (append-p (string-equal (getf args :append) "t")))
-            (handler-case
-                (progn
-                  (snapshot-memory)
-                  (with-open-file (out file
-                                      :direction :output
-                                      :if-exists (if append-p :append :supersede)
-                                      :if-does-not-exist :create)
-                    (write-string content out))
-                  (format nil "OK: ~a written to ~a" 
-                          (if append-p "content appended" "file written")
-                          file))
-              (error (c)
-                (format nil "ERROR writing ~a: ~a" file c))))))
-#+end_src
-
-*** The String Replace Tool (V 0.2.0 File I/O)
-#+begin_src lisp :tangle ../library/skills.lisp
-(def-cognitive-tool :replace-string "Replaces occurrences of old-string with new-string in a file."
-  ((:file :type :string :description "The path to the file")
-   (:old :type :string :description "The substring to find and replace")
-   (:new :type :string :description "The replacement string"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (old (getf args :old))
-                (new (getf args :new)))
-            (handler-case
-                (progn
-                  (snapshot-memory)
-                  (let ((content (uiop:read-file-string file)))
-                    (if (search old content)
-                        (let ((new-content (cl-ppcre:regex-replace-all (cl-ppcre:quote-meta-chars old) content new)))
-                          (with-open-file (out file :direction :output :if-exists :supersede)
-                            (write-string new-content out))
-                          (format nil "OK: Replaced first occurrence in ~a" file))
-                        (format nil "ERROR: Pattern not found in ~a" file))))
-              (error (c)
-                (format nil "ERROR replacing in ~a: ~a" file c))))))
-#+end_src
-
-* Test Suite
-
-These tests verify the Skill Engine and loader. Run with:
-~(fiveam:run! 'boot-suite)~
-
-#+begin_src lisp :tangle ../tests/boot-sequence-tests.lisp
-(defpackage :opencortex-boot-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:boot-suite))
-
-(in-package :opencortex-boot-tests)
-
-(def-suite boot-suite :description "Verification of the Skill Engine loader")
-
-(in-suite boot-suite)
-
-(test test-parse-skill-metadata
-  "Verify extraction of ID and DEPENDS_ON from Org headers."
-  (let ((tmp-file "/tmp/org-skill-test-metadata.org"))
-    (with-open-file (out tmp-file :direction :output :if-exists :supersede)
-      (format out ":PROPERTIES:~%:ID: test-id~%:END:~%#+DEPENDS_ON: dep1 dep2~%"))
-    (unwind-protect
-         (multiple-value-bind (id deps) (opencortex::parse-skill-metadata tmp-file)
-           (is (equal "test-id" id))
-           (is (member "dep1" deps :test #'string=))
-           (is (member "dep2" deps :test #'string=)))
-       (uiop:delete-file-if-exists tmp-file))))
-
-(test test-topological-sort-basic
-  "Verify that skills are ordered by dependency."
-  (let ((tmp-dir "/tmp/opencortex-boot-test/"))
-    (uiop:ensure-all-directories-exist (list tmp-dir))
-    (with-open-file (out (merge-pathnames "org-skill-a.org" tmp-dir) :direction :output :if-exists :supersede)
-      (format out "#+DEPENDS_ON: skill-b-id~%"))
-    (with-open-file (out (merge-pathnames "org-skill-b.org" tmp-dir) :direction :output :if-exists :supersede)
-      (format out ":PROPERTIES:~%:ID: skill-b-id~%:END:~%"))
-    (unwind-protect
-         (let ((sorted (opencortex::topological-sort-skills tmp-dir)))
-           (let ((pos-a (position "org-skill-a" sorted :key #'pathname-name :test #'string-equal))
-                 (pos-b (position "org-skill-b" sorted :key #'pathname-name :test #'string-equal)))
-             (is (< pos-b pos-a)))
-       (uiop:delete-directory-tree (uiop:ensure-directory-pathname tmp-dir) :validate t))))
-
-(test test-skill-jailing
-  "Verify that skills are loaded into their own packages."
-  (let ((tmp-skill "/tmp/org-skill-jail-test.org"))
-    (with-open-file (out tmp-skill :direction :output :if-exists :supersede)
-      (format out ":PROPERTIES:~%:ID: jail-test-id~%:END:~%#+TITLE: Jail Test Skill~%#+begin_src lisp :tangle no~(defun jail-test-fn () t)~#+end_src"))
-    (unwind-protect
-         (progn
-           (opencortex::load-skill-from-org tmp-skill)
-           (is (not (null (gethash "org-skill-jail-test" opencortex::*skills-registry*)))))
-       (uiop:delete-file-if-exists tmp-skill))))
-#+end_src
--- a/harness/tui-client.org
+++ b/harness/tui-client.org
@@ -1,249 +0,0 @@
-:PROPERTIES:
-:ID:       tui-client-spec
-:CREATED:  [2026-04-17 Fri 11:00]
-:END:
-#+TITLE: OpenCortex TUI Client (Standalone)
-#+STARTUP: content
-#+FILETAGS: :tui:ux:client:
-
-* Overview
-The OpenCortex TUI Client is a standalone Common Lisp application built on **Croatoan**. It provides a real-time, multi-window interface for interacting with the OpenCortex daemon.
-
-* Implementation
-#+begin_src lisp :tangle ../library/tui-client.lisp
-(in-package :cl-user)
-(defpackage :opencortex.tui
-  (:use :cl :croatoan)
-  (:export :main))
-(in-package :opencortex.tui)
-
-(defvar *daemon-host* "127.0.0.1")
-(defvar *daemon-port* 9105)
-(defvar *socket* nil)
-(defvar *stream* nil)
-(defvar *chat-history* (list))
-(defvar *status-text* "Connecting...")
-(defvar *input-buffer* (make-array 0 :element-type 'char :fill-pointer 0 :adjustable t))
-(defvar *command-history* (make-array 0 :element-type 't :fill-pointer 0 :adjustable t))
-(defvar *history-index* -1)
-(defvar *input-mode* :single)  ; :single or :multi
-(defvar *is-running* t)
-(defvar *queue-lock* (bt:make-lock))
-(defvar *incoming-msgs* nil)
-
-(defun enqueue-msg (msg)
-  (bt:with-lock-held (*queue-lock*)
-    (push msg *incoming-msgs*)))
-
-(defun add-to-history (cmd)
-  "Add command to history, preserving most recent."
-  (when (and cmd (> (length cmd) 0))
-    ;; Don't duplicate the last command
-    (unless (and (> (length *command-history*) 0)
-                  (string= cmd (aref *command-history* (1- (length *command-history*))))))
-      (vector-push-extend cmd *command-history* :adjustable t))
-    (setf *history-index* (length *command-history*))))
-
-(defun history-previous ()
-  "Navigate to previous command in history."
-  (when (> (length *command-history*) 0)
-    (setf *history-index* (max 0 (1- *history-index*)))
-    (let ((cmd (aref *command-history* *history-index*)))
-      (setf (fill-pointer *input-buffer*) 0)
-      (loop for ch across cmd do (vector-push-extend ch *input-buffer*))
-      cmd)))
-
-(defun history-next ()
-  "Navigate to next command in history."
-  (when (and *history-index* (< *history-index* (1- (length *command-history*))))
-    (setf *history-index* (1+ *history-index*))
-    (let ((cmd (aref *command-history* *history-index*)))
-      (setf (fill-pointer *input-buffer*) 0)
-      (loop for ch across cmd do (vector-push-extend ch *input-buffer*))
-      cmd))
-  (when (>= *history-index* (1- (length *command-history*)))
-    (setf (fill-pointer *input-buffer*) 0)))
-
-(defun dequeue-msgs ()
-  (bt:with-lock-held (*queue-lock*)
-    (let ((msgs (nreverse *incoming-msgs*)))
-      (setf *incoming-msgs* nil)
-      msgs)))
-
-(defun clean-keywords (msg)
-  (if (listp msg)
-      (let ((clean nil))
-        (loop for (k v) on msg by #'cddr
-              do (push (intern (string k) :keyword) clean)
-                 (push v clean))
-        (nreverse clean))
-      msg))
-
-(defun format-payload (payload)
-  "Extracts human-readable text from a protocol payload, handling nested tool calls."
-  (let* ((action (getf payload :ACTION))
-         (text (getf payload :TEXT))
-         (msg (getf payload :MESSAGE))
-         (tool (getf payload :TOOL))
-         (prompt (getf payload :PROMPT))
-         (args (getf payload :ARGS))
-         (result (getf payload :RESULT)))
-    (cond (text text)
-          (msg msg)
-          ((eq action :MESSAGE) (getf payload :TEXT))
-          ((and tool prompt) (format nil "🤔 ~a: ~a" tool prompt))
-          ((and tool args) 
-           (let ((inner-prompt (or (getf args :PROMPT) (getf args :TEXT))))
-             (if inner-prompt
-                 (format nil "🤔 ~a: ~a" tool inner-prompt)
-                 (format nil "🔧 ~a args: ~s" tool args))))
-          (result (format nil "✅ ~a" result))
-          (t (format nil "~s" payload)))))
-
-(defun format-incoming (msg)
-  "Formats incoming message with styling."
-  (let ((type (or (getf msg :TYPE) (getf msg :type)))
-        (payload (or (getf msg :PAYLOAD) (getf msg :payload))))
-    (cond
-      ((and (listp msg) (eq type :EVENT))
-       (let ((action (or (getf payload :ACTION) (getf payload :action)))
-             (text (or (getf payload :TEXT) (getf payload :text) (getf payload :MESSAGE) (getf payload :message)))))
-         (cond ((eq action :handshake) (format nil "👋 ~a" (or text "Connected")))
-               ((eq action :thinking) (format nil "🤔 ~a" (or text "Thinking...")))
-               ((eq action :tool-complete) (format nil "🔧 Done"))
-               (text (format nil "💬 ~a" text))
-               (t (format nil "📢 ~s" msg)))))
-      ((and (listp msg) (eq type :STATUS))
-       (format nil "🔄 Scribe: ~a | Gardener: ~a" 
-               (or (getf msg :SCRIBE) "idle")
-               (or (getf msg :GARDENER) "idle")))
-      ((and (listp msg) (member type '(:REQUEST :RESPONSE :LOG)))
-       (format-payload payload))
-      ((and (listp msg) (eq type :EVENT) (eq (getf payload :SENSOR) :TOOL-OUTPUT))
-       (format nil "🔧 ~a" (getf payload :RESULT)))
-      (t (format nil "~s" msg))))
-
-(defun listen-thread ()
-  (loop while *is-running* do
-    (handler-case
-        (when (and *stream* (open-stream-p *stream*))
-          (let ((raw-msg (opencortex:read-framed-message *stream*)))
-            (unless (member raw-msg '(:eof :error))
-              (let* ((msg (clean-keywords raw-msg))
-                     (type (or (getf msg :TYPE) (getf msg :type)))
-                     (payload (or (getf msg :PAYLOAD) (getf msg :payload))))
-                (cond ((and (listp msg) (eq type :EVENT))
-                       (let ((action (or (getf payload :ACTION) (getf payload :action)))
-                             (text (or (getf payload :TEXT) (getf payload :text) (getf payload :MESSAGE) (getf payload :message))))
-                         (cond ((eq action :handshake) (setf *status-text* "Ready"))
-                               (text (enqueue-msg (format nil "SYSTEM: ~a" text))))))
-                      ((and (listp msg) (eq type :STATUS))
-                       (setf *status-text* (format nil "[Scribe: ~a] [Gardener: ~a]" 
-                                                   (or (getf msg :SCRIBE) (getf msg :scribe))
-                                                   (or (getf msg :GARDENER) (getf msg :gardener)))))
-                      ((and (listp msg) (member type '(:REQUEST :RESPONSE :LOG)))
-                       (let ((formatted (format-payload payload)))
-                         (when formatted (enqueue-msg formatted))))
-                      ((and (listp msg) (eq type :EVENT) (eq (getf payload :SENSOR) :TOOL-OUTPUT))
-                       (let ((formatted (format-payload payload)))
-                         (when formatted (enqueue-msg formatted))))
-                      (t (harness-log "TUI: Ignored unknown type ~a" type)))))
-            (when (eq raw-msg :eof) (setf *is-running* nil))
-            (when (eq raw-msg :error) (setf *status-text* "Protocol Error"))))
-      (error (c) (setf *status-text* (format nil "Net Error: ~a" c)) (setf *is-running* nil)))
-    (sleep 0.05)))
-
-(defun main ()
-  (handler-case
-      (setf *socket* (usocket:socket-connect *daemon-host* *daemon-port*))
-    (error (e) (format t "Error connecting: ~a~%" e) (return-from main)))
-  (setf *stream* (usocket:socket-stream *socket*))
-  (bt:make-thread #'listen-thread :name "tui-listener")
-  
-  (unwind-protect
-      (with-screen (scr :input-echoing nil :input-blocking nil :enable-colors t :cursor-visible t :window-border-chars #\┌#\─#\┐#\│#\└#\┘#\─#\│)
-        (let* ((h (height scr))
-               (w (width scr))
-               (chat-height (- h 5))
-               (chat-win (make-instance 'window :height chat-height :width (- w 2) :position (list 1 1) :border t))
-               (status-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 4) 1) :border t))
-               (help-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 3) 1)))
-               (input-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 2) 1) :border t))
-               (last-status nil))
-           
-           ;; Draw help once
-           (add-string help-win "↑↓ History | Esc Clear | /help /exit | Multi-line: Shift+Enter" :y 0 :x 0 :attributes '(:bold))
-           (refresh help-win)
-           
-           (setf (function-keys-enabled-p input-win) t)
-           (setf (input-blocking input-win) nil)
-
-           (loop while *is-running* do
-             ;; 1. Handle incoming messages
-             (let ((new-msgs (dequeue-msgs)))
-               (when new-msgs
-                 (dolist (msg new-msgs)
-                   (let ((formatted (format-incoming msg)))
-                     (when formatted 
-                       (push formatted *chat-history*)
-                       (setf *chat-history* (subseq *chat-history* 0 (min (length *chat-history*) 500))))))
-                 
-                 (clear chat-win)
-                 (let ((line-num 1))
-                   (dolist (m (reverse (subseq *chat-history* 0 (min (length *chat-history*) (- chat-height 3)))))
-                     (add-string chat-win (format nil "│ ~a" m) :y line-num :x 1)
-                     (incf line-num)))
-                 ;; Add border line count
-                 (add-string chat-win (format nil "├─ ~d messages" (length *chat-history*)) :y (1- chat-height) :x 1 :attributes '(:dim))
-                 (refresh chat-win)))
-
-             ;; 2. Render Status Bar ONLY if changed
-             (unless (equal *status-text* last-status)
-               (clear status-win)
-               (add-string status-win (format nil "┤ ~a ┤" *status-text*) :y 0 :x 1 :attributes '(:reverse))
-               (refresh status-win)
-               (setf last-status *status-text*))
-
-              ;; 3. Handle Keyboard Input
-              (let* ((event (get-wide-event input-win))
-                     (ch (and event (typep event 'event) (event-key event))))
-                (when ch
-                  (cond
-                    ((or (eq ch #\Newline) (eq ch #\Return))
-                     (let ((cmd (coerce *input-buffer* 'string)))
-                       (setf (fill-pointer *input-buffer*) 0)
-                       (when (> (length cmd) 0)
-                         (add-to-history cmd)
-                         (enqueue-msg (format nil "⬆ ~a" cmd))
-                         (let ((framed (opencortex:frame-message (list :TYPE :EVENT 
-                                                                      :META (list :SOURCE :tui :SESSION-ID "default")
-                                                                      :PAYLOAD (list :SENSOR :user-input :TEXT cmd)))))
-                           (format *stream* "~a" framed)
-                           (finish-output *stream*)))
-                       (when (string= cmd "/exit") (setf *is-running* nil))
-                       (when (string= cmd "/clear") (setf *chat-history* nil))
-                       (when (string= cmd "/help") 
-                         (enqueue-msg "Available commands: /help /exit /clear /status")
-                         (enqueue-msg "Use ↑↓ for history, Esc to clear input"))))
-                    ((eq ch :up) (history-previous))
-                    ((eq ch :down) (history-next))
-                    ((eq ch :escape) 
-                     (setf (fill-pointer *input-buffer*) 0)
-                     (setf *history-index* (length *command-history*)))
-                    ((or (eq ch :backspace) (eq ch #\Backspace) (eq ch #\Rubout) (eq ch #\Del))
-                     (when (> (fill-pointer *input-buffer*) 0)
-                       (decf (fill-pointer *input-buffer*))))
-                    ((eq ch :shift-left)  ; Shift+Enter for multi-line
-                     (vector-push-extend #\Newline *input-buffer*))
-                    ((characterp ch)
-                     (vector-push-extend ch *input-buffer*))))
-                
-                (clear input-win)
-                (let ((prompt (if (> (fill-pointer *input-buffer*) 0) "│" "▶")))
-                  (add-string input-win (format nil "~a ~a" prompt (coerce *input-buffer* 'string)) :y 0 :x 1 :attributes (when (> (fill-pointer *input-buffer*) 0) '(:bold))))
-                (refresh input-win))
-             
-             (sleep 0.02))))
-    (setf *is-running* nil)
-    (when *socket* (usocket:socket-close *socket*))))
-#+end_src
--- a/infrastructure/docker/Dockerfile
+++ b/infrastructure/docker/Dockerfile
@@ -1,32 +1,23 @@
-FROM debian:bullseye-slim
+FROM debian:trixie-slim

 ENV DEBIAN_FRONTEND=noninteractive

 RUN apt-get update && apt-get install -y \
-    sbcl \
-    emacs-nox \
-    curl \
-    git \
-    socat \
-    netcat-openbsd \
-    libssl-dev \
-    libncurses5-dev \
-    libffi-dev \
-    zlib1g-dev \
-    libsqlite3-dev \
+    sbcl emacs-nox curl git socat netcat-openbsd rlwrap \
+    libssl-dev libncurses-dev libffi-dev zlib1g-dev libsqlite3-dev \
    && rm -rf /var/lib/apt/lists/*

-# Install Quicklisp
 RUN curl -O https://beta.quicklisp.org/quicklisp.lisp \
-    && sbcl --non-interactive --load quicklisp.lisp --eval "(quicklisp-quickstart:install)" --eval "(ql-util:without-prompting (ql:add-to-init-file))" \
+    && sbcl --non-interactive --load quicklisp.lisp \
+        --eval "(quicklisp-quickstart:install)" \
+        --eval "(ql-util:without-prompting (ql:add-to-init-file))" \
    && rm quicklisp.lisp

 WORKDIR /app
 COPY . .

-# Initialize system in non-interactive mode
-RUN mkdir -p /root/memex && ./opencortex.sh setup --non-interactive
+RUN mkdir -p /root/memex && ./passepartout.sh configure --non-interactive

 EXPOSE 9105

-CMD ["./opencortex.sh", "boot"]
+CMD ["./passepartout.sh", "daemon"]
--- a/infrastructure/docker/docker-compose.yml
+++ b/infrastructure/docker/docker-compose.yml
@@ -1,18 +1,15 @@
 services:
-  opencortex:
+  passepartout:
    build:
-      context: .
-      dockerfile: Dockerfile
-    container_name: opencortex
-    env_file: .env
+      context: ../../
+      dockerfile: infrastructure/docker/Dockerfile
+    container_name: passepartout
+    env_file: ../../.env
    volumes:
-      # Mount the entire memex directory (2 levels up from projects/opencortex)
-      - ../..:/memex
-      # Ensure signal-cli state is preserved
+      - ../../../..:/memex
      - signal-state:/root/.local/share/signal-cli
    ports:
      - "${ORG_AGENT_DAEMON_PORT:-9105}:9105"
-      - "${ORG_AGENT_WEB_PORT:-8080}:8080"
    restart: unless-stopped

 volumes:
--- a/infrastructure/passepartout.service
+++ b/infrastructure/passepartout.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Passepartout Daemon
+Documentation=https://github.com/amrgharbeia/passepartout
+After=network.target
+
+[Service]
+Type=simple
+User=%u
+ExecStart=%h/projects/passepartout/passepartout daemon
+Restart=on-failure
+RestartSec=10
+WorkingDirectory=%h/projects/passepartout
+
+[Install]
+WantedBy=default.target
--- a/library/act.lisp
+++ b/library/act.lisp
@@ -1,313 +0,0 @@
-(in-package :opencortex)
-
-(defvar *default-actuator* :cli
-  "The actuator used when no explicit target is specified.
-  Override with DEFAULT_ACTUATOR environment variable.")
-
-(defvar *silent-actuators* '(:cli :system-message :emacs)
-  "List of actuators that don't generate tool-output feedback.
-  These typically have their own feedback mechanisms (CLI prints directly, etc.)")
-
-(defun initialize-actuators ()
-  "Load actuator configuration from environment and register core actuators.
-
-  Environment variables:
-  - DEFAULT_ACTUATOR: Keyword for default target (:cli, :shell, etc.)
-  - SILENT_ACTUATORS: Comma-separated list of actuators that skip feedback
-
-  Registers three core actuators:
-  1. :system - Internal commands (eval, create-skill, message)
-  2. :tool - Cognitive tool execution
-  3. :tui - Terminal UI output via reply stream"
-
-  ;; Load environment configuration
-  (let ((def (uiop:getenv "DEFAULT_ACTUATOR"))
-        (silent (uiop:getenv "SILENT_ACTUATORS")))
-
-    ;; Set default actuator
-    (when def
-      (setf *default-actuator*
-            (intern (string-upcase def) "KEYWORD")))
-
-    ;; Parse silent actuators list
-    (when silent
-      (setf *silent-actuators*
-            (mapcar (lambda (s)
-                      (intern (string-upcase (string-trim '(#\Space) s))
-                             "KEYWORD"))
-                    (str:split "," silent)))))
-
-  ;; Register core harness actuators
-  (register-actuator :system #'execute-system-action)
-  (register-actuator :tool #'execute-tool-action)
-
-  ;; TUI actuator: sends response back through the reply stream
-  (register-actuator :tui (lambda (action context)
-                            (let* ((meta (getf context :meta))
-                                   (stream (getf meta :reply-stream)))
-                              (when (and stream (open-stream-p stream))
-                                (format stream "~a" (frame-message action))
-                                (finish-output stream))))))
-
-(defun dispatch-action (action context)
-  "Route an approved action to its registered actuator.
-
-  ACTION is a plist with structure:
-    (:TYPE :REQUEST :TARGET :shell :PAYLOAD (...))
-
-  CONTEXT is the signal being processed (for metadata access)
-
-  The target is resolved in order of priority:
-  1. Explicit :target in the action
-  2. :source from the original signal's metadata
-  3. *default-actuator* configuration variable
-
-  Returns the actuator's result (may be a feedback signal or NIL)."
-
-  (let ((payload (proto-get action :payload)))
-
-    ;; Heartbeats don't generate actuation
-    (when (eq (proto-get payload :sensor) :heartbeat)
-      (return-from dispatch-action nil))
-
-    (when (and action (listp action))
-      (let* ((meta (proto-get context :meta))
-             (source (proto-get meta :source))
-             (raw-target (or (ignore-errors (getf action :TARGET))
-                            (ignore-errors (getf action :target))
-                            source
-                            *default-actuator*))
-             (target (intern (string-upcase (string raw-target)) :keyword))
-             (actuator-fn (gethash target *actuator-registry*)))
-
-        ;; Preserve metadata in outbound action
-        (when (and meta (null (getf action :meta)))
-          (setf (getf action :meta) meta))
-
-        ;; Execute or log error
-        (if actuator-fn
-            (funcall actuator-fn action context)
-            (harness-log "ACT ERROR: No actuator registered for '~s' (requested by ~s)"
-                         target raw-target))))))
-
-(defun execute-system-action (action context)
-  "Execute internal harness commands.
-
-  This actuator handles meta-commands that affect the harness itself,
-  rather than external side effects. Commands include:
-
-  - :eval - Evaluate arbitrary Lisp code (DANGEROUS, validate first!)
-  - :create-skill - Write a new skill org file and reload
-  - :message - Log a message to the harness log
-
-  These commands bypass the normal actuator system since they operate
-  on the harness internals rather than external systems."
-
-  (declare (ignore context))
-
-  (let* ((payload (ignore-errors (getf action :payload)))
-         (cmd (ignore-errors (getf payload :action))))
-
-    (case cmd
-      ;; Evaluate Lisp code - guarded by lisp-validator skill
-      (:eval
-       (let ((code (getf payload :code)))
-         (eval (read-from-string code))))
-
-      ;; Create and load a new skill from content
-      (:create-skill
-       (let* ((filename (getf payload :filename))
-              (content (getf payload :content))
-              (skills-dir (merge-pathnames "skills/"
-                                          (asdf:system-source-directory :opencortex)))
-              (full-path (merge-pathnames filename skills-dir)))
-         (with-open-file (out full-path
-                             :direction :output
-                             :if-exists :supersede)
-           (write-string content out))
-         (load-skill-from-org full-path)))
-
-      ;; Log an informational message
-      (:message
-       (harness-log "ACT [System]: ~a" (getf payload :text)))
-
-      ;; Unknown command
-      (t
-       (harness-log "ACT ERROR [System]: Unknown command '~s'" cmd)))))
-
-(defun execute-tool-action (action context)
-  "Execute a registered cognitive tool.
-
-  Tools are registered functions with:
-  - A guard function (optional, for safety checks)
-  - A body function (the actual implementation)
-  - Metadata (description, parameter specs)
-
-  This actuator:
-  1. Looks up the tool by name
-  2. Runs the guard function (if present)
-  3. Executes the body function with parsed arguments
-  4. Returns a feedback signal with the result
-
-  The feedback mechanism allows tool results to trigger further reasoning."
-
-  (let* ((payload (getf action :payload))
-         (tool-name (getf payload :tool))
-         (tool-args (getf payload :args))
-         (depth (getf context :depth 0))
-         (meta (getf context :meta))
-         (source (getf meta :source))
-         (tool (gethash (string-downcase (string tool-name)) *cognitive-tools*)))
-
-    (if tool
-        (handler-case
-            ;; Parse arguments (handle both flat and nested plists)
-            (let* ((clean-args (if (and (listp tool-args)
-                                      (listp (car tool-args)))
-                                 (car tool-args)
-                                 tool-args))
-                   (result (funcall (cognitive-tool-body tool) clean-args)))
-
-              ;; Format result for source
-              (when source
-                (dispatch-action (list :TYPE :REQUEST
-                                     :TARGET source
-                                     :PAYLOAD (list :ACTION :MESSAGE
-                                                  :TEXT (format-tool-result tool-name result)))
-                              context))
-
-              ;; Return feedback signal for potential further processing
-              (list :TYPE :EVENT
-                    :DEPTH (1+ depth)
-                    :META meta
-                    :PAYLOAD (list :SENSOR :tool-output
-                                 :RESULT result
-                                 :TOOL tool-name)))
-
-          ;; Tool execution error
-          (error (c)
-            (list :TYPE :EVENT
-                  :DEPTH (1+ depth)
-                  :META meta
-                  :PAYLOAD (list :SENSOR :tool-error
-                               :TOOL tool-name
-                               :MESSAGE (format nil "~a" c)))))
-
-        ;; Tool not found
-        (list :TYPE :EVENT
-              :DEPTH (1+ depth)
-              :META meta
-              :PAYLOAD (list :SENSOR :tool-error
-                            :MESSAGE (format nil "Tool '~a' not found" tool-name))))))
-
-(defun format-tool-result (tool-name result)
-  "Format a tool result for human-readable display.
-
-  Tools return either:
-  - A plist: (:status :success :content \"...\") or (:status :error :message \"...\")
-  - A raw value (string, number, etc.)
-
-  This function normalizes both formats into a consistent string presentation."
-
-  (if (listp result)
-      (let ((status (getf result :status))
-            (content (getf result :content))
-            (msg (getf result :message)))
-        (cond
-          ((and (eq status :success) content)
-           (format nil "~a" content))
-          ((and (eq status :error) msg)
-           (format nil "ERROR [~a]: ~a" tool-name msg))
-          (t
-           (format nil "TOOL [~a] RESULT: ~s" tool-name result))))
-      (format nil "TOOL [~a] RESULT: ~a" tool-name result)))
-
-(defun act-gate (signal)
-  "Final stage of the metabolic pipeline: Actuation.
-
-  This stage has three responsibilities:
-
-  1. Last-mile safety check: Run deterministic gates one more time
-     before execution (handles race conditions, concurrent modifications)
-
-  2. Actuation: Dispatch the approved action to its target actuator
-
-  3. Feedback generation: If the action produced results, create a
-     feedback signal that feeds back into the pipeline
-
-  Modifies the signal:
-  - :approved-action - May be modified by last-mile verification
-  - :status - Set to :acted
-
-  Returns a feedback signal if the action produced results, otherwise NIL."
-
-  (let* ((approved (getf signal :approved-action))
-         (type (getf signal :type))
-         (meta (getf signal :meta))
-         (source (getf meta :source))
-         (feedback nil)
-         (context signal))
-
-    ;; Step 1: Last-mile deterministic verification
-    ;; This catches any issues that arose between reasoning and acting
-    (when approved
-      (let* ((original-type (getf approved :type))
-             (verified (deterministic-verify approved signal)))
-
-        ;; Check if deterministic verification blocked the action
-        (if (and (listp verified)
-                 (member (getf verified :type) '(:LOG :EVENT :log :event))
-                 (not (member original-type '(:LOG :EVENT :log :event))))
-
-            ;; Action was blocked by verification
-            (progn
-              (harness-log "ACT BLOCKED: Action failed last-mile deterministic check.")
-              (setf (getf signal :approved-action) nil)
-              (setf approved nil)
-              (setf feedback verified))
-
-            ;; Action passed verification
-            (progn
-              (setf (getf signal :approved-action) verified)
-              (setf approved verified)))))
-
-    ;; Step 2: Actuation based on signal type
-    (case type
-      ;; Explicit requests go directly to dispatch
-      (:REQUEST
-       (dispatch-action signal context))
-
-      ;; Log messages also dispatch
-      (:LOG
-       (dispatch-action signal context))
-
-      ;; Events with approved actions dispatch to their target
-      (:EVENT
-       (if approved
-           (let* ((target (getf approved :target))
-                  (result (dispatch-action approved context)))
-
-             ;; Determine feedback based on actuator response
-             (cond
-               ;; Actuator returned a signal - use it as feedback
-               ((and (listp result)
-                     (member (getf result :type) '(:EVENT :LOG)))
-                (setf feedback result))
-
-               ;; Non-silent actuator with result - format as tool-output
-               ((and result
-                     (not (member target *silent-actuators*)))
-                (setf feedback (list :type :EVENT
-                                    :depth (1+ (getf signal :depth 0))
-                                    :meta meta
-                                    :payload (list :sensor :tool-output
-                                                 :result result
-                                                 :tool approved))))))
-
-           ;; No approved action, but have source - might be raw event
-           (when source
-             (dispatch-action signal context)))))
-
-    ;; Step 3: Update signal status
-    (setf (getf signal :status) :acted)
-    feedback))
--- a/library/communication-tests.lisp
+++ b/library/communication-tests.lisp
@@ -1,41 +0,0 @@
-(defpackage :opencortex-communication-tests
-  (:use :cl :fiveam :opencortex)
-  (:export #:communication-protocol-suite))
-
-(in-package :opencortex-communication-tests)
-
-(def-suite communication-protocol-suite
-  :description "Test suite for opencortex Communication Protocol")
-
-(in-suite communication-protocol-suite)
-
-(test test-framing
-  "Verify that messages are correctly prefixed with a 6-character hex length."
-  (let* ((msg '(:type :EVENT :payload (:action :handshake)))
-         (framed (frame-message msg))
-         (len-str (subseq framed 0 6))
-         (payload (subseq framed 6)))
-    (is (string= "00002C" (string-upcase len-str)))
-    (is (equalp msg (read-from-string payload)))))
-
-(test test-parse-message
-  "Verify that incoming framed strings are parsed into Lisp plists."
-  (let ((framed "00002c(:type :EVENT :payload (:action :handshake))"))
-    (is (equal '(:type :EVENT :payload (:action :handshake))
-               (read-from-string (subseq framed 6))))))
-
-(test test-hello-handshake
-  "Verify the structure of the HELLO handshake message."
-  (let ((hello (make-hello-message "0.1.0")))
-    (is (eq :EVENT (getf hello :type)))
-    (is (eq :handshake (getf (getf hello :payload) :action)))
-    (is (string= "0.1.0" (getf (getf hello :payload) :version)))))
-
-(test test-find-missing-id
-  "Verify that the daemon can find a headline missing an ID."
-  (let* ((ast '(:type :org-data :contents
-                   ((:type :HEADLINE :properties (:TITLE "No ID Here") :contents nil)
-                    (:type :HEADLINE :properties (:ID "exists" :TITLE "Has ID") :contents nil))))
-         (found (find-headline-missing-id ast)))
-    (is (not (null found)))
-    (is (string= "No ID Here" (getf (getf found :properties) :TITLE)))))
--- a/library/communication-validator.lisp
+++ b/library/communication-validator.lisp
@@ -1,44 +0,0 @@
-(in-package :opencortex)
-
-(defun validate-communication-protocol-schema (msg)
-  "Strict structural validation for incoming communication protocol messages."
-  (unless (listp msg)
-    (error "Communication Protocol Schema Error: Message must be a property list (got ~s)" (type-of msg)))
-  
-  (let ((type (let ((raw (proto-get msg :type))) (if (keywordp raw) (intern (string-upcase (string raw)) :keyword) raw))))
-    (unless (member type '(:REQUEST :EVENT :RESPONSE :LOG :STATUS))
-      (progn (harness-log "REJECTED MSG: ~s" msg) (error "Communication Protocol Schema Error: Invalid message type '~a'" type)))
-    
-    (case type
-      (:REQUEST 
-       ;; Allow missing :target if :source is present in :meta, since reason-gate
-       ;; will infer :target from :source downstream. This preserves "equality of
-       ;; clients" — gateways need not duplicate routing logic.
-       (let ((target (proto-get msg :target))
-             (source (proto-get (proto-get msg :meta) :source)))
-         (unless (or target source)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :target and no :source in :meta to infer it"))
-         (unless (proto-get msg :payload)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :payload"))))
-      
-      (:EVENT
-       (let ((payload (proto-get msg :payload)))
-         (unless (and payload (listp payload))
-           (error "Communication Protocol Schema Error: EVENT missing or invalid :payload"))
-         (unless (or (proto-get payload :action) (proto-get payload :sensor))
-           (error "Communication Protocol Schema Error: EVENT payload must contain :action or :sensor"))))
-      
-      (:RESPONSE
-       (unless (proto-get msg :payload)
-         (error "Communication Protocol Schema Error: RESPONSE missing mandatory :payload"))))
-    
-    t))
-
-(defskill :skill-communication-protocol-validator
-  :priority 95
-  :trigger (lambda (ctx) (member (getf (getf ctx :payload) :sensor) '(:protocol-received)))
-  :probabilistic nil
-  :deterministic (lambda (action ctx)
-              (declare (ignore ctx))
-              (validate-communication-protocol-schema action)
-              action))
--- a/library/communication.lisp
+++ b/library/communication.lisp
@@ -1,78 +0,0 @@
-(in-package :opencortex)
-
-(defun proto-get (plist key)
-  "Robustly retrieves a value from a plist, checking both uppercase and lowercase keyword versions."
-  (let* ((s (string key))
-         (up (intern (string-upcase s) :keyword))
-         (dn (intern (string-downcase s) :keyword)))
-    (or (getf plist up) (getf plist dn))))
-
-(in-package :opencortex)
-
-(defvar *actuator-registry* (make-hash-table :test 'equalp)
-  "Global registry mapping target keywords to their physical actuator functions.")
-
-(defun register-actuator (name fn) 
-  "Registers an actuator function. Actuators receive: (ACTION CONTEXT)."
-  (let ((key (if (keywordp name) name (intern (string-upcase (string name)) :keyword))))
-    (setf (gethash key *actuator-registry*) fn)))
-
-;; Removed duplicate frame-message - kept the sanitized version below
-
-(defun read-framed-message (stream)
-  "Reads a hex-length prefixed S-expression from the stream securely. Skips leading whitespace."
-  (let ((length-buffer (make-string 6)))
-    (handler-case
-        (progn
-          ;; 1. Skip leading whitespace (newlines, spaces, etc.)
-          (loop for char = (peek-char nil stream nil :eof)
-                while (and (not (eq char :eof)) (member char '(#\Space #\Newline #\Tab #\Return)))
-                do (read-char stream))
-          
-          ;; 2. Read the 6-char hex length
-          (let ((count (read-sequence length-buffer stream)))
-            (cond ((< count 6) :eof)
-                  (t (let ((len (ignore-errors (parse-integer length-buffer :radix 16))))
-                       (if (not len)
-                           (progn
-                             (harness-log "PROTOCOL ERROR: Invalid header ~s. Attempting resync..." length-buffer)
-                             :error)
-                           (let ((msg-buffer (make-string len)))
-                             (read-sequence msg-buffer stream)
-                             (let ((*read-eval* nil)
-                                   (*print-pretty* nil))
-                               (handler-case 
-                                   (let ((msg (read-from-string msg-buffer)))
-                                     (validate-communication-protocol-schema msg)
-                                     msg)
-                                 (error (c)
-                                   (harness-log "PROTOCOL PARSE ERROR: ~a in ~s" c msg-buffer)
-                                   :error))))))))))
-      (error (c) 
-        (harness-log "PROTOCOL READ ERROR: ~a" c)
-        :error))))
-
-(defun make-hello-message (version)
-  "Constructs the standard HELLO handshake message."
-  (list :TYPE :EVENT 
-        :PAYLOAD (list :ACTION :handshake 
-                       :VERSION version 
-                       :CAPABILITIES '(:AUTH :SWANK :ORG-AST))))
-
-(defun sanitize-protocol-message (msg)
-  "Recursively strips non-serializable objects from a protocol plist."
-  (if (and msg (listp msg))
-      (let ((clean nil))
-        (loop for (k v) on msg by #'cddr
-              do (unless (member k '(:reply-stream :socket :stream))
-                   (push k clean)
-                   (push (if (listp v) (sanitize-protocol-message v) v) clean)))
-        (nreverse clean))
-      msg))
-
-(defun frame-message (msg)
-  "Serializes a message plist and prefixes it with a 6-character hex length."
-  (let* ((sanitized (sanitize-protocol-message msg))
-         (payload (let ((*print-pretty* nil) (*read-eval* nil)) (format nil "~s" sanitized)))
-         (len (length payload)))
-    (format nil "~6,'0x~a" len payload)))
--- a/library/context.lisp
+++ b/library/context.lisp
@@ -1,119 +0,0 @@
-(in-package :opencortex)
-
-(defun context-query-store (&key tag todo-state type)
-  "Filters the Memory based on tags, todo states, or types."
-  (let ((results nil))
-    (maphash (lambda (id obj)
-               (declare (ignore id))
-               (let* ((attrs (org-object-attributes obj)) (state (getf attrs :TODO-STATE)) (match t))
-                 (when (and type (not (eq (org-object-type obj) type))) (setf match nil))
-                 (when tag (unless (search tag (format nil "~a" (getf attrs :TAGS)) :test #'string-equal) (setf match nil)))
-                 (when (and todo-state (not (equal state todo-state))) (setf match nil))
-                 (when match (push obj results))))
-             *memory*)
-    results))
-
-(defun context-get-active-projects ()
-  "Returns headlines tagged as 'project' that are not yet marked DONE."
-  (remove-if (lambda (obj) (equal (getf (org-object-attributes obj) :TODO-STATE) "DONE"))
-             (context-query-store :tag "project" :type :HEADLINE)))
-
-(defun context-get-recent-completed-tasks () 
-  "Retrieves recently finished tasks from the store."
-  (context-query-store :todo-state "DONE" :type :HEADLINE))
-
-(defun context-list-all-skills ()
-  "Provides a sorted overview of currently loaded system capabilities."
-  (let ((results nil))
-    (maphash (lambda (name skill)
-               (declare (ignore name))
-               (push (list :name (skill-name skill) :priority (skill-priority skill) :dependencies (skill-dependencies skill)) results))
-             *skills-registry*)
-    (sort results #'> :key (lambda (x) (getf x :priority)))))
-
-(defun context-get-skill-source (skill-name)
-  "Reads the raw literate source of a specific skill for inspection."
-  (let* ((filename (format nil "~a.org" skill-name))
-         (skills-dir-str (or (uiop:getenv "SKILLS_DIR") (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-         (skills-dir (uiop:ensure-directory-pathname (context-resolve-path skills-dir-str)))
-         (full-path (merge-pathnames filename skills-dir)))
-    (if (uiop:file-exists-p full-path) (uiop:read-file-string full-path) nil)))
-
-(defun context-get-system-logs (&optional limit)
-  "Retrieves the most recent lines from the harness's internal log."
-  (let ((log-limit (or limit (ignore-errors (parse-integer (uiop:getenv "CONTEXT_LOG_LIMIT"))) 20)))
-    (bt:with-lock-held (*logs-lock*)
-      (let ((count (min log-limit (length *system-logs*)))) 
-        (subseq *system-logs* 0 count)))))
-
-(defun context-render-to-org (obj &key (depth 1) (foveal-id nil) semantic-threshold (foveal-vector nil))
-  "Recursively renders an org-object and its children to an Org string using a Foveal-Peripheral Hybrid model."
-  (let* ((id (org-object-id obj))
-         (is-foveal (equal id foveal-id))
-         (title (or (getf (org-object-attributes obj) :TITLE) "Untitled"))
-         (content (org-object-content obj))
-         (children (org-object-children obj))
-         (stars (make-string depth :initial-element #\*))
-         (obj-vector (org-object-vector obj))
-         (threshold (or semantic-threshold (ignore-errors (read-from-string (uiop:getenv "CONTEXT_SEMANTIC_THRESHOLD"))) 0.75))
-         (similarity (if (and foveal-vector obj-vector (not is-foveal))
-                         (cosine-similarity foveal-vector obj-vector)
-                         0.0))
-         (is-semantically-relevant (>= similarity threshold))
-         ;; We always render depth 1 and 2 (Projects and main tasks).
-         ;; We always render the foveal node and its immediate children.
-         ;; We render deeper nodes ONLY if they are semantically relevant.
-         (should-render (or (<= depth 2) is-foveal is-semantically-relevant))
-         (output ""))
-    
-    (when should-render
-      (setf output (format nil "~a ~a~%:PROPERTIES:~%:ID: ~a~%" stars title id))
-      (when is-semantically-relevant
-        (setf output (concatenate 'string output (format nil ":SEMANTIC_SCORE: ~,2f~%" similarity))))
-      (setf output (concatenate 'string output (format nil ":END:~%")))
-      
-      ;; Only include full body content if this is the Foveal focus or highly relevant
-      (when (and content (or is-foveal is-semantically-relevant))
-        (setf output (concatenate 'string output content (string #\Newline))))
-      
-      ;; Recursively render children
-      (dolist (child-id children)
-        (let ((child-obj (lookup-object child-id)))
-          (when child-obj
-            ;; If the current node is Foveal, its children should be rendered (depth effectively resets)
-            (let ((next-foveal (if is-foveal child-id foveal-id)))
-              (setf output (concatenate 'string output 
-                                        (context-render-to-org child-obj 
-                                                               :depth (1+ depth) 
-                                                               :foveal-id next-foveal
-                                                               :semantic-threshold threshold
-                                                               :foveal-vector foveal-vector))))))))
-    output))
-
-(defun context-resolve-path (path-string)
-  "Expands environment variables and strips literal quotes from a path string."
-  (let ((path (if (stringp path-string) 
-                  (string-trim '(#\" #\' #\Space) path-string)
-                  path-string)))
-    (if (and (stringp path) (search "$" path))
-        (let ((result path))
-          (ppcre:do-register-groups (var-name) ("\\$([A-Za-z0-9_]+)" path)
-            (let ((var-val (uiop:getenv var-name)))
-              (when var-val
-                (setf result (ppcre:regex-replace (format nil "\\$~a" var-name) result var-val)))))
-          result)
-        path)))
-
-(defun context-assemble-global-awareness (&optional signal)
-  "Produces a high-level skeletal outline of the current Memory for the LLM."
-  (let* ((foveal-id (or (getf signal :foveal-focus) 
-                        (ignore-errors (getf (getf signal :payload) :target-id))))
-         (projects (context-get-active-projects))
-         (output "GLOBAL MEMEX AWARENESS (Peripheral Vision):
-"))
-    (if projects
-        (dolist (project projects)
-          (setf output (concatenate 'string output
-                                    (context-render-to-org project :foveal-id foveal-id))))
-        (setf output (concatenate 'string output "No active projects found.~%")))
-    output))
--- a/library/gen/org-skill-bouncer.lisp
+++ b/library/gen/org-skill-bouncer.lisp
@@ -1,258 +0,0 @@
-(in-package :opencortex)
-
-(defun bouncer-scan-secrets (text)
-  "Scans TEXT for known secrets from the vault.
-
-  RETURNS: The name of the matched secret, or NIL if text is clean.
-
-  This prevents the catastrophic failure mode where the agent
-  accidentally echoes an API key in its response or log output.
-
-  The check uses substring matching (not regex) for reliability.
-  Only secrets longer than 5 characters are checked to avoid
-  false positives on common words."
-
-  (when (and text (stringp text))
-
-    (let ((found-secret nil))
-
-      (maphash (lambda (key val)
-                 ;; Only check secrets of meaningful length
-                 (when (and val (stringp val) (> (length val) 5))
-                   ;; Search for secret value in action text
-                   (when (search val text)
-                     (setf found-secret key))))
-
-               opencortex::*vault-memory*)
-
-      found-secret)))
-
-(defvar *bouncer-network-whitelist*
-  '("api.telegram.org" "matrix.org" "googleapis.com" "openai.com" "anthropic.com")
-  "Domains that the Bouncer considers safe for outbound connections.
-
-  This whitelist should be minimal—only services explicitly configured
-  as gateways. All other outbound connections require approval.")
-
-(defun bouncer-check-network-exfil (cmd)
-  "Detects if CMD attempts to contact an unwhitelisted external host.
-
-  Returns T if the command targets an unknown external host.
-  Returns NIL if the command is clean or only contacts whitelisted hosts.
-
-  The check looks for HTTP/HTTPS/FTP URLs and extracts the domain.
-  If the domain isn't in *bouncer-network-whitelist*, it's flagged."
-
-  (when (and cmd (stringp cmd))
-
-    ;; Look for URL patterns in the command
-    (when (cl-ppcre:scan "(http|https|ftp)://([\\w\\.-]+)" cmd)
-
-      (multiple-value-bind (match regs)
-          (cl-ppcre:scan-to-strings "(http|https|ftp)://([\\w\\.-]+)" cmd)
-
-        (declare (ignore match))
-
-        (let ((domain (aref regs 1)))
-
-          ;; Check if domain is whitelisted
-          (not (some (lambda (safe) (search safe domain))
-                    *bouncer-network-whitelist*)))))))
-
-(defun bouncer-check (action context)
-  "The 5-Vector security gate for high-risk actions.
-
-  Evaluates an action against all security vectors and either:
-  - Returns the action unchanged (pass)
-  - Returns a blocking LOG event (hard block)
-  - Returns an approval-required EVENT (soft block)
-
-  Vector evaluation order:
-  1. Already approved actions pass immediately
-  2. Secret exposure → hard block
-  3. Network exfiltration → approval required
-  4. High-impact targets → approval required
-
-  The context parameter is not used directly but provided for
-  consistency with the skill gate signature."
-
-  (declare (ignore context))
-
-  (let* ((target (getf action :target))
-         (payload (getf action :payload))
-         (text (or (getf payload :text) (getf action :text)))
-         ;; Extract cmd from direct shell or tool-mediated shell call
-         (cmd (or (getf payload :cmd)
-                 (when (and (eq target :tool)
-                           (equal (getf payload :tool) "shell"))
-                   (getf (getf payload :args) :cmd))))
-         (approved (getf action :approved)))
-
-    (cond
-
-      ;; Vector 0: Already approved actions pass through
-      (approved
-       action)
-
-      ;; Vector 1: Secret Exposure (Hard Block)
-      ;; If any vault secret is found in the action text, block immediately
-      ((and text (bouncer-scan-secrets text))
-       (let ((secret-name (bouncer-scan-secrets text)))
-         (harness-log "SECURITY VIOLATION: Blocked potential leak of secret '~a'" secret-name)
-         (list :type :LOG
-               :payload (list :level :error
-                              :text (format nil "Action blocked: Potential exposure of '~a'" secret-name)))))
-
-      ;; Vector 2: Network Exfiltration (Soft Block)
-      ;; Shell commands targeting unknown hosts require approval
-      ((and (or (eq target :shell)
-               (and (eq target :tool)
-                   (equal (getf payload :tool) "shell")))
-            (bouncer-check-network-exfil cmd))
-
-       (harness-log "SECURITY WARNING: External network call detected. Queuing for approval.")
-
-       (list :type :EVENT
-             :payload (list :sensor :approval-required
-                           :action action)))
-
-      ;; Vector 3: High-Impact Targets (Soft Block)
-      ;; Shell execution, file repair, and eval require approval
-      ((or (member target '(:shell))
-          (and (eq target :tool)
-              (member (getf payload :tool) '("shell" "repair-file") :test #'string=))
-          (and (eq target :emacs)
-              (eq (getf payload :action) :eval)))
-
-       (harness-log "SECURITY: High-impact action requires approval: ~a"
-                   (or (getf payload :tool) target))
-
-       (list :type :EVENT
-             :payload (list :sensor :approval-required
-                           :action action)))
-
-      ;; Vector 4: Default pass
-      (t
-       action))))
-
-(defun bouncer-process-approvals ()
-  "Scans the object store for APPROVED flight plans and re-injects them.
-
-  This function is called on every heartbeat, allowing the agent to
-  check for approvals without blocking the main signal pipeline.
-
-  Flight Plan format:
-  - Has TAGS including \"FLIGHT_PLAN\"
-  - Has TODO set to \"APPROVED\"
-  - Has ACTION containing the serialized action plist
-
-  When an approved flight plan is found:
-  1. Deserialize the action from the ACTION attribute
-  2. Mark the action as :approved = t (bypasses security gate)
-  3. Re-inject into the signal pipeline
-  4. Mark the flight plan as DONE
-
-  Returns T if any flight plans were processed."
-
-  (let ((approved-nodes (list-objects-with-attribute :TODO "APPROVED"))
-        (found-any nil))
-
-    (dolist (node approved-nodes)
-
-      (let* ((tags (getf (org-object-attributes node) :TAGS))
-             (action-str (getf (org-object-attributes node) :ACTION)))
-
-        ;; Only process flight plans (not other APPROVED items)
-        (when (and (member "FLIGHT_PLAN" tags :test #'string-equal)
-                  action-str)
-
-          (harness-log "BOUNCER: Found approved flight plan '~a'. Re-injecting..."
-                      (org-object-id node))
-
-          (let ((action (ignore-errors (read-from-string action-str))))
-            (when action
-
-              ;; Mark as approved to bypass the security gate on re-injection
-              (setf (getf action :approved) t)
-
-              ;; Re-inject the action into the signal pipeline
-              (inject-stimulus action)
-
-              ;; Mark the flight plan as done
-              (setf (getf (org-object-attributes node) :TODO) "DONE")
-
-              (setq found-any t))))))
-
-    found-any))
-
-(defun bouncer-create-flight-plan (blocked-action)
-  "Creates an Org node representing a pending flight plan for manual approval.
-
-  BLOCKED-ACTION is the action plist that was intercepted.
-
-  The flight plan node contains:
-  - A title describing the action
-  - TODO set to PLAN (awaiting approval)
-  - TAGS including FLIGHT_PLAN
-  - ACTION attribute containing the serialized action
-
-  The user reviews the flight plan and changes TODO to APPROVED.
-  On the next heartbeat, bouncer-process-approvals will detect
-  the approval and re-inject the action.
-
-  Returns the generated org-id for the flight plan."
-
-  (let ((id (org-id-new)))
-    (harness-log "BOUNCER: Creating flight plan node '~a'..." id)
-
-    ;; Inject a node creation request
-    (list :type :REQUEST
-          :target :emacs
-          :payload (list :action :insert-node
-                        :id id
-                        :attributes (list
-                                     :TITLE "Flight Plan: High-Risk Action"
-                                     :TODO "PLAN"
-                                     :TAGS '("FLIGHT_PLAN")
-                                     :ACTION (format nil "~s" blocked-action)))))
-
-(defun bouncer-deterministic-gate (action context)
-  "Main deterministic gate for the Bouncer skill.
-
-  Handles three types of signals:
-  1. :approval-required - Create a flight plan for the blocked action
-  2. :heartbeat - Process any pending approvals
-  3. otherwise - Run security check on the action
-
-  The trigger is always true (bouncer evaluates all actions)
-  because security cannot be selective."
-
-  (let* ((payload (getf context :payload))
-         (sensor (getf payload :sensor)))
-
-    (case sensor
-
-      ;; Signal type 1: Action was blocked, create flight plan
-      (:approval-required
-       (let* ((blocked-action (getf payload :action)))
-         (bouncer-create-flight-plan blocked-action)))
-
-      ;; Signal type 2: Heartbeat, check for approvals
-      (:heartbeat
-       (bouncer-process-approvals)
-       ;; After processing approvals, still run the security check
-       (if action
-           (bouncer-check action context)
-           action))
-
-      ;; Signal type 3: Normal action, run security check
-      (otherwise
-       (if action
-           (bouncer-check action context)
-           action)))))
-
-(defskill :skill-bouncer
-  :priority 150
-  :trigger (lambda (ctx) (declare (ignore ctx)) t)
-  :probabilistic nil
-  :deterministic #'bouncer-deterministic-gate)
--- a/library/gen/org-skill-cli-gateway.lisp
+++ b/library/gen/org-skill-cli-gateway.lisp
@@ -1,81 +0,0 @@
-(defvar *cli-port* 9105)
-(defvar *cli-server-socket* nil)
-(defvar *cli-server-thread* nil)
-
-(defun execute-cli-action (action context)
-  "Sends a framed message back to the connected CLI client."
-  (let* ((payload (proto-get action :PAYLOAD))
-         (meta (getf context :meta))
-         (stream (getf meta :reply-stream)))
-    (handler-case
-        (if (and stream (open-stream-p stream))
-            (progn
-              (format stream "~a" (frame-message action))
-              (finish-output stream)
-              (format stream "~a" (frame-message '(:TYPE :STATUS :SCRIBE :IDLE :GARDENER :SLEEPING)))
-              (finish-output stream))
-            (harness-log "CLI ERROR: No active or open reply stream for signal."))
-      (error (c) (harness-log "CLI ACTUATOR ERROR: ~a" c)))))
-
-(defun handle-cli-slash-command (cmd stream)
-  (cond
-    ((string= cmd "/exit") (return-from handle-cli-slash-command :exit))
-    (t (format stream "~a" (frame-message (list :TYPE :REQUEST :PAYLOAD (list :ACTION :MESSAGE :TEXT (format nil "Unknown command: ~a" cmd))))))))
-
-(defun handle-cli-client (stream)
-  "Reads framed messages from a CLI client and injects them as stimuli."
-  (harness-log "CLI: Client connected.")
-  (handler-case
-      (progn
-        ;; 1. Send Handshake
-        (format stream "~a" (frame-message (make-hello-message "0.1.0")))
-        (finish-output stream)
-        (format stream "~a" (frame-message '(:TYPE :STATUS :SCRIBE :IDLE :GARDENER :SLEEPING)))
-        (finish-output stream)
-        
-        ;; 2. Communication Loop
-        (loop
-          (let ((msg (read-framed-message stream)))
-            (cond ((eq msg :eof) (return))
-                  ((eq msg :error) (return))
-                  (t (let* ((payload (proto-get msg :payload))
-                            (text (proto-get payload :text))
-                            (meta (proto-get msg :meta)))
-                       (if (and text (stringp text) (char= (char text 0) #\/))
-                           (when (eq (handle-cli-slash-command text stream) :exit) (return))
-                           (progn
-                             ;; Default meta if missing
-                             (unless meta
-                               (setf (getf msg :meta) (list :SOURCE :CLI :SESSION-ID "default")))
-                             (harness-log "CLI: Received input -> ~s" msg)
-                             (inject-stimulus msg :stream stream)))))))))
-    (error (c) (harness-log "CLI CLIENT DISCONNECT: ~a" c)))
-  (harness-log "CLI: Client disconnected."))
-
-(defun start-cli-gateway (&optional (port *cli-port*))
-  "Starts the TCP listener for local CLI clients."
-  (setf *cli-server-socket* (usocket:socket-listen "0.0.0.0" port :reuse-address t))
-  (setf *cli-server-thread*
-        (bt:make-thread
-         (lambda ()
-           (unwind-protect
-                (loop
-                  (let* ((socket (usocket:socket-accept *cli-server-socket*))
-                         (stream (usocket:socket-stream socket)))
-                    (bt:make-thread (lambda () 
-                                      (unwind-protect (handle-cli-client stream)
-                                        (usocket:socket-close socket)))
-                                    :name "opencortex-cli-client-handler")))
-             (usocket:socket-close *cli-server-socket*)))
-         :name "opencortex-cli-gateway"))
-  (harness-log "CLI: Gateway listening on port ~a" port))
-
-(register-actuator :CLI #'execute-cli-action)
-
-(defskill :skill-gateway-cli
-  :priority 200
-  :trigger (lambda (ctx) (declare (ignore ctx)) nil)
-  :probabilistic nil
-  :deterministic (lambda (action ctx) (declare (ignore ctx)) action))
-
-(start-cli-gateway)
--- a/library/gen/org-skill-credentials-vault.lisp
+++ b/library/gen/org-skill-credentials-vault.lisp
@@ -1,82 +0,0 @@
-(defun vault-get-secret (provider &key type)
-  "Retrieves a secret (api-key or session) for a provider.")
-
-(defun vault-set-secret (provider secret &key type)
-  "Securely stores a secret and triggers a Merkle snapshot.")
-
-
-
-(defvar opencortex::*vault-memory* (make-hash-table :test 'equal)
-  "In-memory cache of sensitive credentials.")
-
-(defun vault-mask-string (str)
-  "Returns a masked version of a sensitive string."
-  (if (and str (> (length str) 8))
-      (format nil "~a...~a" (subseq str 0 4) (subseq str (- (length str) 4)))
-      "[REDACTED]"))
-
-(defun vault-get-secret (provider &key (type :api-key))
-  "Retrieves a credential. Type can be :api-key or :session."
-  (let* ((key (format nil "~a-~a" provider type))
-         (val (gethash key opencortex::*vault-memory*)))
-    (if val
-        val
-        ;; Fallback to environment
-        (let ((env-var (case provider
-                         ((:gemini :gemini-api) "GEMINI_API_KEY")
-                         (:openai "OPENAI_API_KEY")
-                         (:anthropic "ANTHROPIC_API_KEY")
-                         (:groq "GROQ_API_KEY")
-                         (:openrouter "OPENROUTER_API_KEY")
-                         (:telegram "TELEGRAM_BOT_TOKEN")
-                         (:signal "SIGNAL_ACCOUNT_NUMBER")
-                         (:matrix-homeserver "MATRIX_HOMESERVER")
-                         (:matrix-token "MATRIX_ACCESS_TOKEN")
-                         (t nil))))
-          (when (and env-var (eq type :api-key))
-            (uiop:getenv env-var))))))
-
-(defun vault-set-secret (provider secret &key (type :api-key))
-  "Securely stores a secret and triggers a Merkle snapshot."
-  (let ((key (format nil "~a-~a" provider type)))
-    (setf (gethash key opencortex::*vault-memory*) secret)
-    (harness-log "VAULT - Updated ~a for ~a. Triggering Merkle snapshot..." type provider)
-    (snapshot-memory)
-    t))
-
-(defun vault-onboard-gemini-web ()
-  "Instructions for the Autonomous Cookie Handshake."
-  (harness-log "--- GEMINI WEB ONBOARDING ---")
-  (harness-log "1. Visit gemini.google.com")
-  (harness-log "2. Run the 'Get Gemini Cookies' Bookmarklet.")
-  (harness-log "   CODE: javascript:(function(){const c=document.cookie.split('; ').reduce((r,v)=>{const [n,val]=v.split('=');r[n]=val;return r},{});const target=['__Secure-1PSID','__Secure-1PSIDTS'];const out=target.map(n=>({name:n,value:c[n]}));prompt('Copy JSON:',JSON.stringify(out));})();")
-  (harness-log "PLATFORM GUIDE: Chrome/Firefox/Safari all support Bookmarklets via 'Add Page' or 'New Bookmark'.")
-  t)
-
-(progn
-  (defskill :skill-credentials-vault
-    :priority 200 ; High priority, foundational
-    :trigger (lambda (ctx) (eq (getf (getf ctx :payload) :sensor) :onboarding-request))
-    :probabilistic nil
-    :deterministic (lambda (action ctx) 
-                (vault-onboard-gemini-web)
-                action)))
-
-#|
-(defpackage :opencortex-vault-tests
-  (:use :cl :fiveam :opencortex))
-(in-package :opencortex-vault-tests)
-
-(def-suite vault-suite :description "Tests for the Credentials Vault.")
-(in-suite vault-suite)
-
-(test test-masking
-  (is (equal "sk-t...-key" (opencortex::vault-mask-string "sk-test-key")))
-  (is (equal "[REDACTED]" (opencortex::vault-mask-string "short"))))
-
-(test test-vault-persistence
-  "Verify that setting a secret triggers a snapshot (mock check)."
-  (let ((old-version (opencortex::org-object-version (gethash "root" *memory*))))
-    (opencortex:vault-set-secret :test "secret-val")
-    (is (> (opencortex::org-object-version (gethash "root" *memory*)) old-version))))
-|#
--- a/library/gen/org-skill-emacs-edit.lisp
+++ b/library/gen/org-skill-emacs-edit.lisp
@@ -1,281 +0,0 @@
-(in-package :opencortex)
-
-(defun emacs-edit-generate-id ()
-  "Generates a unique ID for org-mode headlines.
-Format: 8-char hex + timestamp for uniqueness."
-  (let* ((data (format nil "~a-~a" (get-universal-time) (random 999999)))
-         (digest (ironclad:digest-sequence :sha256 (ironclad:ascii-string-to-byte-array data)))
-         (uuid (ironclad:byte-array-to-hex-string digest)))
-    (subseq uuid 0 8)))
-
-(defun emacs-edit-id-format (id)
-  "Formats ID for org-mode (e.g., 'abc12345')."
-  (if (search "id:" id)
-      id
-      (format nil "id:~a" id)))
-
-(defun emacs-edit-print-headline (ast &key indent-level)
-  "Converts a HEADLINE AST node to org text.
-INDENT-LEVEL is number of leading asterisks."
-  (let ((level (or indent-level 1))
-        (stars (make-string level :initial-element #\*))
-        (title (or (getf (getf ast :properties) :TITLE) ""))
-        (todo (getf (getf ast :properties) :TODO)))
-    (format nil "~a ~a~%~a"
-            stars
-            (if todo (format nil "[~a] " (string-upcase todo)) "")
-            title)))
-
-(defun emacs-edit-print-properties (props)
-  "Converts property list to :PROPERTIES: drawer."
-  (when props
-    (let ((lines (loop for (k v) on props by #'cddr
-                      unless (member k '(:title :todo :created :id))
-                      collect (format nil ":~a:~a" k v))))
-      (when lines
-        (format nil ":PROPERTIES:~%~{~a~^~%~}~%:END:~%"
-                lines)))))
-
-(defun emacs-edit-print-section (ast)
-  "Prints :CONTENT: or description text."
-  (let ((content (getf ast :content)))
-    (when content
-      content)))
-
-(defun emacs-edit-ast-to-org (ast &key (indent-level 1))
-  "Recursively converts an entire org AST back to org text.
-Preserves structure including #+begin_src blocks."
-  (let ((type (getf ast :type))
-        (props (getf ast :properties))
-        (contents (getf ast :contents))
-        (elements (getf ast :elements)))
-    
-    (cond
-      ;; Headline
-      ((eq type :headline)
-       (format nil "~%~a~a~%~a~{~a~}"
-               (emacs-edit-print-headline ast :indent-level indent-level)
-               (emacs-edit-print-properties props)
-               (emacs-edit-print-section ast)
-               (mapcar (lambda (child)
-                         (emacs-edit-ast-to-org child :indent-level (1+ indent-level)))
-                       (or contents elements))))
-      
-      ;; Section (body text)
-      ((eq type :section)
-       (emacs-edit-print-section ast))
-      
-      ;; Plain text / paragraph
-      ((or (eq type :paragraph) (stringp ast))
-       (format nil "~a~%" (if (stringp ast) ast (getf ast :raw-content))))
-      
-      ;; Code block (preserve exactly)
-      ((eq type :src-block)
-       (let ((lang (or (getf ast :language) ""))
-             (code (or (getf ast :value) "")))
-          (format nil "#+begin_src ~a~%~a~%#+end_src~%"
-                 lang code)))
-      
-      ;; Unknown - return as-is
-      (t (format nil "")))))
-
-(defvar *org-parser-cache* (make-hash-table :test 'equal)
-  "Cache for parsed org files.")
-
-(defun emacs-edit-parse-file (file-path)
-  "Parses an org FILE-PATH using existing ingest-ast.
-Returns the parsed AST. Uses cache for performance."
-  (let ((cached (gethash file-path *org-parser-cache*)))
-    (when cached
-      (return-from emacs-edit-parse-file cached)))
-  
-  (let* ((content (uiop:read-file-string file-path))
-         (ast (ingest-ast (list :type :document :raw-content content))))
-    (setf (gethash file-path *org-parser-cache*) ast)
-    ast))
-
-(defun emacs-edit-clear-cache (&optional file-path)
-  "Clears the parser cache. If FILE-PATH provided, clears only that entry."
-  (if file-path
-      (remhash file-path *org-parser-cache*)
-      (clrhash *org-parser-cache*)))
-
-(defun emacs-edit-write-file (file-path ast)
-  "Writes AST back to FILE-PATH, preserving org structure.
-Clears cache after write."
-  (let ((org-text (emacs-edit-ast-to-org ast)))
-    (with-open-file (out file-path :direction :output :if-exists :supersede)
-      (write-string org-text out)))
-  (emacs-edit-clear-cache file-path)
-  (harness-log "EMACS-EDIT: Wrote ~a" file-path))
-
-(defun emacs-edit-add-headline (ast title &key todo properties)
-  "Adds a new headline to AST.
-Returns modified AST."
-  (let ((new-id (emacs-edit-generate-id))
-        (new-props (list :ID new-id
-                        :TITLE title
-                        :TODO (or todo "TODO")
-                        :CREATED (format nil "[~a]" 
-                                       (multiple-value-bind (s mi h d mo y)
-                                           (decode-universal-time (get-universal-time))
-                                         (format nil "~a-~a-~a ~a:~a"
-                                                  y mo d h mi)))))
-        (merged-props (loop for (k v) on properties by #'cddr
-                           collect k collect v)))
-    
-    (setf merged-props (append merged-props new-props))
-    
-    (let ((new-headline (list :type :headline
-                              :properties merged-props
-                              :contents nil
-                              :raw-content title)))
-      (push new-headline (getf ast :contents))
-      ast)))
-
-(defun emacs-edit-find-headline-by-id (ast target-id)
-  "Recursively finds headline with matching :ID: property."
-  (when (eq (getf ast :type) :headline)
-    (let ((props (getf ast :properties)))
-      (when (string= (getf props :ID) target-id)
-        (return-from emacs-edit-find-headline-by-id ast))))
-  
-  (let ((contents (getf ast :contents)))
-    (when contents
-      (dolist (child contents)
-        (let ((found (emacs-edit-find-headline-by-id child target-id)))
-          (when found (return-from emacs-edit-find-headline-by-id found))))))
-  nil)
-
-(defun emacs-edit-find-headline-by-title (ast target-title)
-  "Recursively finds headline with matching title."
-  (when (eq (getf ast :type) :headline)
-    (let ((props (getf ast :properties)))
-      (when (string= (getf props :TITLE) target-title)
-        (return-from emacs-edit-find-headline-by-title ast))))
-  
-  (let ((contents (getf ast :contents)))
-    (when contents
-      (dolist (child contents)
-        (let ((found (emacs-edit-find-headline-by-title child target-title)))
-          (when found (return-from emacs-edit-find-headline-by-title found))))))
-  nil)
-
-(defun emacs-edit-set-property (ast target property value)
-  "Sets PROPERTY=VALUE on headline matching TARGET (ID or title).
-Returns modified AST."
-  (let ((headline (if (search "id:" target)
-                      (emacs-edit-find-headline-by-id ast target)
-                      (emacs-edit-find-headline-by-title ast target))))
-    (when headline
-      (setf (getf (getf headline :properties) property) value)
-      (harness-log "EMACS-EDIT: Set ~a=~a on ~a" property value target)))
-  ast)
-
-(defun emacs-edit-set-todo (ast target new-state)
-  "Sets TODO state on headline matching TARGET.
-NEW-STATE should be 'TODO', 'DONE', 'IN-PROGRESS', etc."
-  (emacs-edit-set-property ast target :TODO new-state)
-  (harness-log "EMACS-EDIT: Set TODO to ~a on ~a" new-state target))
-
-(defun emacs-edit-modify (file-path operation &key params)
-  "Main entry point for org-mode file manipulation.
-OPERATIONS:
-  :read - Parse file to AST, return AST
-  :write - Write AST back to file (AST in params)
-  :add-headline - Add headline (params: :title, :todo, :properties)
-  :set-property - Set property (params: :target, :property, :value)
-  :set-todo - Set TODO (params: :target, :state)"
-  (let ((ast (emacs-edit-parse-file file-path)))
-    
-    (case operation
-      (:read
-       ast)
-      
-      (:write
-       (let ((ast-to-write (getf params :ast)))
-         (emacs-edit-write-file file-path ast-to-write)))
-      
-      (:add-headline
-       (let ((title (getf params :title))
-             (todo (getf params :todo))
-             (properties (getf params :properties)))
-         (emacs-edit-add-headline ast title :todo todo :properties properties)))
-      
-      (:set-property
-       (let ((target (getf params :target))
-             (property (getf params :property))
-             (value (getf params :value)))
-         (emacs-edit-set-property ast target property value)))
-      
-      (:set-todo
-       (let ((target (getf params :target))
-             (state (getf params :state)))
-         (emacs-edit-set-todo ast target state)))
-      
-      (t
-       (harness-log "EMACS-EDIT ERROR: Unknown operation ~a" operation)))))
-
-(def-cognitive-tool :org-read
-  "Reads an org-mode file and parses it to structured AST.
-Use this BEFORE modifying org files to understand their structure."
-  ((:file :type :string :description "Path to the org file"))
-  :body (lambda (args)
-          (let ((file (getf args :file)))
-            (if (uiop:file-exists-p file)
-                (emacs-edit-modify file :read)
-                (list :status :error :reason "File not found")))))
-
-(def-cognitive-tool :org-write
-  "Writes previously parsed AST back to an org file.
-Use this AFTER modifications to save changes."
-  ((:file :type :string :description "Path to the org file")
-   (:ast :type :list :description "The AST to write"))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (ast (getf args :ast)))
-            (emacs-edit-modify file :write :params (list :ast ast))
-            (list :status :success :message (format nil "Wrote ~a" file)))))
-
-(def-cognitive-tool :org-add-headline
-  "Adds a new headline to an org file."
-  ((:file :type :string :description "Path to the org file")
-   (:title :type :string :description "Headline title")
-   (:todo :type :string :description "TODO state (default TODO)")
-   (:properties :type :list :description "Plist of properties"))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (title (getf args :title))
-                (todo (getf args :todo "TODO"))
-                (properties (getf args :properties)))
-            (emacs-edit-modify file :add-headline 
-                             :params (list :title title :todo todo :properties properties))
-            (list :status :success :message (format nil "Added headline: ~a" title)))))
-
-(def-cognitive-tool :org-set-property
-  "Sets a property on an existing headline (by ID or title)."
-  ((:file :type :string :description "Path to the org file")
-   (:target :type :string :description "Headline ID or title")
-   (:property :type :string :description "Property name")
-   (:value :type :string :description "Property value"))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (target (getf args :target))
-                (property (getf args :property))
-                (value (getf args :value)))
-            (emacs-edit-modify file :set-property
-                             :params (list :target target :property property :value value))
-            (list :status :success :message (format nil "Set ~a=~a on ~a" property value target)))))
-
-(def-cognitive-tool :org-set-todo
-  "Sets the TODO state of a headline."
-  ((:file :type :string :description "Path to the org file")
-   (:target :type :string :description "Headline ID or title")
-   (:state :type :string :description "New TODO state (TODO, DONE, etc)"))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (target (getf args :target))
-                (state (getf args :state)))
-            (emacs-edit-modify file :set-todo
-                             :params (list :target target :state state))
-            (list :status :success :message (format nil "Set ~a to ~a" target state)))))
--- a/library/gen/org-skill-engineering-standards.lisp
+++ b/library/gen/org-skill-engineering-standards.lisp
@@ -1,92 +0,0 @@
-(in-package :opencortex)
-
-(defvar *engineering-std-*project-root* nil
-  "Path to the project root for enforcement checks.")
-
-(defun engineering-std-set-project-root (path)
-  (setf *engineering-std-*project-root* (uiop:ensure-directory-pathname path)))
-
-(defstruct engineering-violation
-  (phase nil)
-  (rule nil)
-  (message nil)
-  (severity nil))
-
-(defvar *enforcement-rules*
-  '((:pre-task
-     (:git-clean "Working tree must be clean before modifications")
-     (:skill-queried "Skill catalog should be queried before analysis"))
-    (:during-task
-     (:org-only "Only .org files may be edited; .lisp is generated")
-     (:one-per-block "One definition per src block")
-     (:prose-required "Every block must have preceding prose"))
-    (:post-task
-     (:tests-pass "All tests must pass")
-     (:no-artifacts "No orphaned .bak, .log, .tmp files"))))
-
-(defun verify-git-clean-p (&optional (dir *engineering-std-*project-root*))
-  "Returns T if the git repository at DIR has no uncommitted changes."
-  (when dir
-    (let ((status (uiop:run-program (list "git" "-C" (namestring dir) "status" "--porcelain")
-                                    :output :string
-                                    :ignore-error-status t)))
-      (string= "" (string-trim '(#\Space #\Newline #\Tab) status)))))
-
-(defun check-git-clean (&optional (dir *engineering-std-*project-root*))
-  "Returns violation if git is dirty, nil if clean."
-  (unless (verify-git-clean-p dir)
-    (make-engineering-violation
-     :phase :pre-task
-     :rule :git-clean
-     :message "ENGINEERING STANDARDS VIOLATION: Working tree is dirty. Commit changes before modifying files."
-     :severity :blocker)))
-
-(defun engineering-standards-gate (action context)
-  "The deterministic HARD BLOCK gate for Engineering Standards.
-
-  BLOCKING checks (return :LOG on violation):
-  - Git tree must be clean before file modifications
-
-  WARNING checks (log only):
-  - Skill catalog should be queried first
-
-  Returns modified action, or :LOG/:EVENT on violation."
-  (let* ((payload (getf action :payload))
-         (tool (getf payload :tool))
-         (file (getf payload :file))
-         (code (getf payload :code))
-         (modifies-files-p (or file code tool)))
-
-    ;; BLOCKING: Git clean required for file modifications
-    (when modifies-files-p
-      (let ((git-check (check-git-clean *engineering-std-*project-root*)))
-        (when git-check
-          (harness-log "~a" (engineering-violation-message git-check))
-          (return-from engineering-standards-gate
-            (list :type :log
-                  :payload (list :text (engineering-violation-message git-check)))))))
-
-    action))
-
-(defskill :skill-engineering-standards
-  :priority 1000
-  :trigger (lambda (ctx)
-             (declare (ignore ctx))
-             t)
-  :probabilistic nil
-  :deterministic #'engineering-standards-gate)
-
-(defvar *engineering-std-initialized* nil)
-
-(defun engineering-std-init ()
-  "Initialize the enforcement system with project root."
-  (unless *engineering-std-initialized*
-    (let ((env-root (or (uiop:getenv "OPENCORTEX_ROOT")
-                       (uiop:getenv "MEMEX_DIR")
-                       "/home/user/memex/projects/opencortex")))
-      (engineering-std-set-project-root env-root)
-      (setf *engineering-std-initialized* t)
-      (harness-log "ENGINEERING STANDARDS: Initialized with root ~a" *engineering-std-*project-root*))))
-
-;; Auto-initialize on load
-(engineering-std-init)
--- a/library/gen/org-skill-gardener.lisp
+++ b/library/gen/org-skill-gardener.lisp
@@ -1,68 +0,0 @@
-(in-package :opencortex)
-
-(defvar *gardener-last-audit* 0
-  "The universal-time of the last full Memex audit.")
-
-(defun gardener-find-broken-links ()
-  "Returns a list of broken ID links found in the Memex."
-  (let ((broken nil))
-    (maphash (lambda (id obj)
-               (let ((content (org-object-content obj)))
-                 (when content
-                   (cl-ppcre:do-register-groups (target-id) ("id:([A-Za-z0-9-]+)" content)
-                     (unless (lookup-object target-id)
-                       (push (list :source id :broken-target target-id) broken))))))
-             *memory*)
-    broken))
-
-(defun gardener-find-orphans ()
-  "Returns a list of IDs for headlines that are structurally isolated."
-  (let ((inbound (make-hash-table :test 'equal))
-        (outbound (make-hash-table :test 'equal))
-        (orphans nil))
-    ;; 1. Map all connections
-    (maphash (lambda (id obj)
-               (let ((content (org-object-content obj)))
-                 (when content
-                   (cl-ppcre:do-register-groups (target-id) ("id:([A-Za-z0-9-]+)" content)
-                     (setf (gethash id outbound) t)
-                     (setf (gethash target-id inbound) t)))))
-             *memory*)
-    ;; 2. Identify nodes with zero connections
-    (maphash (lambda (id obj)
-               (declare (ignore obj))
-               (unless (or (gethash id inbound) (gethash id outbound))
-                 (push id orphans)))
-             *memory*)
-    orphans))
-
-(defun gardener-deterministic-gate (action context)
-  "Main gate for the Gardener skill. Audits graph integrity."
-  (declare (ignore action context))
-  (let ((broken (gardener-find-broken-links))
-        (orphans (gardener-find-orphans)))
-    
-    (when (or broken orphans)
-      (harness-log "GARDENER: Audit found ~a broken links and ~a orphans." 
-                   (length broken) (length orphans))
-      
-      (dolist (link broken)
-        (harness-log "  [BROKEN LINK] Node ~a -> ~a" (getf link :source) (getf link :broken-target)))
-      
-      (dolist (orphan orphans)
-        (harness-log "  [ORPHAN] Node ~a is isolated." orphan)))
-    
-    (setf *gardener-last-audit* (get-universal-time))
-    ;; Return a log to stop the loop
-    (list :type :LOG :payload (list :text "Gardener audit complete."))))
-
-(defskill :skill-gardener
-  :priority 40
-  :trigger (lambda (ctx)
-             (let* ((payload (getf ctx :payload))
-                    (sensor (getf payload :sensor)))
-               (and (eq sensor :heartbeat)
-                    ;; Only audit once per day
-                    (> (- (get-universal-time) *gardener-last-audit*) 86400))))
-  :probabilistic nil
-  :deterministic #'gardener-deterministic-gate)
--- a/library/gen/org-skill-homoiconic-memory.lisp
+++ b/library/gen/org-skill-homoiconic-memory.lisp
@@ -1,28 +0,0 @@
-(defun memory-org-to-json (source)
-  "Converts Org-mode source to JSON AST."
-  (declare (ignore source))
-  "")
-
-(defun memory-json-to-org (ast)
-  "Converts JSON AST back to Org-mode text."
-  (declare (ignore ast))
-  "")
-
-(defun memory-normalize-ast (ast)
-  "Recursively ensures ID uniqueness across the AST."
-  (declare (ignore ast))
-  nil)
-
-(defun make-memory-node (headline &key content properties children)
-  "Constructor for a normalized Org node alist."
-  (declare (ignore headline))
-  (list :TYPE :HEADLINE 
-        :PROPERTIES (or properties nil)
-        :CONTENT content 
-        :CONTENTS children))
-
-(defskill :skill-homoiconic-memory
-  :priority 100
-  :trigger (lambda (ctx) (declare (ignore ctx)) nil)
-  :probabilistic nil
-  :deterministic (lambda (action ctx) (declare (ignore ctx)) action))
--- a/library/gen/org-skill-lisp-utils.lisp
+++ b/library/gen/org-skill-lisp-utils.lisp
@@ -1,289 +0,0 @@
-(in-package :opencortex)
-
-(defun count-char (char string)
-  "Counts occurrences of CHAR in STRING.
-Returns an integer count."
-  (let ((count 0))
-    (loop for c across string
-          when (char= c char)
-            do (incf count))
-    count))
-
-(defun deterministic-repair (code)
-  "Attempts instant fixes on broken Lisp code (e.g., balancing parens).
-Returns the fixed code string."
-  (let* ((open-parens (count-char #\( code))
-         (close-parens (count-char #\) code))
-         (diff (- open-parens close-parens)))
-    (if (> diff 0)
-        (concatenate 'string code (make-string diff :initial-element #\)))
-        code)))
-
-(defun neural-repair (code error-message)
-  "Uses the Probabilistic Engine to deeply repair the syntax structure.
-Returns the fixed code string."
-  (let ((prompt (format nil "The following Lisp code failed to parse.
-ERROR: ~a
-CODE: ~a
-MANDATE: Output EXACTLY ONE valid Common Lisp list. Do not explain. Do not use markdown blocks."
-                        error-message code))
-        (system-prompt "You are a Lisp Syntax Repair Actuator. Return only valid, balanced Lisp code."))
-    (let ((repaired (ask-probabilistic prompt :system-prompt system-prompt)))
-      (string-trim '(#\Space #\Newline #\Tab) repaired))))
-
-(defun lisp-utils-check-structural (code-string)
-  "Checks for balanced parens, brackets, and terminated strings.
-Returns (VALUES t nil) if clean, or (VALUES nil reason-string line col)."
-  (let ((stack nil)
-        (in-string nil)
-        (escaped nil)
-        (line 1)
-        (col 0)
-        (last-open-line 1)
-        (last-open-col 0))
-    (dotimes (i (length code-string))
-      (let ((ch (char code-string i)))
-        (cond (escaped (setf escaped nil))
-              ((char= ch #\\) (setf escaped t))
-              (in-string
-               (when (char= ch #\") (setf in-string nil)))
-              ((char= ch #\;)
-               (loop while (and (< i (1- (length code-string)))
-                                (not (char= (char code-string (1+ i)) #\Newline)))
-                     do (incf i))
-               (incf line) (setf col 0))
-              ((char= ch #\")
-               (setf in-string t))
-              ((member ch '(#\( #\[))
-               (push (list (string ch) line col) stack)
-               (setf last-open-line line last-open-col col))
-              ((char= ch #\))
-               (cond ((null stack)
-                      (return-from lisp-utils-check-structural
-                        (values nil (format nil "Unexpected ')' at line ~a, col ~a" line col) line col)))
-                     ((string= (caar stack) "[")
-                      (return-from lisp-utils-check-structural
-                        (values nil (format nil "Mismatched ']' expected at line ~a, col ~a" line col) line col)))
-                     (t (pop stack))))
-              ((char= ch #\])
-               (cond ((null stack)
-                      (return-from lisp-utils-check-structural
-                        (values nil (format nil "Unexpected ']' at line ~a, col ~a" line col) line col)))
-                     ((string= (caar stack) "(")
-                      (return-from lisp-utils-check-structural
-                        (values nil (format nil "Mismatched ')' expected at line ~a, col ~a" line col) line col)))
-                     (t (pop stack))))
-              ((char= ch #\Newline)
-               (incf line) (setf col 0)))
-        (unless (char= ch #\Newline) (incf col))))
-    (if (null stack)
-        (values t nil nil nil)
-        (values nil (format nil "Unbalanced '~a' opened at line ~a, col ~a"
-                            (caar stack) last-open-line last-open-col)
-                last-open-line last-open-col))))
-
-(defun lisp-utils-check-syntactic (code-string)
-  "Checks if the code can be read by SBCL with *read-eval* nil.
-Returns (VALUES t nil) if clean, or (VALUES nil error-message nil nil)."
-  (handler-case
-      (let ((*read-eval* nil))
-        (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-          (loop for form = (read stream nil :eof) until (eq form :eof)))
-        (values t nil nil nil))
-    (error (c)
-      (let ((msg (format nil "~a" c)))
-        (values nil msg nil nil)))))
-
-(defparameter *lisp-utils-whitelist*
-  '(;; Math & Logic
-    + - * / = < > <= >= 1+ 1- min max mod abs floor ceiling round
-    and or not null eq eql equal string= string-equal char= char-equal
-    ;; List Manipulation
-    list cons car cdr cadr cddr cdar caar caddr cdddr append mapcar remove-if remove-if-not
-    length reverse sort nth nthcdr push pop last butlast subseq
-    ;; Plists, Alists, and Hash Tables
-    getf gethash assoc acons pairlis rassoc
-    ;; Control Flow
-    let let* if cond when unless case typecase prog1 progn
-    ;; Strings
-    format concatenate string-downcase string-upcase search subseq replace
-    ;; Type predicates
-    stringp numberp integerp listp symbolp keywordp null
-    ;; Kernel safe symbols
-    opencortex::harness-log
-    opencortex::snapshot-memory opencortex::rollback-memory
-    opencortex::lookup-object opencortex::list-objects-by-type
-    opencortex::ingest-ast opencortex::find-headline-missing-id
-    opencortex::context-query-store opencortex::context-get-active-projects
-    opencortex::context-get-recent-completed-tasks opencortex::context-list-all-skills
-    opencortex::context-get-system-logs opencortex::context-assemble-global-awareness
-    opencortex::org-object-id opencortex::org-object-type opencortex::org-object-attributes
-    opencortex::org-object-content opencortex::org-object-parent-id
-    opencortex::org-object-children opencortex::org-object-version
-    opencortex::org-object-last-sync opencortex::org-object-hash
-    opencortex::org-object-vector
-    ;; Essential macros and special operators
-    declare ignore quote function lambda defun defvar defparameter defmacro
-    ;; Safe I/O
-    with-open-file write-string read-line
-    ;; Package introspection
-    find-package make-package in-package do-external-symbols find-symbol
-    ;; Safe system interaction
-    uiop:run-program uiop:getenv uiop:merge-pathnames* uiop:file-exists-p
-    uiop:directory-exists-p uiop:read-file-string uiop:split-string
-    ;; Time
-    get-universal-time get-internal-real-time sleep
-    ;; Equality
-    equalp = equal eq eql)
-  "Static whitelist of symbols permitted in the Lisp Utils sandbox.")
-
-(defun lisp-utils-ast-walk (form)
-  "Recursively walks the Lisp AST. Returns T if safe, NIL if unsafe."
-  (cond
-    ((or (stringp form) (numberp form) (keywordp form) (characterp form)) t)
-    ((symbolp form)
-     (or (member form *lisp-utils-whitelist* :test #'string-equal)
-         (member (format nil "~a" form) *lisp-utils-whitelist* :test #'string-equal)))
-    ((listp form)
-     (let ((head (car form)))
-       (cond
-         ((eq head 'quote) t)
-         ((not (symbolp head)) nil)
-         ((member head *lisp-utils-whitelist* :test #'string-equal)
-          (every #'lisp-utils-ast-walk (cdr form)))
-         (t
-          (harness-log "LISP UTILS: Blocked call to non-whitelisted function ~a" head)
-          nil))))
-    (t nil)))
-
-(defun lisp-utils-check-semantic (code-string)
-  "Checks if all symbols in CODE-STRING are whitelisted.
-Returns (VALUES t nil) if clean, or (VALUES nil reason-string nil nil)."
-  (handler-case
-      (let ((*read-eval* nil))
-        (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-          (loop for form = (read stream nil :eof)
-                until (eq form :eof)
-                do (unless (lisp-utils-ast-walk form)
-                     (return-from lisp-utils-check-semantic
-                       (values nil "Code contains non-whitelisted symbols." nil nil)))))
-        (values t nil nil nil))
-    (error (c)
-      (values nil (format nil "Semantic check failed: ~a" c) nil nil))))
-
-(defun lisp-utils-validate (code-string &key strict)
-  "Validates Lisp code through structural, syntactic, and optional semantic checks.
-Returns a plist:
-  (:status :success :checks (:structural t :syntactic t :semantic t))
-or
-  (:status :error :failed <check-key> :reason <string> :line <n> :col <n>)
-
-When STRICT is non-nil, the semantic whitelist check is enforced."
-  (let ((structural-ok nil) (syntactic-ok nil) (semantic-ok nil)
-        (reason nil) (line nil) (col nil))
-    ;; Phase 1: Structural
-    (multiple-value-setq (structural-ok reason line col)
-      (lisp-utils-check-structural code-string))
-    (unless structural-ok
-      (return-from lisp-utils-validate
-        (list :status :error :failed :structural :reason reason :line line :col col)))
-    ;; Phase 2: Syntactic
-    (multiple-value-setq (syntactic-ok reason line col)
-      (lisp-utils-check-syntactic code-string))
-    (unless syntactic-ok
-      (return-from lisp-utils-validate
-        (list :status :error :failed :syntactic :reason reason :line line :col col)))
-    ;; Phase 3: Semantic (only when strict)
-    (when strict
-      (multiple-value-setq (semantic-ok reason line col)
-        (lisp-utils-check-semantic code-string))
-      (unless semantic-ok
-        (return-from lisp-utils-validate
-          (list :status :error :failed :semantic :reason reason :line line :col col))))
-    ;; All clear
-    (list :status :success
-          :checks (list :structural t :syntactic t :semantic (or (not strict) semantic-ok)))))
-
-(def-cognitive-tool :validate-lisp
-  "Deterministically validates Lisp code for structural, syntactic, and semantic correctness.
-Use this BEFORE declaring any Lisp code edit complete."
-  ((:code :type :string :description "The Lisp code string to validate.")
-   (:strict :type :boolean :description "If non-nil, enforces the semantic whitelist."))
-  :body (lambda (args)
-          (let ((code (getf args :code))
-                (strict (getf args :strict)))
-            (if (and code (stringp code))
-                (lisp-utils-validate code :strict strict)
-                (list :status :error :reason "Missing :code argument.")))))
-
-(def-cognitive-tool :repair-lisp
-  "Repairs broken Lisp code using deterministic first, then neural escalation."
-  ((:code :type :string :description "The broken Lisp code string")
-   (:error :type :string :description "The error message from parsing failure"))
-  :body (lambda (args)
-          (let ((code (getf args :code))
-                (error-msg (getf args :error)))
-            (if (and code error-msg)
-                (let ((fast-fix (deterministic-repair code)))
-                  (handler-case
-                      (let ((repaired (read-from-string fast-fix)))
-                        (format nil "~a" repaired))
-                    (error ()
-                      (let ((deep-fix (neural-repair code error-msg)))
-                        (handler-case
-                            (let ((repaired (read-from-string deep-fix)))
-                              (format nil "~a" repaired))
-                          (error ()
-                            "REPAIR FAILED"))))))
-                (list :status :error :reason "Missing :code or :error argument.")))))
-
-(defskill :skill-lisp-repair
-  :priority 90
-  :trigger (lambda (ctx) (eq (getf (getf ctx :payload) :sensor) :syntax-error))
-  :probabilistic nil
-  :deterministic (lambda (action context)
-                    (declare (ignore action))
-                    (let* ((payload (getf context :payload))
-                           (code (getf payload :code))
-                           (error-msg (getf payload :error)))
-                      (harness-log "LISP REPAIR: Reacting to syntax error...")
-                      (let ((fast-fix (deterministic-repair code)))
-                        (handler-case
-                            (let ((repaired (read-from-string fast-fix)))
-                              (harness-log "LISP REPAIR: Deterministic repair SUCCESS.")
-                              repaired)
-                          (error ()
-                            (harness-log "LISP REPAIR: Deterministic failed. Escalating to neural...")
-                            (let ((deep-fix (neural-repair code error-msg)))
-                              (handler-case
-                                  (let ((repaired (read-from-string deep-fix)))
-                                    (harness-log "LISP REPAIR: Neural repair SUCCESS.")
-                                    repaired)
-                                (error ()
-                                  (harness-log "LISP REPAIR: Neural repair failed.")
-                                  (list :type :LOG :payload (list :text "Lisp Repair Failed.")))))))))))
-
-(defskill :skill-lisp-validator
-  :priority 900
-  :trigger (lambda (ctx)
-             (let ((candidate (getf ctx :approved-action)))
-               (when candidate
-                 (let ((payload (getf candidate :payload)))
-                   (member (getf payload :action) '(:eval :shell))))))
-  :probabilistic nil
-  :deterministic (lambda (action context)
-                    (declare (ignore context))
-                    (let ((payload (getf action :payload)))
-                      (if (eq (getf payload :action) :eval)
-                          (let* ((code (getf payload :code))
-                                 (result (lisp-utils-validate code :strict t)))
-                            (if (eq (getf result :status) :error)
-                                (progn
-                                  (harness-log "LISP VALIDATOR: Blocked unsafe :eval action. ~a"
-                                               (getf result :reason))
-                                  (list :type :LOG
-                                        :payload (list :level :error
-                                                     :text (format nil "LISP VALIDATOR: Blocked unsafe eval. ~a"
-                                                                   (getf result :reason)))))
-                                action))
-                          action))))
--- a/library/gen/org-skill-lisp-validator.lisp
+++ b/library/gen/org-skill-lisp-validator.lisp
@@ -1,231 +0,0 @@
-(in-package :opencortex)
-
-(defun lisp-validator-check-structural (code-string)
-  "Checks for balanced parens, brackets, and terminated strings.
-Returns (VALUES t nil) if clean, or (VALUES nil reason-string line col)."
-  (let ((stack nil)
-        (in-string nil)
-        (escaped nil)
-        (line 1)
-        (col 0)
-        (last-open-line 1)
-        (last-open-col 0))
-    (dotimes (i (length code-string)
-               (if (null stack)
-                   (values t nil nil nil)
-                   (values nil (format nil "Unbalanced '~a' opened at line ~a, col ~a"
-                                       (caar stack) last-open-line last-open-col)
-                           last-open-line last-open-col)))
-      (let ((ch (char code-string i)))
-        (cond (escaped (setf escaped nil))
-              ((char= ch #\\) (setf escaped t))
-              (in-string
-               (when (char= ch #\") (setf in-string nil)))
-              ((char= ch #\;)
-               ;; Skip to end of line
-               (loop while (and (< i (1- (length code-string)))
-                                (not (char= (char code-string (1+ i)) #\Newline)))
-                     do (incf i))
-               (incf line) (setf col 0))
-              ((char= ch #\")
-               (setf in-string t))
-              ((member ch '(#\( #\[))
-               (push (list (string ch) line col) stack)
-               (setf last-open-line line last-open-col col))
-              ((char= ch #\))
-               (cond ((null stack)
-                      (return-from lisp-validator-check-structural
-                        (values nil (format nil "Unexpected ')' at line ~a, col ~a" line col) line col)))
-                     ((string= (caar stack) "[")
-                      (return-from lisp-validator-check-structural
-                        (values nil (format nil "Mismatched ']' expected at line ~a, col ~a" line col) line col)))
-                     (t (pop stack))))
-              ((char= ch #\])
-               (cond ((null stack)
-                      (return-from lisp-validator-check-structural
-                        (values nil (format nil "Unexpected ']' at line ~a, col ~a" line col) line col)))
-                     ((string= (caar stack) "(")
-                      (return-from lisp-validator-check-structural
-                        (values nil (format nil "Mismatched ')' expected at line ~a, col ~a" line col) line col)))
-                     (t (pop stack))))
-               ((char= ch #\Newline)
-                (incf line) (setf col 0)))
-          (unless (char= ch #\Newline) (incf col))))))
-
-(defun lisp-validator-check-syntactic (code-string)
-  "Checks if the code can be read by SBCL with *read-eval* nil.
-Returns (VALUES t nil) if clean, or (VALUES nil error-message line col)."
-  (handler-case
-      (let ((*read-eval* nil))
-        (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-          (loop for form = (read stream nil :eof) until (eq form :eof)))
-        (values t nil nil nil))
-    (error (c)
-      (let ((msg (format nil "~a" c)))
-        (values nil msg nil nil)))))
-
-(defparameter *lisp-validator-whitelist*
-  '(;; Math & Logic
-    + - * / = < > <= >= 1+ 1- min max mod abs floor ceiling round
-    and or not null eq eql equal string= string-equal char= char-equal
-    ;; List Manipulation
-    list cons car cdr cadr cddr cdar caar caddr cdddr append mapcar remove-if remove-if-not
-    length reverse sort nth nthcdr push pop last butlast subseq
-    ;; Plists, Alists, and Hash Tables
-    getf gethash assoc acons pairlis rassoc
-    ;; Control Flow
-    let let* if cond when unless case typecase prog1 progn
-    ;; Strings
-    format concatenate string-downcase string-upcase search subseq replace
-    ;; Type predicates
-    stringp numberp integerp listp symbolp keywordp null
-    ;; Kernel safe symbols
-    opencortex::harness-log
-    opencortex::snapshot-memory opencortex::rollback-memory
-    opencortex::lookup-object opencortex::list-objects-by-type
-    opencortex::ingest-ast opencortex::find-headline-missing-id
-    opencortex::context-query-store opencortex::context-get-active-projects
-    opencortex::context-get-recent-completed-tasks opencortex::context-list-all-skills
-    opencortex::context-get-system-logs opencortex::context-assemble-global-awareness
-    opencortex::org-object-id opencortex::org-object-type opencortex::org-object-attributes
-    opencortex::org-object-content opencortex::org-object-parent-id
-    opencortex::org-object-children opencortex::org-object-version
-    opencortex::org-object-last-sync opencortex::org-object-hash
-    opencortex::org-object-vector
-    ;; Essential macros and special operators
-    declare ignore quote function lambda defun defvar defparameter defmacro
-    ;; Safe I/O
-    with-open-file write-string read-line
-    ;; Package introspection
-    find-package make-package in-package do-external-symbols find-symbol
-    ;; Safe system interaction
-    uiop:run-program uiop:getenv uiop:merge-pathnames* uiop:file-exists-p
-    uiop:directory-exists-p uiop:read-file-string uiop:split-string
-    ;; Time
-    get-universal-time get-internal-real-time sleep
-    ;; Equality
-    equalp = equal eq eql))
-  "Static whitelist of symbols permitted in the Lisp Validator sandbox."
-
-(defvar *lisp-validator-registry* nil
-  "List of dynamically registered safe symbols.")
-
-(defun lisp-validator-register (symbols)
-  "Adds symbols to the global validator registry."
-  (setf *lisp-validator-registry*
-        (append *lisp-validator-registry*
-                (if (listp symbols) symbols (list symbols))))
-  (harness-log "LISP VALIDATOR: Registered ~a new safe symbols."
-               (length (if (listp symbols) symbols (list symbols)))))
-
-(defun lisp-validator-is-safe (symbol)
-  "Checks if a symbol is in the static whitelist or the dynamic registry."
-  (or (member symbol *lisp-validator-whitelist* :test #'string-equal)
-      (member symbol *lisp-validator-registry* :test #'string-equal)))
-
-(defun lisp-validator-ast-walk (form)
-  "Recursively walks the Lisp AST. Returns T if safe, NIL if unsafe."
-  (cond
-    ;; Self-evaluating objects are safe.
-    ((or (stringp form) (numberp form) (keywordp form) (characterp form)) t)
-    ;; Symbols used as variables (in non-function position)
-    ((symbolp form) (lisp-validator-is-safe form))
-    ;; Lists represent function calls or special forms.
-    ((listp form)
-     (let ((head (car form)))
-       (cond
-         ((eq head 'quote) t)
-         ((not (symbolp head)) nil)
-         ((lisp-validator-is-safe head)
-          (every #'lisp-validator-ast-walk (cdr form)))
-         (t
-          (harness-log "LISP VALIDATOR: Blocked call to non-whitelisted function ~a" head)
-          nil))))
-    (t nil)))
-
-(defun lisp-validator-check-semantic (code-string)
-  "Checks if all symbols in CODE-STRING are whitelisted.
-Returns (VALUES t nil) if clean, or (VALUES nil reason-string nil nil)."
-  (handler-case
-      (let ((*read-eval* nil))
-        (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-          (loop for form = (read stream nil :eof)
-                until (eq form :eof)
-                do (unless (lisp-validator-ast-walk form)
-                     (return-from lisp-validator-check-semantic
-                       (values nil "Code contains non-whitelisted symbols." nil nil)))))
-        (values t nil nil nil))
-    (error (c)
-      (values nil (format nil "Semantic check failed: ~a" c) nil nil))))
-
-(defun lisp-validator-validate (code-string &key strict)
-  "Validates Lisp code through structural, syntactic, and optional semantic checks.
-Returns a plist:
-  (:status :success :checks (:structural t :syntactic t :semantic t))
-or
-  (:status :error :failed <check-key> :reason <string> :line <n> :col <n>)
-
-When STRICT is non-nil, the semantic whitelist check is enforced.
-When STRICT is nil, semantic check is skipped for general validation."
-  (let ((structural-ok nil) (syntactic-ok nil) (semantic-ok nil)
-        (reason nil) (line nil) (col nil))
-    ;; Phase 1: Structural
-    (multiple-value-setq (structural-ok reason line col)
-      (lisp-validator-check-structural code-string))
-    (unless structural-ok
-      (return-from lisp-validator-validate
-        (list :status :error :failed :structural :reason reason :line line :col col)))
-    ;; Phase 2: Syntactic
-    (multiple-value-setq (syntactic-ok reason line col)
-      (lisp-validator-check-syntactic code-string))
-    (unless syntactic-ok
-      (return-from lisp-validator-validate
-        (list :status :error :failed :syntactic :reason reason :line line :col col)))
-    ;; Phase 3: Semantic (only when strict)
-    (when strict
-      (multiple-value-setq (semantic-ok reason line col)
-        (lisp-validator-check-semantic code-string))
-      (unless semantic-ok
-        (return-from lisp-validator-validate
-          (list :status :error :failed :semantic :reason reason :line line :col col))))
-    ;; All clear
-    (list :status :success
-          :checks (list :structural t :syntactic t :semantic (or (not strict) semantic-ok)))))
-
-(def-cognitive-tool :validate-lisp
-  "Deterministically validates Lisp code for structural, syntactic, and semantic correctness.
-Use this BEFORE declaring any Lisp code edit complete."
-  ((:code :type :string :description "The Lisp code string to validate.")
-   (:strict :type :boolean :description "If non-nil, enforces the semantic whitelist."))
-  :body (lambda (args)
-          (let ((code (getf args :code))
-                (strict (getf args :strict)))
-            (if (and code (stringp code))
-                (lisp-validator-validate code :strict strict)
-                (list :status :error :reason "Missing :code argument.")))))
-
-(defskill :skill-lisp-validator
-  :priority 900
-  :trigger (lambda (ctx)
-             ;; Trigger on any eval or shell action, or when validation is explicitly requested
-             (let ((candidate (getf ctx :approved-action)))
-               (when candidate
-                 (let ((payload (getf candidate :payload)))
-                   (member (getf payload :action) '(:eval :shell))))))
-  :probabilistic nil
-  :deterministic (lambda (action context)
-                   (declare (ignore context))
-                   (let ((payload (getf action :payload)))
-                     (if (eq (getf payload :action) :eval)
-                         (let* ((code (getf payload :code))
-                                (result (lisp-validator-validate code :strict t)))
-                           (if (eq (getf result :status) :error)
-                               (progn
-                                 (harness-log "LISP VALIDATOR: Blocked unsafe :eval action. ~a"
-                                              (getf result :reason))
-                                 (list :type :LOG
-                                       :payload (list :level :error
-                                                      :text (format nil "LISP VALIDATOR: Blocked unsafe eval. ~a"
-                                                                    (getf result :reason)))))
-                               action))
-                         action))))
--- a/library/gen/org-skill-literate-programming.lisp
+++ b/library/gen/org-skill-literate-programming.lisp
@@ -1,155 +0,0 @@
-(in-package :opencortex)
-
-(defun literate-check-block-balance (code-string)
-  "Returns T if CODE-STRING has balanced parentheses, brackets, and strings.
-
-   Ignores comments (after ;) and tracks string contents to avoid
-   counting parens inside string literals."
-  (let ((depth 0) (in-string nil) (escaped nil))
-    (dotimes (i (length code-string))
-      (let ((ch (char code-string i)))
-        (cond
-          ;; Escape handling (affects next char only)
-          (escaped (setf escaped nil))
-          ((char= ch #\\) (setf escaped t))
-          ;; String boundaries
-          (in-string (when (char= ch #\") (setf in-string nil)))
-          ((char= ch #\") (setf in-string t))
-          ;; Comment boundaries (skip to end of line)
-          ((char= ch #\;)
-           (loop while (and (< i (1- (length code-string)))
-                           (not (char= (char code-string (1+ i)) #\Newline)))
-                 do (incf i)))
-          ;; Structural parens
-          ((member ch '(#\( #\[)) (incf depth))
-          ((member ch '(#\) #\]))
-           (if (<= depth 0)
-               (return-from literate-check-block-balance
-                 (values nil (format nil "Unexpected close paren at position ~a" i)))
-               (decf depth))))))
-    (if (zerop depth)
-        t
-        (values nil (format nil "Unbalanced parens: depth ~a at end of string" depth)))))
-
-(defun literate-audit-org-file (filepath)
-  "Audits all tangled lisp blocks in an Org file for structural balance.
-
-   Returns a list of imbalance reports, or NIL if all blocks are balanced."
-  (let* ((content (with-open-file (s filepath)
-                    (let ((seq (make-string (file-length s))))
-                      (read-sequence seq s)
-                      seq)))
-         (idx 0)
-         (reports nil)
-         (block-num 0))
-    (loop
-      (let ((pos (search "#+begin_src lisp" content :start2 idx :test #'string-equal)))
-        (when (null pos) (return (nreverse reports)))
-        (let* ((eol (or (position #\Newline content :start pos) (length content)))
-               (header (subseq content pos eol))
-               (header-lower (string-downcase header))
-               (tangle-p (and (search ".lisp" header-lower)
-                             (not (search ":tangle no" header-lower)))))
-          (if (not tangle-p)
-              (setf idx (1+ eol))
-              (let ((end-pos (search "#+end_src" content :start2 eol :test #'string-equal)))
-                (if (null end-pos)
-                    (progn
-                      (push (list :block (incf block-num) :status :missing-end-src) reports)
-                      (return (nreverse reports)))
-                    (let ((raw-block (subseq content (1+ eol) end-pos))
-                          (clean-lines nil))
-                      ;; Strip PROPERTIES drawers and :END: markers
-                      (dolist (line (uiop:split-string raw-block :separator '(#\Newline)))
-                        (let ((trimmed (string-trim '(#\Space #\Tab #\Return) line)))
-                          (when (and (plusp (length trimmed))
-                                     (not (string= (subseq trimmed 0 (min 12 (length trimmed))) ":PROPERTIES:"))
-                                     (not (string= (subseq trimmed 0 (min 5 (length trimmed))) ":END:")))
-                            (push line clean-lines))))
-                      (let ((code (format nil "~{~a~^~%~}" (nreverse clean-lines))))
-                        (multiple-value-bind (ok reason) (literate-check-block-balance code)
-                          (unless ok
-                            (push (list :block (incf block-num)
-                                       :status :unbalanced
-                                       :reason reason
-                                       :code code)
-                                  reports))))
-                      (setf idx (+ end-pos 9)))))))))))
-
-(defvar *tangle-targets*
-  '(("skills/org-skill-engineering-standards.org" . "library/gen/org-skill-engineering-standards.lisp")
-    ("skills/org-skill-literate-programming.org" . "library/gen/org-skill-literate-programming.lisp")
-    ("harness/memory.org" . "library/memory.lisp")
-    ("harness/loop.org" . "library/loop.lisp")
-    ("harness/perceive.org" . "library/perceive.lisp")
-    ("harness/reason.org" . "library/reason.lisp")
-    ("harness/act.org" . "library/act.lisp")
-    ("harness/skills.org" . "library/skills.lisp")
-    ("harness/communication.org" . "library/communication.lisp")))
-
-(defvar *lp-project-root* nil)
-
-(defun lp-set-project-root (path)
-  (setf *lp-project-root* (uiop:ensure-directory-pathname path)))
-
-(defun check-tangle-sync (&optional (root *lp-project-root*))
-  "Returns violation if any tangled .lisp file is newer than its Org source.
-
-This detects direct .lisp edits (which violate the LP workflow)."
-  (when root
-    (dolist (pair *tangle-targets*)
-      (let* ((org-file (merge-pathnames (car pair) root))
-             (lisp-file (merge-pathnames (cdr pair) root))
-             (org-time (ignore-errors (file-write-date org-file)))
-             (lisp-time (ignore-errors (file-write-date lisp-file))))
-        (when (and org-time lisp-time (> lisp-time org-time))
-          (return-from check-tangle-sync
-            (list :type :log
-                  :payload (list :text (format nil "LITERATE PROGRAMMING VIOLATION: ~a is newer than ~a. Edit Org source, not .lisp directly."
-                                               (file-namestring lisp-file) (file-namestring org-file)))))))))
-  nil)
-
-(defskill :skill-literate-programming
-  :priority 1100
-  :trigger (lambda (ctx)
-             (declare (ignore ctx))
-             t)
-  :probabilistic nil
-  :deterministic (lambda (action context)
-                   (declare (ignore context))
-                   (block skill-literate-programming
-                     ;; Check tangle sync before any file modification
-                     (let ((file (and (listp action) (getf action :payload) (getf (getf action :payload) :file))))
-                       (when file
-                         (let ((tangle-check (check-tangle-sync *lp-project-root*)))
-                           (when tangle-check
-                             (return-from skill-literate-programming
-                               (progn
-                                 (harness-log "~a" (getf (getf tangle-check :payload) :text))
-                                 tangle-check))))))
-                     ;; Audit org files for structural balance
-                     (when (and (listp action)
-                                (stringp (getf action :file)))
-                       (let ((file (getf action :file)))
-                         (when (and (search ".org" file)
-                                    (search "skill" file :test #'string-equal))
-                           (let ((issues (literate-audit-org-file file)))
-                             (when issues
-                               (harness-log "LITERATE PROGRAMMING: Structural issues found in ~a: ~a"
-                                            file issues))))))
-                     action)))
-
-(defvar *lp-initialized* nil)
-
-(defun lp-init ()
-  "Initialize the LP system with project root."
-  (unless *lp-initialized*
-    (let ((env-root (or (uiop:getenv "OPENCORTEX_ROOT")
-                        (uiop:getenv "MEMEX_DIR")
-                        "/home/user/memex/projects/opencortex")))
-      (lp-set-project-root env-root)
-      (setf *lp-initialized* t)
-      (harness-log "LITERATE PROGRAMMING: Initialized with root ~a" *lp-project-root*))))
-
-;; Auto-initialize on load
-(lp-init)
--- a/library/gen/org-skill-llama-backend.lisp
+++ b/library/gen/org-skill-llama-backend.lisp
@@ -1,33 +0,0 @@
-(in-package :opencortex)
-
-(defun llama-inference (prompt system-prompt &key (model "local-model"))
-  "Sends a completion request to the local llama.cpp server."
-  (let ((endpoint (uiop:getenv "LLAMACPP_ENDPOINT")))
-    (unless endpoint
-      (harness-log "LLAMA ERROR: LLAMACPP_ENDPOINT not set in environment.")
-      (return-from llama-inference (list :error "LLAMACPP_ENDPOINT_MISSING")))
-
-    (handler-case
-        (let* ((full-prompt (format nil "System: ~a~%User: ~a~%Assistant:" system-prompt prompt))
-               (payload (cl-json:encode-json-to-string 
-                         `((:prompt . ,full-prompt)
-                           (:n_predict . 1024)
-                           (:stop . ("User:" "System:")))))
-               (response (dex:post (format nil "~a/completion" endpoint)
-                                   :content payload
-                                   :headers '(("Content-Type" . "application/json"))))
-               (data (cl-json:decode-json-from-string response)))
-          (cdr (assoc :content data)))
-      (error (c)
-        (harness-log "LLAMA ERROR: Connection failed -> ~a" c)
-        (list :error (format nil "~a" c))))))
-
-(progn
-  (register-probabilistic-backend :llama #'llama-inference)
-  (harness-log "LLAMA: Local backend registered and active."))
-
-(defskill :skill-llama-backend
-  :priority 50
-  :trigger (lambda (ctx) (declare (ignore ctx)) nil) ; Pure infrastructure skill
-  :probabilistic nil
-  :deterministic (lambda (action ctx) (declare (ignore ctx)) action))
--- a/library/gen/org-skill-llm-gateway.lisp
+++ b/library/gen/org-skill-llm-gateway.lisp
@@ -1,128 +0,0 @@
-(defun get-nested (alist &rest keys)
-  "Recursively extracts nested values from an alist, handling both objects and arrays."
-  (let ((val alist))
-    (dolist (k keys)
-      ;; Descend into arrays (cl-json style: ((key . val)) or ( ( (key . val) ) ))
-      (loop while (and (listp val) (listp (car val)) (not (keywordp (caar val))))
-            do (setf val (car val)))
-      (let ((pair (or (assoc k val)
-                      (assoc (intern (string-upcase (string k)) :keyword) val)
-                      (assoc (intern (string-downcase (string k)) :keyword) val))))
-        (if pair
-            (setf val (cdr pair))
-            (return-from get-nested nil))))
-    val))
-
-(defun execute-llm-request (prompt system-prompt &key provider model)
-  "Unified entry point for all LLM providers. Respects the global cascade."
-  (let* ((active-provider (or provider (car opencortex::*provider-cascade*) :openrouter))
-         (api-key (vault-get-secret active-provider :type :api-key))
-         (full-prompt (format nil "~a~%~%Prompt: ~a" system-prompt prompt)))
-
-    (harness-log "PROBABILISTIC ENGINE: Requesting ~a (Model: ~s)" 
-                active-provider (or model "default"))
-
-    ;; If the specifically requested provider has no key, try falling back to the cascade
-    (when (or (null api-key) (string= api-key ""))
-       (harness-log "GATEWAY: Provider ~a has no key. Cascade fallback would trigger here." active-provider)
-       (return-from execute-llm-request (list :status :error :message "API Key missing.")))
-
-    (case active-provider
-      (:gemini-web
-       (let ((res (uiop:symbol-call :opencortex.skills.org-skill-web-research :ask-gemini-web full-prompt)))
-         (if res (list :status :success :content res) (list :status :error :message "Web Research Failure"))))
-      
-      (:ollama
-       (let* ((host (or (uiop:getenv "OLLAMA_HOST") "localhost:11434"))
-              (url (format nil "http://~a/api/generate" host))
-              (body (cl-json:encode-json-to-string `((model . ,(or model "llama3")) (prompt . ,full-prompt) (stream . :false)))))
-         (handler-case 
-             (progn
-               (harness-log "LLM DEBUG: Requesting Ollama...")
-               (let* ((response (dex:post url :headers '(("Content-Type" . "application/json")) :content body :connect-timeout 5 :read-timeout 60))
-                      (json (cl-json:decode-json-from-string response)))
-                 (list :status :success :content (cdr (assoc :response json)))))
-           (error (c) (list :status :error :message (format nil "Ollama Failure: ~a" c))))))
-
-      (t ;; Cloud Providers (Anthropic, Gemini API, Groq, OpenAI, OpenRouter)
-       (let* ((endpoint (case active-provider
-                          (:anthropic "https://api.anthropic.com/v1/messages")
-                          (:gemini-api (format nil "https://generativelanguage.googleapis.com/v1/models/~a:generateContent" (or model "gemini-1.5-flash-latest")))
-                          (:groq "https://api.groq.com/openai/v1/chat/completions")
-                          (:openai "https://api.openai.com/v1/chat/completions")
-                          (:openrouter "https://openrouter.ai/api/v1/chat/completions")))
-              (headers (case active-provider
-                         (:anthropic `(("Content-Type" . "application/json") ("x-api-key" . ,api-key) ("anthropic-version" . "2023-06-01")))
-                         (:gemini-api `(("Content-Type" . "application/json") ("x-goog-api-key" . ,api-key)))
-                         (:openrouter `(("Content-Type" . "application/json") ("Authorization" . ,(format nil "Bearer ~a" api-key)) 
-                                        ("HTTP-Referer" . "https://github.com/amr/opencortex") ("X-Title" . "opencortex Autonomous Kernel")))
-                         (t `(("Content-Type" . "application/json") ("Authorization" . ,(format nil "Bearer ~a" api-key))))))
-              (body (case active-provider
-                      (:anthropic (cl-json:encode-json-to-string `((model . ,(or model "claude-3-5-sonnet-20240620")) (max_tokens . 4096) (system . ,system-prompt) (messages . (( (role . "user") (content . ,prompt) ))))))
-                      (:gemini-api (cl-json:encode-json-to-string `((contents . (((parts . (((text . ,full-prompt))))))))))
-                      (t (cl-json:encode-json-to-string `((model . ,(or model (case active-provider (:groq "llama-3.3-70b-versatile") (t "google/gemini-2.0-flash-001"))))
-                                                         (messages . (( (role . "system") (content . ,system-prompt) ) ( (role . "user") (content . ,prompt) )))))))))
-         (handler-case 
-             (progn
-               (harness-log "LLM DEBUG: Requesting ~a..." active-provider)
-               (let* ((response (dex:post endpoint :headers headers :content body :connect-timeout 10 :read-timeout 30))
-                      (json (cl-json:decode-json-from-string response)))
-                 (let ((content (case active-provider
-                                  (:anthropic (get-nested json :content :text))
-                                  (:gemini-api (get-nested json :candidates :parts :text))
-                                  (t (get-nested json :choices :message :content)))))
-                   (if content
-                       (list :status :success :content content)
-                       (list :status :error :message (format nil "Failed to parse ~a response structure." active-provider))))))
-           (error (c) (list :status :error :message (format nil "LLM Gateway Failure (~a): ~a" active-provider c)))))))))
-
-;; Initialize Cascade
-(let* ((env-cascade (uiop:getenv "PROVIDER_CASCADE"))
-       (default-list '(:openrouter :openai :anthropic :groq :gemini-api :ollama))
-       (final-list (if (and env-cascade (not (string= env-cascade "")))
-                       (mapcar (lambda (s) (intern (string-upcase (string-trim '(#\Space) s)) :keyword))
-                               (uiop:split-string env-cascade :separator '(#\,)))
-                       default-list)))
-  (setf opencortex::*provider-cascade* final-list)
-  (opencortex:harness-log "PROBABILISTIC: Neural Cascade Initialized -> ~a" final-list))
-
-;; Register Providers
-(dolist (p '(:anthropic :gemini-api :gemini-web :groq :ollama :openrouter :openai))
-  (opencortex:register-probabilistic-backend p (lambda (prompt system-prompt &key model)
-                                        (execute-llm-request prompt system-prompt :provider p :model model))))
-
-(def-cognitive-tool :get-ollama-embedding
-  "Generates vector embeddings via Ollama API for semantic search."
-  ((text :type :string :description "Text to embed."))
-  :body (lambda (args)
-          (let* ((text (getf args :text))
-                 (host (or (uiop:getenv "OLLAMA_HOST") "localhost:11434"))
-                 (url (format nil "http://~a/api/embeddings" host))
-                 (model (or (uiop:getenv "OLLAMA_EMBEDDING_MODEL") "nomic-embed-text"))
-                 (body (cl-json:encode-json-to-string `((model . ,model) (prompt . ,text)))))
-            (handler-case
-                (let* ((response (dex:post url :headers '(("Content-Type" . "application/json")) :content body :connect-timeout 5 :read-timeout 30))
-                       (json (cl-json:decode-json-from-string response)))
-                  (let ((embedding (cdr (assoc :embedding json))))
-                    (if embedding
-                        (list :status :success :vector embedding)
-                        (list :status :error :message "No embedding in response"))))
-              (error (c) (list :status :error :message (format nil "Ollama Embedding Failure: ~a" c)))))))
-
-(def-cognitive-tool :ask-llm 
-  "Queries an LLM provider via the unified gateway."
-  ((:prompt :type :string :description "The user prompt.")
-   (:system-prompt :type :string :description "The system instructions.")
-   (:provider :type :keyword :description "Optional specific provider.")
-   (:model :type :string :description "Optional specific model ID."))
-  :body (lambda (args)
-          (execute-llm-request (getf args :prompt) 
-                               (or (getf args :system-prompt) "You are a helpful assistant.")
-                               :provider (getf args :provider)
-                               :model (getf args :model))))
-
-(defskill :skill-llm-gateway
-  :priority 150
-  :trigger (lambda (context) (declare (ignore context)) nil)
-  :probabilistic (lambda (context) (declare (ignore context)) nil)
-  :deterministic (lambda (action context) (declare (ignore context)) action))
--- a/library/gen/org-skill-peripheral-vision.lisp
+++ b/library/gen/org-skill-peripheral-vision.lisp
@@ -1,76 +0,0 @@
-(defun context-render-to-org (obj &key depth foveal-id semantic-threshold foveal-vector)
-  "Recursively renders an org-object with foveal-peripheral pruning.")
-
-(defun context-assemble-global-awareness (&optional signal)
-  "Assembles the full context block for a neural request.")
-
-(defun context-render-to-org (obj &key (depth 1) (foveal-id nil) (semantic-threshold 0.75) (foveal-vector nil))
-  "Recursively renders an org-object and its children to an Org string using a Foveal-Peripheral Hybrid model."
-  (let* ((id (org-object-id obj))
-         (is-foveal (equal id foveal-id))
-         (title (or (getf (org-object-attributes obj) :TITLE) "Untitled"))
-         (content (org-object-content obj))
-         (children (org-object-children obj))
-         (stars (make-string depth :initial-element #\*))
-         (obj-vector (org-object-vector obj))
-         (similarity (if (and foveal-vector obj-vector (not is-foveal))
-                         (cosine-similarity foveal-vector obj-vector)
-                         0.0))
-         (is-semantically-relevant (>= similarity semantic-threshold))
-         ;; We always render depth 1 and 2 (Projects and main tasks).
-         ;; We always render the foveal node and its immediate children.
-         ;; We render deeper nodes ONLY if they are semantically relevant.
-         (should-render (or (<= depth 2) is-foveal is-semantically-relevant))
-         (output ""))
-    
-    (when should-render
-      (setf output (format nil "~a ~a~%:PROPERTIES:~%:ID: ~a~%" stars title id))
-      (when (and is-semantically-relevant (> similarity 0))
-        (setf output (concatenate 'string output (format nil ":SEMANTIC_SCORE: ~,2f~%" similarity))))
-      (setf output (concatenate 'string output (format nil ":END:~%")))
-      
-      ;; Only include full body content if this is the Foveal focus or highly relevant
-      (when (and content (or is-foveal is-semantically-relevant))
-        (setf output (concatenate 'string output content (string #\Newline))))
-      
-      ;; Recursively render children
-      (dolist (child-id children)
-        (let ((child-obj (lookup-object child-id)))
-          (when child-obj
-            ;; If the current node is Foveal, its children should be rendered (depth effectively resets)
-            (let ((next-foveal (if is-foveal child-id foveal-id)))
-              (setf output (concatenate 'string output 
-                                        (context-render-to-org child-obj 
-                                                               :depth (1+ depth) 
-                                                               :foveal-id next-foveal
-                                                               :semantic-threshold semantic-threshold
-                                                               :foveal-vector foveal-vector))))))))
-    output))
-
-(defun context-assemble-global-awareness (&optional signal)
-  "Produces a high-level skeletal outline of the current Memory for the LLM."
-  (let* ((payload (when signal (getf signal :payload)))
-         (foveal-id (when payload (getf payload :target-id)))
-         (foveal-vector (when foveal-id (org-object-vector (lookup-object foveal-id))))
-         (projects (context-get-active-projects))
-         (output "GLOBAL MEMEX AWARENESS (Peripheral Vision):
-"))
-    (if projects
-        (dolist (project projects)
-          (setf output (concatenate 'string output
-                                    (context-render-to-org project 
-                                                           :foveal-id foveal-id 
-                                                           :foveal-vector foveal-vector))))
-        (setf output (concatenate 'string output "No active projects found.~%")))
-    output))
-
-(defskill :skill-peripheral-vision
-  :priority 90
-  :dependencies ("org-skill-embedding")
-  :trigger (lambda (ctx) (member (getf (getf ctx :payload) :sensor) '(:perceive :context-refresh)))
-  :probabilistic nil
-  :deterministic (lambda (action ctx)
-              (declare (ignore action ctx))
-              ;; This skill primarily provides the context-assemble-global-awareness function
-              ;; used by the probabilistic-gate, rather than handling specific actions.
-              nil))
--- a/library/gen/org-skill-policy.lisp
+++ b/library/gen/org-skill-policy.lisp
@@ -1,404 +0,0 @@
-(in-package :opencortex)
-
-(defvar *policy-invariant-priorities*
-  '((:transparency . 500)
-    (:autonomy . 400)
-    (:bloat . 300)
-    (:modularity . 250)
-    (:mentorship . 200)
-    (:sustainability . 100))
-  "Priority alist for policy invariant conflict resolution.
-Higher numbers take precedence.
-
-When two invariants conflict, the higher priority wins.
-Example: Modularity (250) takes precedence over Mentorship (200),
-meaning a change that would fatten the harness is blocked
-even if it would be educational.")
-
-(defun policy-check-transparency (action context)
-  "Ensures the action is inspectable and user-facing actions carry an explanation.
-
-  TRANSPARENCY CHECK:
-  1. Action must be a valid plist (not opaque data)
-  2. User-facing actions (:cli, :tui, :emacs) must include :explanation
-  3. Heartbeat and handshake messages are exempt (they're system status)
-
-  Returns the action if clean, or a blocking LOG event if violated."
-
-  (declare (ignore context))
-
-  ;; Check 1: Action must be a valid plist
-  (unless (listp action)
-    (return-from policy-check-transparency
-      (list :type :LOG
-            :payload (list :level :error
-                           :text "POLICY [Transparency]: Action is not a valid plist. Rejected."))))
-
-  (let* ((payload (getf action :payload))
-         (target (or (getf action :target) (getf action :TARGET)))
-         (explanation (or (getf payload :explanation)
-                          (getf payload :EXPLANATION)
-                          (getf payload :rationale)
-                          (getf payload :RATIONALE))))
-
-    ;; Check 2: User-facing actions require explanation
-    (when (and (member target '(:cli :tui :emacs :EMACS :CLI :TUI))
-               (not explanation)
-               (not (member (getf payload :action)
-                            '(:handshake :heartbeat :status-update))))
-      (return-from policy-check-transparency
-        (list :type :LOG
-              :payload (list :level :error
-                             :text "POLICY [Transparency]: User-facing action missing :explanation. Blocked.")))))
-
-  action))
-
-(defvar *proprietary-domain-watchlist*
-  '("googleapis.com" "api.openai.com" "anthropic.com" "api.groq.com" "openrouter.ai")
-  "Domains representing centralized, proprietary control.
-
-  Actions targeting these are logged as autonomy debt, not hard-blocked.
-  This is because tactical gateway usage (Telegram, Signal, OpenRouter)
-  is permitted under the strategic mandate for autonomy.
-
-  Strategic goal: Replace all proprietary APIs with local alternatives.
-  Tactical reality: Use what's available while building toward that goal.")
-
-(defun policy-scan-proprietary-references (action)
-  "Scans ACTION text fields for proprietary domain references.
-
-  Searches in:
-  - :text and :TEXT in payload
-  - :cmd and :CMD in payload
-  - :cmd in args (for shell tool calls)
-
-  Returns the first matched domain, or NIL if clean."
-
-  (let* ((payload (getf action :payload))
-         (text (or (getf payload :text) (getf payload :TEXT) ""))
-         (cmd (or (getf payload :cmd)
-                 (getf payload :CMD)
-                 (when (equal (getf payload :tool) "shell")
-                   (getf (getf payload :args) :cmd))
-                 ""))
-         (haystack (concatenate 'string text cmd)))
-
-    (dolist (domain *proprietary-domain-watchlist* nil)
-      (when (search domain haystack)
-        (return domain)))))
-
-(defun policy-check-autonomy (action context)
-  "Flags actions that reference proprietary domains.
-
-  Does NOT block the action—this is a warning, not a veto.
-  The agent can use proprietary services tactically, but must
-  be aware that each usage is a step away from full autonomy.
-
-  Returns a warning LOG if proprietary reference detected,
-  or the original action if clean."
-
-  (declare (ignore context))
-
-  (let ((domain (policy-scan-proprietary-references action)))
-
-    (if domain
-        (progn
-          (harness-log "POLICY [Autonomy]: Detected proprietary reference '~a'. Flagged for replacement." domain)
-          ;; Return a warning log but DO NOT block the action
-          (list :type :LOG
-                :payload (list :level :warn
-                               :text (format nil "Autonomy Debt: Action references proprietary domain '~a'. Consider a local alternative." domain)
-                               :original-action action)))
-
-        action)))
-
-(defvar *policy-max-skill-size-chars* 50000
-  "Maximum recommended size for a skill file tangled from an Org note.
-
-  This is a soft limit—the check warns but does not block.
-  A large, well-documented skill is acceptable; a small, poorly-documented
-  one that adds unnecessary complexity is not.")
-
-(defun policy-check-bloat (action context)
-  "Warns if a :create-skill action exceeds the bloat threshold.
-
-  Size alone is not proof of complexity—a 50KB skill that's well-designed
-  is better than a 5KB skill that's spaghetti. This check flags for review,
-  not automatic rejection.
-
-  Returns a warning LOG if threshold exceeded, or original action if clean."
-
-  (declare (ignore context))
-
-  (let* ((payload (getf action :payload))
-         (act (getf payload :action))
-         (content (getf payload :content)))
-
-    (when (and (eq act :create-skill)
-               (stringp content)
-               (> (length content) *policy-max-skill-size-chars*))
-
-      (harness-log "POLICY [Bloat]: Proposed skill is ~a chars. Exceeds ~a char threshold."
-                   (length content) *policy-max-skill-size-chars*)
-
-      (return-from policy-check-bloat
-        (list :type :LOG
-              :payload (list :level :warn
-                             :text (format nil "Bloat Warning: Proposed skill (~a chars) exceeds ~a char threshold. Review for earned complexity."
-                                          (length content) *policy-max-skill-size-chars*)
-                             :original-action action))))
-
-  action))
-
-(defvar *modularity-protected-paths*
-  '("harness/" "opencortex.asd")
-  "Paths that constitute the unbreakable core of the system.
-
-  Any action targeting these paths must include a :modularity-justification
-  explaining why the change cannot be implemented as a skill.
-
-  The Thin Harness principle: What belongs in the harness?
-  - Core signal processing (Perceive-Reason-Act loop)
-  - Memory and persistence primitives
-  - Protocol definition and validation
-  - Skills register and dispatch
-
-  What belongs in skills?
-  - Policy and security
-  - LLM integration
-  - Domain-specific functionality
-  - New actuators")
-
-(defun policy-check-modularity (action context)
-  "Blocks modifications to the system's protected core unless justified.
-
-  MODULARITY CHECK:
-  1. If the action targets a protected path
-  2. And no :modularity-justification is provided
-  3. Then block with an explanation
-
-  The justification should explain WHY the change cannot be a skill.
-  Common valid reasons:
-  - The change fixes a bug in the harness itself
-  - The change adds a primitive that skills cannot implement
-  - The change is required for security hardening
-
-  Invalid reasons:
-  - 'It's easier to modify the harness'
-  - 'Skills are too slow'
-  - 'I want to keep it all in one place'"
-
-  (declare (ignore context))
-
-  (let* ((payload (getf action :payload))
-         (target-file (or (getf payload :file)
-                         (getf payload :filename)))
-         (justification (or (getf payload :modularity-justification)
-                            (getf payload :MODULARITY-JUSTIFICATION))))
-
-    (when (and target-file
-               (some (lambda (path) (search path target-file))
-                    *modularity-protected-paths*)
-               (not justification))
-
-      (return-from policy-check-modularity
-        (list :type :LOG
-              :payload (list :level :error
-                             :text "POLICY [Modularity]: Modification to protected core path blocked. Provide :modularity-justification explaining why this cannot be a skill."
-                             :blocked-path target-file))))
-
-  action))
-
-(defvar *mentorship-required-actions*
-  '(:create-skill :eval :modify-file :write-file :replace
-    :rename-file :delete-file :shell :create-note)
-  "Actions that trigger the Mentorship invariant.
-
-  These are high-impact actions that should come with explanations
-  not just for the user, but for future debugging and maintenance.")
-
-(defun policy-check-mentorship (action context)
-  "Blocks high-impact actions that lack a mentorship note.
-
-  MENTORSHIP CHECK:
-  1. If the action is in *mentorship-required-actions*
-  2. Or if the action calls shell/eval/repair-file tools
-  3. Then require :mentorship-note explaining what and why
-
-  The mentorship note should be:
-  - Concise (1-2 sentences)
-  - Educational (explain the principle, not just the action)
-  - Actionable (help the user understand the outcome)"
-
-  (declare (ignore context))
-
-  (let* ((payload (getf action :payload))
-         (act (or (getf payload :action)
-                 (getf action :action)))
-         (note (or (getf payload :mentorship-note)
-                  (getf payload :MENTORSHIP-NOTE)))
-         (target (or (getf action :target)
-                    (getf action :TARGET)))
-         (tool (when (eq target :tool)
-                (getf payload :tool))))
-
-    (when (or (member act *mentorship-required-actions*)
-              (member tool '("shell" "eval" "repair-file")))
-
-      (unless note
-        (return-from policy-check-mentorship
-          (list :type :LOG
-                :payload (list :level :error
-                               :text "POLICY [Mentorship]: High-impact action missing :mentorship-note. Explain what you are doing and why. Blocked.")))))
-
-  action))
-
-(defvar *cloud-only-backends* '(:openrouter :openai :anthropic :groq :gemini-api)
-  "Backends requiring internet connection and external infrastructure.
-
-  These are acceptable as fallbacks when local inference is unavailable,
-  but should be logged as sustainability debt for tracking purposes.")
-
-(defun policy-check-sustainability (action context)
-  "Logs sustainability debt when action relies on cloud-only infrastructure.
-
-  Does NOT block—this is informational, not prohibitive.
-  Cloud usage is acceptable tactically (when local models fail),
-  but every cloud usage should be a conscious decision, not a default."
-
-  (let* ((payload (getf context :payload))
-         (backend (getf payload :backend))
-         (provider (getf payload :provider)))
-
-    (when (or (member backend *cloud-only-backends*)
-              (member provider *cloud-only-backends*))
-
-      (harness-log "POLICY [Sustainability]: Cloud provider '~a' used. Logged as sustainability debt."
-                   (or backend provider))
-
-      (return-from policy-check-sustainability
-        (list :type :LOG
-              :payload (list :level :warn
-                             :text (format nil "Sustainability Debt: Reliance on cloud provider '~a'. Consider Ollama or local inference."
-                                          (or backend provider))))))
-
-  action)))
-
-(defun policy-explain (invariant-key message &optional original-action)
-  "Formats a policy decision into an auditable explanation plist.
-
-  INVARIANT-KEY is one of:
-    :transparency, :autonomy, :bloat, :modularity, :mentorship, :sustainability
-
-  MESSAGE is a human-readable string explaining the decision.
-
-  ORIGINAL-ACTION is the action that was blocked or modified.
-
-  Returns a REQUEST plist addressed to the original source,
-  containing the explanation and original action for transparency."
-
-  (list :type :REQUEST
-        :target (or (ignore-errors
-                    (getf (getf original-action :meta) :source))
-                   :cli)
-        :payload (list :action :message
-                       :text (format nil "[POLICY ~a] ~a" invariant-key message)
-                       :explanation (format nil "Invariant: ~a | Rationale: ~a"
-                                            invariant-key message)
-                       :original-action original-action)))
-
-(defun policy-run-invariant-checks (action context)
-  "Runs all invariant checks in priority order.
-
-  Priority order (from *policy-invariant-priorities*):
-  1. Transparency (500) - blocks non-transparent actions
-  2. Autonomy (400) - warns on proprietary dependencies
-  3. Bloat (300) - warns on oversized skills
-  4. Modularity (250) - blocks unprotected core modifications
-  5. Mentorship (200) - blocks unexplained high-impact actions
-  6. Sustainability (100) - warns on cloud dependencies
-
-  Returns:
-  - The final action (possibly modified by checks)
-  - A blocking LOG event (if any check returned :error level)
-  - A warning wrapper (if checks returned :warn level but no blocks)"
-
-  (let ((checks '(policy-check-transparency
-                  policy-check-autonomy
-                  policy-check-bloat
-                  policy-check-modularity
-                  policy-check-mentorship
-                  policy-check-sustainability)))
-
-    (dolist (check-fn checks action)
-      (let ((result (funcall check-fn action context)))
-
-        ;; If the check returned a LOG/EVENT, interpret it
-        (when (and (listp result)
-                   (member (getf result :type) '(:LOG :EVENT)))
-
-          (let ((level (getf (getf result :payload) :level)))
-
-            (cond
-              ;; Hard block: error level stops processing immediately
-              ((eq level :error)
-               (return-from policy-run-invariant-checks result))
-
-              ;; Soft warning: log but continue with original action
-              (t
-               (harness-log "~a" (getf (getf result :payload) :text)))))))))
-
-  action))
-
-(defun policy-find-engineering-standards-gate ()
-  "Searches for the Engineering Standards gate across known jailed package names.
-
-  The standards skill may be in opencortex-contrib submodule,
-  so we search multiple possible package names with graceful fallback.
-
-  Returns the function symbol, or NIL if unavailable."
-
-  (dolist (pkg-name '(:opencortex.skills.org-skill-engineering-standards
-                      :opencortex.skills.org-skill-engineering
-                      :opencortex.skills.engineering-standards)
-           nil)
-
-    (let ((pkg (find-package pkg-name)))
-      (when pkg
-        (let ((sym (find-symbol "ENGINEERING-STANDARDS-GATE" pkg)))
-          (when (and sym (fboundp sym))
-            (return (symbol-function sym))))))))
-
-(defun policy-deterministic-gate (action context)
-  "The main policy gate entry point.
-
-  This function is registered as the deterministic-fn for the policy skill.
-  It runs invariant checks, then delegates to engineering standards if loaded.
-
-  IMPORTANT: Never returns NIL silently. Always returns either:
-  - An action (possibly modified)
-  - A blocking LOG event with explanation
-  - A warning wrapper with explanation"
-
-  ;; Step 1: Run invariant checks
-  (let ((current-action (policy-run-invariant-checks action context)))
-
-    ;; Step 2: If an invariant blocked the action, stop here
-    (when (and (listp current-action)
-               (member (getf current-action :type) '(:LOG :EVENT))
-               (eq (getf (getf current-action :payload) :level) :error))
-
-      (return-from policy-deterministic-gate current-action))
-
-    ;; Step 3: Delegate to Engineering Standards if loaded
-    (let ((eng-gate (policy-find-engineering-standards-gate)))
-      (when eng-gate
-        (setf current-action (funcall eng-gate current-action context))))
-
-    current-action))
-
-(defskill :skill-policy
-  :priority 500
-  :trigger (lambda (ctx) (declare (ignore ctx)) t)
-  :probabilistic nil
-  :deterministic #'policy-deterministic-gate)
--- a/library/gen/org-skill-protocol-validator.lisp
+++ b/library/gen/org-skill-protocol-validator.lisp
@@ -1,44 +0,0 @@
-(in-package :opencortex)
-
-(defun validate-communication-protocol-schema (msg)
-  "Strict structural validation for incoming communication protocol messages."
-  (unless (listp msg)
-    (error "Communication Protocol Schema Error: Message must be a property list (got ~s)" (type-of msg)))
-  
-  (let ((type (let ((raw (proto-get msg :type))) (if (keywordp raw) (intern (string-upcase (string raw)) :keyword) raw))))
-    (unless (member type '(:REQUEST :EVENT :RESPONSE :LOG :STATUS :CHAT))
-      (progn (harness-log "REJECTED MSG: ~s" msg) (error "Communication Protocol Schema Error: Invalid message type '~a'" type)))
-    
-    (case type
-      (:REQUEST 
-       ;; Allow missing :target if :source is present in :meta, since reason-gate
-       ;; will infer :target from :source downstream. This preserves "equality of
-       ;; clients" — gateways need not duplicate routing logic.
-       (let ((target (proto-get msg :target))
-             (source (proto-get (proto-get msg :meta) :source)))
-         (unless (or target source)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :target and no :source in :meta to infer it"))
-         (unless (proto-get msg :payload)
-           (error "Communication Protocol Schema Error: REQUEST missing mandatory :payload"))))
-      
-      (:EVENT
-       (let ((payload (proto-get msg :payload)))
-         (unless (and payload (listp payload))
-           (error "Communication Protocol Schema Error: EVENT missing or invalid :payload"))
-         (unless (or (proto-get payload :action) (proto-get payload :sensor))
-           (error "Communication Protocol Schema Error: EVENT payload must contain :action or :sensor"))))
-      
-      (:RESPONSE
-       (unless (proto-get msg :payload)
-         (error "Communication Protocol Schema Error: RESPONSE missing mandatory :payload"))))
-    
-    t))
-
-(defskill :skill-communication-protocol-validator
-  :priority 95
-  :trigger (lambda (ctx) (member (getf (getf ctx :payload) :sensor) '(:protocol-received)))
-  :probabilistic nil
-  :deterministic (lambda (action ctx)
-              (declare (ignore ctx))
-              (validate-communication-protocol-schema action)
-              action))
--- a/library/gen/org-skill-scribe.lisp
+++ b/library/gen/org-skill-scribe.lisp
@@ -1,108 +0,0 @@
-(in-package :opencortex)
-
-(defvar *scribe-last-checkpoint* 0
-  "The universal-time of the last successful distillation run.")
-
-(defun scribe-load-state ()
-  "Loads the scribe checkpoint from the state directory."
-  (let ((state-file (uiop:merge-pathnames* "state/scribe-checkpoint.lisp" (asdf:system-source-directory :opencortex))))
-    (if (uiop:file-exists-p state-file)
-        (setf *scribe-last-checkpoint* (read-from-string (uiop:read-file-string state-file)))
-        (setf *scribe-last-checkpoint* 0))))
-
-(defun scribe-save-state ()
-  "Saves the current universal-time as the new checkpoint."
-  (let ((state-file (uiop:merge-pathnames* "state/scribe-checkpoint.lisp" (asdf:system-source-directory :opencortex))))
-    (ensure-directories-exist state-file)
-    (with-open-file (out state-file :direction :output :if-exists :supersede)
-      (format out "~a" (get-universal-time)))))
-
-(defun scribe-get-distillable-nodes ()
-  "Returns a list of org-objects from the daily/ folder that require distillation."
-  (let ((results nil))
-    (maphash (lambda (id obj)
-               (declare (ignore id))
-               (let* ((attrs (org-object-attributes obj))
-                      (tags (getf attrs :TAGS))
-                      (type (org-object-type obj))
-                      (version (org-object-version obj)))
-                 (when (and (eq type :HEADLINE)
-                            (> version *scribe-last-checkpoint*)
-                            (not (member "@personal" tags :test #'string-equal)))
-                   (push obj results))))
-             *memory*)
-    results))
-
-(defun probabilistic-skill-scribe (context)
-  "Generates the extraction prompt for the Scribe."
-  (let* ((payload (getf context :payload))
-         (nodes (scribe-get-distillable-nodes)))
-    (if nodes
-        (let ((text-to-process ""))
-          (dolist (node nodes)
-            (setf text-to-process (concatenate 'string text-to-process 
-                                               (format nil "ID: ~a~%TITLE: ~a~%CONTENT: ~a~%---~%" 
-                                                       (org-object-id node)
-                                                       (getf (org-object-attributes node) :TITLE)
-                                                       (org-object-content node)))))
-          (format nil "DISTILLATION TASK:
-Below are raw chronological logs from my daily journal.
-Extract ATOMIC EVERGREEN NOTES from this text.
-
-RULES:
-1. One note per distinct concept.
-2. Output a list of Lisp plists: ((:title \"...\" :content \"...\" :source-id \"...\") ...)
-3. The content should be in Org-mode format.
-4. Keep titles descriptive and snake_case.
-
-TEXT:
-~a" text-to-process))
-        nil)))
-
-(defun scribe-commit-notes (proposals)
-  "Writes proposed atomic notes to the notes/ directory. Appends if the note exists."
-  (let ((notes-dir (uiop:merge-pathnames* "notes/" (asdf:system-source-directory :opencortex))))
-    (ensure-directories-exist notes-dir)
-    (dolist (note proposals)
-      (let* ((title (getf note :title))
-             (content (getf note :content))
-             (source-id (getf note :source-id))
-             (filename (format nil "~a.org" (string-downcase (cl-ppcre:regex-replace-all " " title "_"))))
-             (path (merge-pathnames filename notes-dir)))
-        (if (uiop:file-exists-p path)
-            (with-open-file (out path :direction :output :if-exists :append)
-              (format out "~%~%* Appended insight from ~a~%~a" source-id content))
-            (with-open-file (out path :direction :output :if-exists :supersede)
-              (format out ":PROPERTIES:~%:ID: ~a~%:SOURCE_ID: ~a~%:END:~%#+TITLE: ~a~%~%~a" 
-                      (org-id-new) source-id title content)))
-        (harness-log "SCRIBE: Processed evergreen note ~a" filename)))))
-
-(defun verify-skill-scribe (action context)
-  "Executes the note creation and marks source nodes as distilled."
-  (declare (ignore context))
-  (let ((data (cond ((and (listp action) (eq (getf action :type) :REQUEST))
-                     (getf (getf action :payload) :payload))
-                    ((and (listp action) (not (member (getf action :type) '(:LOG :EVENT))))
-                     action)
-                    (t nil))))
-    (when data
-      (harness-log "SCRIBE: Committing ~a atomic notes..." (length data))
-      (scribe-commit-notes data)
-      (scribe-save-state)
-      (harness-log "SCRIBE: Distillation complete.")
-      ;; Return a log event to stop the loop
-      (list :type :LOG :payload (list :text "Distillation successful.")))))
-
-(defskill :skill-scribe
-  :priority 50
-  :trigger (lambda (ctx)
-             (let* ((payload (getf ctx :payload))
-                    (sensor (getf payload :sensor)))
-               (and (eq sensor :heartbeat)
-                    ;; Only run once per hour to check if we need to distill
-                    (> (- (get-universal-time) *scribe-last-checkpoint*) 3600)
-                    (scribe-get-distillable-nodes))))
-  :probabilistic #'probabilistic-skill-scribe
-  :deterministic #'verify-skill-scribe)
-
-(scribe-load-state)
--- a/library/gen/org-skill-self-edit.lisp
+++ b/library/gen/org-skill-self-edit.lisp
@@ -1,177 +0,0 @@
-(in-package :opencortex)
-
-(defun self-edit-count-char (char string)
-  "Counts occurrences of CHAR in STRING."
-  (loop for c across string count (char= c char)))
-
-(defun self-edit-balance-parens (code)
-  "Balances parentheses in CODE."
-  (let ((opens (self-edit-count-char #\( code))
-        (closes (self-edit-count-char #\) code)))
-    (cond
-      ((= opens closes) code)
-      ((> opens closes)
-       (concatenate 'string code (make-string (- opens closes) :initial-element #\))))
-      ((> closes opens)
-       (concatenate 'string (make-string (- closes opens) :initial-element #\() code)))))
-
-(defun self-edit-parse-location (context)
-  "Extracts file and line from error context payload."
-  (let* ((payload (getf context :payload))
-         (message (getf payload :message ""))
-         (file (or (getf payload :file)
-                   (when (search "file" message)
-                     (car (cl-ppcre:all-matches-as-strings "[a-zA-Z0-9_/-]+\\.lisp" message)))))
-         (line (or (getf payload :line)
-                   (let ((match (cl-ppcre:scan-to-strings "line.?(\\d+)" message)))
-                     (when match (parse-integer (aref match 0)))))))
-    (list :file file :line line)))
-
-(defun self-edit-apply (target-file old-code new-code)
-  "Applies surgical edit to TARGET-FILE: replace OLD-CODE with NEW-CODE.
-Returns list with :status and :message keys."
-  (unless (uiop:file-exists-p target-file)
-    (return-from self-edit-apply 
-      (list :status :error :message (format nil "File not found: ~a" target-file))))
-  
-  (snapshot-memory)
-  (harness-log "SELF-EDIT: Attempting surgical fix on ~a..." target-file)
-  
-  (let ((original-content (uiop:read-file-string target-file)))
-    (handler-case
-        (if (search old-code original-content)
-            (let ((new-content (cl-ppcre:regex-replace-all 
-                                (cl-ppcre:quote-meta-chars old-code) 
-                                original-content 
-                                new-code)))
-              (with-open-file (out target-file :direction :output :if-exists :supersede)
-                (write-string new-content out))
-              (harness-log "SELF-EDIT: Edit applied successfully.")
-              (list :status :success :message "Edit applied."))
-            (progn
-              (harness-log "SELF-EDIT: Pattern not found in file.")
-              (list :status :error :message "Pattern not found in file.")))
-      (error (c)
-        (harness-log "SELF-EDIT: Edit failed: ~a" c)
-        (rollback-memory 0)
-        (list :status :error :message (format nil "Edit failed: ~a" c))))))
-
-(def-cognitive-tool :self-edit
-  "Applies a surgical code modification to a file with automatic rollback on failure."
-  ((:file :type :string :description "Path to the target file")
-   (:old :type :string :description "The code block to find")
-   (:new :type :string :description "The code block to replace with"))
-  :body (lambda (args)
-          (let* ((file (getf args :file))
-                 (old (getf args :old))
-                 (new (getf args :new)))
-            (self-edit-apply file old new))))
-
-(defskill :skill-self-edit
-  :priority 95
-  :trigger (lambda (ctx)
-             (let ((sensor (getf (getf ctx :payload) :sensor)))
-               (member sensor '(:syntax-error :repair-request :self-edit))))
-  :probabilistic (lambda (ctx)
-                   (let ((sensor (getf (getf ctx :payload) :sensor)))
-                     (cond
-                       ((eq sensor :syntax-error)
-                        "You are the Self-Edit Agent. A syntax error occurred. 
-Provide a fixed version of the code as a lisp form.")
-                       ((eq sensor :repair-request)
-                        "You are the Self-Edit Agent. Apply the surgical fix to the file.")
-                       (t nil))))
-  :deterministic (lambda (action ctx)
-                   (let* ((payload (getf ctx :payload))
-                          (sensor (getf payload :sensor)))
-                     (cond
-                       ((eq sensor :syntax-error)
-                        (let ((code (getf payload :code)))
-                          (harness-log "SELF-EDIT: Fast paren balancing...")
-                          (let ((balanced (self-edit-balance-parens code)))
-                            (handler-case
-                                (progn
-                                  (read-from-string balanced)
-                                  (harness-log "SELF-EDIT: Fast fix SUCCESS.")
-                                  (list :status :success :repaired balanced))
-                              (error ()
-                                (harness-log "SELF-EDIT: Fast fix failed, need neural repair.")
-                                (list :status :error :reason "needs-llm"))))))
-                       ((eq sensor :repair-request)
-                        (let ((file (getf payload :file))
-                              (old (getf payload :old))
-                              (new (getf payload :new)))
-                          (self-edit-apply file old new)))
-                       (t nil)))))
-
-(def-cognitive-tool :balance-parens
-  "Balances parentheses in a code string."
-  ((:code :type :string :description "The code to balance"))
-  :body (lambda (args)
-          (let ((code (getf args :code))
-                (balanced (self-edit-balance-parens code)))
-            (handler-case
-                (progn
-                  (read-from-string balanced)
-                  (list :status :success :repaired balanced))
-              (error (c)
-                (list :status :error :message (format nil "Could not repair: ~a" c)))))))
-
-(defvar *self-edit-skills-backup* nil
-  "Backup of skill registry before hot-reload.")
-
-(defun self-edit-hot-reload-skill (skill-name gen-path)
-  "Reloads a skill from its compiled .lisp source.
-
-   Steps:
-   1. Backup current *skills-registry*
-   2. Compile the new skill file
-   3. Merge new skill into registry
-   4. Verify the skill loads without error
-   5. If error, rollback to backup
-
-   Returns (values :success t) or (values :error message)."
-  (unless *skills-registry*
-    (return-from self-edit-hot-reload-skill
-      (values :error "Skills engine not initialized")))
-  (unless (uiop:file-exists-p gen-path)
-    (return-from self-edit-hot-reload-skill
-      (values :error (format nil "Skill file not found: ~a" gen-path))))
-
-  ;; Step 1: Backup registry
-  (setf *self-edit-skills-backup* (copy-hash-table *skills-registry*))
-
-  (handler-case
-      (progn
-        ;; Step 2: Compile new skill
-        (let ((compiled (compile-file gen-path)))
-          (unless compiled
-            (error "Compilation returned nil")))
-        ;; Step 3: Load the compiled skill
-        (load gen-path)
-        ;; Step 4: Verify skill is in registry
-        (let ((skill (gethash (string skill-name) *skills-registry*)))
-          (if skill
-              (progn
-                (harness-log "SELF-EDIT: Hot-reloaded skill ~a from ~a"
-                             skill-name gen-path)
-                (values :success t))
-              (error "Skill not registered after reload"))))
-    (error (e)
-      ;; Step 5: Rollback
-      (when *self-edit-skills-backup*
-        (clrhash *skills-registry*)
-        (maphash (lambda (k v) (setf (gethash k *skills-registry*) v))
-                 *self-edit-skills-backup*))
-      (harness-log "SELF-EDIT: Hot-reload FAILED for ~a: ~a" skill-name e)
-      (values :error (format nil "Hot-reload failed: ~a" e)))))
-
-(def-cognitive-tool :reload-skill
-  "Hot-reloads a skill from its compiled source file without restarting the system."
-  ((:skill-name :type :string :description "Name of the skill to reload (e.g. :skill-engineering-standards)")
-   (:gen-path :type :string :description "Absolute path to the compiled .lisp file"))
-  :body (lambda (args)
-          (let ((name (getf args :skill-name))
-                (path (getf args :gen-path)))
-            (multiple-value-bind (status message) (self-edit-hot-reload-skill name path)
-              (list :status status :message message)))))
--- a/library/gen/org-skill-self-fix.lisp
+++ b/library/gen/org-skill-self-fix.lisp
@@ -1,65 +0,0 @@
-(in-package :opencortex)
-
-(defun self-fix-apply (action context)
-  "Applies a surgical code fix and reloads the modified skill."
-  (declare (ignore context))
-  (let* ((payload (getf action :payload))
-         (target-file (getf payload :file))
-         (old-code (getf payload :old))
-         (new-code (getf payload :new))
-         (is-skill (and (stringp (namestring target-file))
-                        (search "skills/" (namestring target-file)))))
-    
-    (opencortex:snapshot-memory)
-    (opencortex:harness-log "SELF-FIX - Attempting surgical fix on ~a..." target-file)
-    
-    (handler-case
-        (if (uiop:file-exists-p target-file)
-            (let ((content (uiop:read-file-string target-file)))
-              (if (search old-code content)
-                  (let ((new-content (cl-ppcre:regex-replace-all (cl-ppcre:quote-meta-chars old-code) content new-code)))
-                    (with-open-file (out target-file :direction :output :if-exists :supersede)
-                      (write-string new-content out))
-                    
-                    (if is-skill
-                        (progn
-                          (opencortex:harness-log "SELF-FIX - Reloading modified skill ~a..." target-file)
-                          (if (opencortex:load-skill-from-org target-file)
-                              (progn
-                                (opencortex:harness-log "SELF-FIX SUCCESS - Applied and reloaded.")
-                                t)
-                              (progn
-                                (opencortex:harness-log "SELF-FIX FAILURE - Skill reload failed. Rolling back.")
-                                (with-open-file (out target-file :direction :output :if-exists :supersede)
-                                  (write-string content out))
-                                (opencortex:rollback-memory 0)
-                                nil)))
-                        (progn
-                          (opencortex:harness-log "SELF-FIX SUCCESS - Applied fix to file.")
-                          t)))
-                  (progn (opencortex:harness-log "SELF-FIX FAILURE - Pattern not found.") nil)))
-            (progn (opencortex:harness-log "SELF-FIX FAILURE - File not found.") nil))
-      (error (c)
-        (opencortex:harness-log "SELF-FIX CRASH - ~a. Rolling back." c)
-        (opencortex:rollback-memory 0)
-        nil))))
-
-(def-cognitive-tool :repair-file 
-  "Applies a surgical code modification to a file and reloads the skill if applicable."
-  ((:file :type :string :description "Path to the target file")
-   (:old :type :string :description "The literal code block to find")
-   (:new :type :string :description "The literal code block to replace it with"))
-  :body (lambda (args)
-          (if (self-fix-apply (list :payload args) nil)
-              "REPAIR SUCCESSFUL."
-              "REPAIR FAILED.")))
-
-(defskill :skill-self-fix
-  :priority 95
-  :trigger (lambda (context) (eq (getf (getf context :payload) :sensor) :repair-request))
-  :probabilistic (lambda (context)
-           (format nil "You are the opencortex Repair Actuator. Synthesize a surgical fix for the reported failure.
-Return a Lisp plist for :repair-file."))
-  :deterministic (lambda (action context)
-              (let ((payload (getf action :payload)))
-                (self-fix-apply action context))))
--- a/library/gen/org-skill-shell-actuator.lisp
+++ b/library/gen/org-skill-shell-actuator.lisp
@@ -1,56 +0,0 @@
-(defparameter *allowed-commands* '("ls" "git" "rg" "grep" "date" "echo" "cat" "node" "python3" "sbcl"))
-
-(defparameter *shell-metacharacters* '(#\; #\& #\| #\> #\< #\$ #\` #\\ #\!))
-
-(defun shell-command-safe-p (cmd-string)
-  "Returns T if the command string contains no dangerous metacharacters."
-  (not (some (lambda (char) (find char cmd-string)) *shell-metacharacters*)))
-
-(defun execute-shell-safely (action context)
-  (let* ((payload (getf action :PAYLOAD))
-         (cmd-string (getf payload :cmd))
-         (executable (car (uiop:split-string (string-trim " " cmd-string) :separator '(#\Space)))))
-    
-    (cond
-      ((not (shell-command-safe-p cmd-string))
-       (opencortex:inject-stimulus 
-        `(:TYPE :EVENT :PAYLOAD (:SENSOR :shell-response :cmd ,cmd-string :stdout "" :stderr "ERROR - Security Violation: Dangerous metacharacters detected." :exit-code 1))
-        :stream (getf context :reply-stream)))
-      
-      ((not (member executable *allowed-commands* :test #'string=))
-       (opencortex:inject-stimulus 
-        `(:TYPE :EVENT :PAYLOAD (:SENSOR :shell-response :cmd ,cmd-string :stdout "" :stderr "ERROR - Command not in security whitelist." :exit-code 1))
-        :stream (getf context :reply-stream)))
-      
-      (t
-       (multiple-value-bind (stdout stderr exit-code)
-           (uiop:run-program cmd-string :output :string :error-output :string :ignore-error-status t)
-         (opencortex:inject-stimulus 
-          `(:TYPE :EVENT :PAYLOAD (:SENSOR :shell-response :cmd ,cmd-string :stdout ,(or stdout "") :stderr ,(or stderr "") :exit-code ,exit-code))
-          :stream (getf context :reply-stream)))))))
-
-(defun trigger-skill-shell-actuator (context)
-  (let ((type (getf context :TYPE))
-        (payload (getf context :PAYLOAD)))
-    (and (eq type :EVENT)
-         (eq (getf payload :SENSOR) :shell-response))))
-
-(defun probabilistic-skill-shell-actuator (context)
-  (let* ((p (getf context :PAYLOAD))
-         (cmd (getf p :cmd))
-         (stdout (getf p :stdout))
-         (stderr (getf p :stderr))
-         (exit-code (getf p :exit-code)))
-    (format nil "SHELL COMMAND RESULT:
-Command: ~a
-Exit Code: ~a
-STDOUT: ~a
-STDERR: ~a" cmd exit-code stdout stderr)))
-
-(opencortex:register-actuator :shell #'execute-shell-safely)
-
-(defskill :skill-shell-actuator
-  :priority 80
-  :trigger #'trigger-skill-shell-actuator
-  :probabilistic #'probabilistic-skill-shell-actuator
-  :deterministic (lambda (action context) (declare (ignore context)) action))
--- a/library/gen/org-skill-tool-permissions.lisp
+++ b/library/gen/org-skill-tool-permissions.lisp
@@ -1,87 +0,0 @@
-(in-package :opencortex)
-
-(defvar *tool-permissions* (make-hash-table :test 'equal)
-  "Hash table mapping tool names to :allow/:deny/:ask.")
-
-(defun get-tool-permission (tool-name)
-  (let ((key (string-downcase (string tool-name))))
-    (or (gethash key *tool-permissions*) :allow)))
-
-(defun set-tool-permission (tool-name tier)
-  (setf (gethash (string-downcase (string tool-name)) *tool-permissions*) tier)
-  (harness-log "TOOL PERMISSION: Set ~a = ~a" tool-name tier))
-
-(defun check-tool-permission-gate (tool-name context)
-  (declare (ignore context))
-  (let ((perm (get-tool-permission tool-name)))
-    (case perm
-      (:allow :allow)
-      (:deny :deny)
-      (:ask (list :ask tool-name context))
-      (t :allow))))
-
-(def-cognitive-tool :get-embedding
-  "Generates vector embeddings via Ollama or llama.cpp API."
-  ((:text :type :string :description "Text to embed."))
-  :body (lambda (args)
-          (let* ((text (getf args :text))
-                 (provider (or (uiop:getenv "EMBEDDING_PROVIDER") "ollama"))
-                 (model (or (uiop:getenv "EMBEDDING_MODEL") "nomic-embed-text"))
-                 (embedding nil))
-            (cond
-              ((string= provider "ollama")
-               (let* ((host (or (uiop:getenv "OLLAMA_HOST") "localhost:11434"))
-                      (url (format nil "http://~a/api/embeddings" host))
-                      (body (cl-json:encode-json-to-string `((model . ,model) (prompt . ,text)))))
-                 (handler-case
-                     (let* ((response (dex:post url :headers '(("Content-Type" . "application/json")) :content body :connect-timeout 5 :read-timeout 30))
-                            (json (cl-json:decode-json-from-string response))
-                            (vec (cdr (assoc :embedding json))))
-                       (when vec (setf embedding vec)))
-                   (error (c) (harness-log "EMBEDDING: Ollama failed: ~a" c)))))
-              ((string= provider "llama.cpp")
-               (let* ((host (or (uiop:getenv "LLAMA_HOST") "localhost:8080"))
-                      (url (format nil "http://~a/v1/embeddings" host))
-                      (body (cl-json:encode-json-to-string `((model . ,model) (input . ,text)))))
-                 (handler-case
-                     (let* ((response (dex:post url :headers '(("Content-Type" . "application/json")) :content body :connect-timeout 5 :read-timeout 30))
-                            (json (cl-json:decode-json-from-string response))
-                            (data (cdr (assoc :data json)))
-                            (vec (when data (cdr (assoc :embedding (car data))))))
-                       (when vec (setf embedding vec)))
-                   (error (c) (harness-log "EMBEDDING: llama.cpp failed: ~a" c))))))
-            (if embedding
-                (list :status :success :vector embedding)
-                (list :status :error :message "Embedding generation failed")))))
-
-(def-cognitive-tool :tool-permissions
-  "View or set tool permission tiers."
-  ((:tool :type :string :description "Tool name")
-   (:action :type :keyword :description "Action: :get, :set, :list" :default :get)
-   (:tier :type :keyword :description "For :set: :allow/:deny/:ask"))
-  :body (lambda (args)
-          (let ((tool (getf args :tool))
-                (action (getf args :action :get))
-                (tier (getf args :tier)))
-            (case action
-              (:get (list :status :success :tool tool :permission (get-tool-permission tool)))
-              (:set (progn (set-tool-permission tool tier)
-                        (list :status :success :message (format nil "Set ~a = ~a" tool tier))))
-              (:list (let ((r nil))
-                       (maphash (lambda (k v) (push (list :tool k :permission v) r)) *tool-permissions*)
-                       (list :status :success :tools r)))
-              (t (list :status :error :message "Invalid action"))))))
-
-;; Defaults
-(set-tool-permission :shell :deny)
-(set-tool-permission :delete-file :deny)
-(set-tool-permission :eval :ask)
-(set-tool-permission :write-file :ask)
-(harness-log "TOOL PERMISSIONS: Initialized")
-
-(defskill :skill-tool-permissions
-  :priority 600
-  :trigger (lambda (c) (declare (ignore c)) nil)
-  :deterministic (lambda (a c)
-    (let ((tool (getf (getf a :payload) :tool)))
-      (when tool (check-tool-permission-gate tool c)))))
--- a/library/loop.lisp
+++ b/library/loop.lisp
@@ -1,193 +0,0 @@
-(in-package :opencortex)
-
-(defvar *interrupt-flag* nil
-  "Atomic flag set by signal handlers to trigger graceful shutdown.
-  Using a dedicated variable avoids race conditions in interrupt handling.")
-
-(defvar *interrupt-lock* (bt:make-lock "harness-interrupt-lock")
-  "Mutex protecting *interrupt-flag* access.
-  Locking is required because SBCL's interrupt handlers run in uncertain contexts.")
-
-(defvar *heartbeat-thread* nil
-  "Handle to the heartbeat thread, allowing explicit termination on shutdown.")
-
-(defun process-signal (signal)
-  "The entry point to the Metabolic Pipeline: Perceive -> Reason -> Act.
-
-  SIGNAL is a property list with the following structure:
-  - :type - :EVENT, :REQUEST, :RESPONSE, etc.
-  - :payload - The actual content (sensor data, approved actions, etc.)
-  - :meta - Metadata including source, session, reply stream
-  - :depth - Recursion depth counter (starts at 0)
-  - :status - Processing status (:perceived, :reasoned, :acted)
-
-  Returns NIL when processing is complete, or a new signal for feedback loop."
-
-  (let ((current-signal signal))
-    (loop while current-signal do
-
-      ;; Depth limiting prevents infinite recursion from feedback loops
-      (let ((depth (getf current-signal :depth 0))
-            (meta (getf current-signal :meta)))
-        (when (> depth 10)
-          (harness-log "METABOLISM ERROR: Max recursion depth reached.")
-          (return nil))
-
-        ;; Check for graceful shutdown interrupt
-        (when (bt:with-lock-held (*interrupt-lock*) *interrupt-flag*)
-          (harness-log "METABOLISM: Interrupted by shutdown signal.")
-          (bt:with-lock-held (*interrupt-lock*) (setf *interrupt-flag* nil))
-          (return nil))
-
-        ;; The three-stage pipeline wrapped in error handling
-        (handler-case
-            (progn
-              ;; Stage 1: Perceive - normalize sensory input
-              (setf current-signal (perceive-gate current-signal))
-
-              ;; Stage 2: Reason - generate and verify action proposals
-              (setf current-signal (reason-gate current-signal))
-
-              ;; Stage 3: Act - execute approved actions
-              (let ((feedback (act-gate current-signal)))
-                (if feedback
-                    ;; Action generated a feedback signal - continue processing
-                    (progn
-                      ;; Preserve metadata from original signal
-                      (unless (getf feedback :meta)
-                        (setf (getf feedback :meta) meta))
-                      (setf current-signal feedback))
-                    ;; No feedback - pipeline complete
-                    (setf current-signal nil))))
-
-          ;; Error recovery with differentiated response
-          (error (c)
-            (let ((sensor (ignore-errors (getf (getf current-signal :payload) :sensor))))
-              (harness-log "METABOLISM CRASH [~a]: ~a" (or sensor :unknown) c)
-
-              ;; Only rollback memory on critical errors, not transient tool failures
-              ;; This prevents losing recent context due to a single bad API call
-              (unless (member sensor '(:loop-error :tool-error :syntax-error))
-                (harness-log "CRITICAL ERROR: Initiating Micro-Rollback.")
-                (rollback-memory 0))
-
-              ;; At deep recursion or known error types, terminate gracefully
-              (if (or (> depth 2) (member sensor '(:loop-error :tool-error)))
-                  (setf current-signal nil)
-                  ;; Otherwise, convert error to a loop-error signal for retry
-                  (setf current-signal
-                        (list :type :EVENT
-                              :depth (1+ depth)
-                              :meta meta
-                              :payload (list :sensor :loop-error
-                                           :message (format nil "~a" c)
-                                           :depth depth)))))))))))
-
-(defvar *auto-save-interval* 300
-  "Interval in seconds between automatic memory saves.
-  Defaults to 300 seconds (5 minutes). Set via MEMORY_AUTO_SAVE_INTERVAL env var.")
-
-(defvar *heartbeat-save-counter* 0
-  "Tracks heartbeats since last save, used to calculate auto-save timing.")
-
-(defun start-heartbeat ()
-  "Starts the background heartbeat thread.
-
-  The heartbeat runs in a dedicated thread to avoid blocking the main
-  signal processing loop. Each heartbeat:
-
-  1. Injects a :HEARTBEAT signal into the metabolic pipeline
-  2. Checks if memory should be auto-saved (based on interval ratio)
-
-  Configuration via environment:
-  - HEARTBEAT_INTERVAL: Seconds between heartbeats (default: 60)
-  - MEMORY_AUTO_SAVE_INTERVAL: Seconds between auto-saves (default: 300)"
-
-  (let ((interval (or (ignore-errors (parse-integer (uiop:getenv "HEARTBEAT_INTERVAL"))) 60))
-        (auto-save (or (ignore-errors (parse-integer (uiop:getenv "MEMORY_AUTO_SAVE_INTERVAL"))) *auto-save-interval*)))
-    (setf *auto-save-interval* auto-save)
-    (setf *heartbeat-save-counter* 0)
-
-    (setf *heartbeat-thread*
-          (bt:make-thread
-           (lambda ()
-             (loop
-               ;; Wait for interval
-               (sleep interval)
-
-               ;; Update counter and check if it's time to save
-               (incf *heartbeat-save-counter*)
-               (when (>= *heartbeat-save-counter* (/ *auto-save-interval* interval))
-                 (setf *heartbeat-save-counter* 0)
-                 (save-memory-to-disk))
-
-               ;; Inject heartbeat signal - this runs through the full pipeline
-               ;; allowing the agent to do latent reflection even with no input
-               (inject-stimulus
-                 (list :type :EVENT
-                       :payload (list :sensor :heartbeat
-                                    :unix-time (get-universal-time)))))
-
-            :name "opencortex-heartbeat")))))
-
-(defvar *shutdown-save-enabled* t
-  "When T, save memory to disk on graceful shutdown.
-  Disable for testing or when memory persistence is handled externally.")
-
-(defun main ()
-  "Entry point for OpenCortex. Initializes the system and enters idle loop.
-
-  Startup sequence:
-  1. Load environment from ~/.local/share/opencortex/.env
-  2. Restore memory from disk (if snapshot exists)
-  3. Initialize actuators (shell, cli, system)
-  4. Load all skills from SKILLS_DIR
-  5. Start heartbeat thread
-  6. Register SIGINT handler for graceful shutdown
-  7. Enter idle loop (sleeps in DAEMON_SLEEP_INTERVAL chunks)
-
-  The idle loop checks for interrupts and saves memory before exit."
-
-  ;; Step 1: Load environment variables from standard location
-  (let* ((home (uiop:getenv "HOME"))
-         (env-file (uiop:merge-pathnames*
-                     ".local/share/opencortex/.env"
-                     (uiop:ensure-directory-pathname home))))
-    (when (uiop:file-exists-p env-file)
-      (cl-dotenv:load-env env-file)))
-
-  ;; Step 2: Crash recovery - load memory from previous snapshot
-  (load-memory-from-disk)
-
-  ;; Step 3-4: Initialize actuators and load skills
-  (initialize-actuators)
-  (initialize-all-skills)
-
-  ;; Step 5: Start the heartbeat
-  (start-heartbeat)
-
-  ;; Step 6: Register graceful shutdown handler
-  ;; SBCL-specific: catches Ctrl+C (SIGINT) and saves before exit
-  #+sbcl
-  (sb-sys:enable-interrupt sb-unix:sigint
-                           (lambda (sig code scp)
-                             (declare (ignore sig code scp))
-                             (harness-log "SHUTDOWN: SIGINT received. Saving memory...")
-                             (when *shutdown-save-enabled*
-                               (save-memory-to-disk))
-                             (uiop:quit 0)))
-
-  ;; Step 7: Idle loop - sleep in chunks, checking for interrupts
-  (let ((sleep-interval (or (ignore-errors
-                              (parse-integer (uiop:getenv "DAEMON_SLEEP_INTERVAL")))
-                            3600)))
-    (loop
-      ;; Check for interrupt before each sleep cycle
-      (when (bt:with-lock-held (*interrupt-lock*) *interrupt-flag*)
-        (harness-log "SHUTDOWN: Interrupt flag set. Saving memory...")
-        (when *shutdown-save-enabled*
-          (save-memory-to-disk))
-        (return))
-
-      ;; Sleep in configured intervals (default: 1 hour)
-      (sleep sleep-interval))))
--- a/library/memory.lisp
+++ b/library/memory.lisp
@@ -1,175 +0,0 @@
-(in-package :opencortex)
-
-(defvar *memory* (make-hash-table :test 'equal))
-
-(defvar *history-store* (make-hash-table :test 'equal)
-  "Immutable Merkle-Tree versioning store mapping hashes to objects.")
-
-(defstruct org-object
-  id type attributes content vector parent-id children version last-sync hash)
-
-;; Enable serialization via make-load-form (standard CL)
-(defmethod make-load-form ((obj org-object) &optional env)
-  (make-load-form-saving-slots obj :environment env))
-
-(defun compute-merkle-hash (id type attributes content child-hashes)
-  "Computes a SHA-256 Merkle hash for a node based on its core properties and children's hashes."
-  (let* ((alist (loop for (k v) on attributes by #'cddr collect (cons k v)))
-         (sorted-alist (sort alist #'string< :key (lambda (x) (format nil "~a" (car x)))))
-         (attr-string (format nil "~s" sorted-alist))
-         (children-string (format nil "~{~a~}" child-hashes))
-         (data-string (format nil "ID:~a|TYPE:~s|ATTRS:~a|CONTENT:~a|CHILDREN:~a"
-                              id type attr-string (or content "") children-string))
-         (digester (ironclad:make-digest :sha256)))
-    (ironclad:update-digest digester (ironclad:ascii-string-to-byte-array data-string))
-    (ironclad:byte-array-to-hex-string (ironclad:produce-digest digester))))
-
-(defun ingest-ast (ast &optional parent-id)
-  "Parses an Org AST into the recursive Lisp Memory with Merkle hashing."
-  (let* ((type (getf ast :type))
-         (props (getf ast :properties))
-         (id (or (getf props :ID) (format nil "temp-~a" (get-universal-time))))
-         (contents (getf ast :contents))
-         (raw-content (when (eq type :HEADLINE)
-                        (format nil "~a~%~a" (getf props :TITLE) (or (cl:getf ast :raw-content) ""))))
-         (should-embed (and raw-content (equal (getf props :EMBED) "t")))
-         (child-ids nil)
-         (child-hashes nil))
-    (dolist (child contents)
-      (when (listp child)
-        (let ((child-id (ingest-ast child id)))
-          (push child-id child-ids)
-          (let ((child-id-val child-id))
-             (let ((child-obj (lookup-object child-id-val)))
-               (when child-obj (push (org-object-hash child-obj) child-hashes)))))))
-    (setf child-ids (nreverse child-ids))
-    (setf child-hashes (nreverse child-hashes))
-    (let* ((hash (compute-merkle-hash id type props raw-content child-hashes))
-           (existing-obj (gethash hash *history-store*))
-           (obj (or existing-obj
-                    (make-org-object 
-                     :id id :type type :attributes props :content raw-content
-                     :vector (when should-embed (get-embedding raw-content))
-                     :parent-id parent-id :children child-ids
-                     :version (get-universal-time) :last-sync (get-universal-time)
-                     :hash hash))))
-      (unless existing-obj
-        (setf (gethash hash *history-store*) obj))
-      (setf (gethash id *memory*) obj)
-      id)))
-
-(defvar *object-store-snapshots* nil)
-
-(defun copy-hash-table (hash-table)
-  "Creates a shallow copy of a hash table."
-  (let ((new-table (make-hash-table :test (hash-table-test hash-table) 
-                                    :size (hash-table-size hash-table))))
-    (maphash (lambda (k v) (setf (gethash k new-table) v)) hash-table)
-    new-table))
-
-(defun snapshot-memory ()
-  "Creates a lightweight, Copy-on-Write snapshot using Merkle-Tree pointers."
-  (let ((snapshot (copy-hash-table *memory*)))
-    (push (list :timestamp (get-universal-time) :data snapshot) *object-store-snapshots*)
-    (when (> (length *object-store-snapshots*) 20)
-      (setf *object-store-snapshots* (subseq *object-store-snapshots* 0 20)))
-    (harness-log "MEMORY - CoW Memory snapshot created.")))
-
-(defun rollback-memory (&optional (index 0))
-  "Restores the Memory to a previously captured snapshot using immutable history pointers."
-  (let ((snapshot (nth index *object-store-snapshots*)))
-    (if snapshot
-        (progn (setf *memory* (copy-hash-table (getf snapshot :data)))
-               (harness-log "MEMORY - Memory rolled back to snapshot ~a" index))
-        (harness-log "MEMORY ERROR - Snapshot ~a not found." index))))
-
-(defvar *embedding-cache* (make-hash-table :test 'equal)
-  "Cache for embeddings to avoid redundant API calls.")
-
-(defun get-embedding (text)
-  "Generates a vector embedding for the given text via Ollama. Returns nil on failure."
-  (when (or (null text) (string= text ""))
-    (return-from get-embedding nil))
-  (let ((cached (gethash text *embedding-cache*)))
-    (when cached (return-from get-embedding cached)))
-  (let ((result (funcall (get-cognitive-tool-body :get-ollama-embedding) (list :text text))))
-    (when (eq (getf result :status) :success)
-      (let ((vec (getf result :vector)))
-        (setf (gethash text *embedding-cache*) vec)
-        vec))))
-
-(defun cosine-similarity (vec-a vec-b)
-  "Computes cosine similarity between two vectors. Both should be sequences of numbers."
-  (when (or (null vec-a) (null vec-b) (zerop (length vec-a)) (zerop (length vec-b)))
-    (return-from cosine-similarity 0.0))
-  (let ((dot-product (loop for a across vec-a
-                          for b across vec-b
-                          sum (* a b)))
-        (norm-a (sqrt (loop for a across vec-a sum (* a a))))
-        (norm-b (sqrt (loop for b across vec-b sum (* b b)))))
-    (if (or (zerop norm-a) (zerop norm-b))
-        0.0
-        (/ dot-product (* norm-a norm-b)))))
-
-(defun semantic-search (query &key (limit 10) (min-similarity 0.5))
-  "Searches memory for objects semantically similar to the query.
-Returns up to LIMIT objects with similarity >= MIN-SIMILARITY, sorted by similarity descending."
-  (let* ((query-vec (get-embedding query))
-         (results nil))
-    (unless query-vec
-      (harness-log "EMBEDDING: Failed to generate embedding for query: ~a" query)
-      (return-from semantic-search nil))
-    (maphash (lambda (id obj)
-               (let ((obj-vec (org-object-vector obj)))
-                 (when obj-vec
-                   (let ((sim (cosine-similarity query-vec obj-vec)))
-                     (when (>= sim min-similarity)
-                       (push (list :id id :object obj :similarity sim) results))))))
-             *memory*)
-    (setf results (sort results #'> :key (lambda (r) (getf r :similarity))))
-    (subseq results 0 (min limit (length results)))))
-
-(def-cognitive-tool :semantic-search
-  "Searches memory for objects semantically similar to a query."
-  ((:query :type :string :description "The search query.")
-   (:limit :type :integer :description "Maximum results to return." :default 10)
-   (:min-similarity :type :number :description "Minimum similarity threshold (0-1)." :default 0.5))
-  :body (lambda (args)
-          (semantic-search (getf args :query)
-                        :limit (or (getf args :limit) 10)
-                        :min-similarity (or (getf args :min-similarity) 0.5))))
-
-(defun org-id-new ()
-  "Generates a new UUID string for Org-mode identification."
-  (string-downcase (format nil "~a" (uuid:make-v4-uuid))))
-
-(defun lookup-object (id) 
-  "Retrieves an object from the store by its unique ID."
-  (gethash id *memory*))
-
-(defun list-objects-by-type (type)
-  "Returns a list of all objects matching a specific Org element type."
-  (let ((results nil))
-    (maphash (lambda (id obj) (declare (ignore id)) (when (eq (org-object-type obj) type) (push obj results))) *memory*)
-    results))
-(defun list-objects-with-attribute (attr-name value)
-  "Returns a list of all objects where ATTR-NAME matches VALUE."
-  (let ((results nil))
-    (maphash (lambda (id obj)
-               (declare (ignore id))
-               (let ((attrs (org-object-attributes obj)))
-                 (when (equal (getf attrs attr-name) value)
-                   (push obj results))))
-             *memory*)
-    results))
-
-(defun find-headline-missing-id (ast)
-  "Traverses an AST to find headlines that lack an :ID: property."
-  (when (listp ast)
-    (if (and (eq (getf ast :type) :HEADLINE) (not (getf (getf ast :properties) :ID)))
-        ast
-        (cl:some #'find-headline-missing-id (getf ast :contents)))))
-
-(defun file-name-nondirectory (path)
-  "Extracts the filename from a full path string."
-  (let ((pos (position #\/ path :from-end t))) (if pos (subseq path (1+ pos)) path)))
--- a/library/package.lisp
+++ b/library/package.lisp
@@ -1,174 +0,0 @@
-(defpackage :opencortex
-  (:use :cl)
-  (:export
-   ;; --- communication protocol ---
-   #:frame-message
-   #:read-framed-message
-   #:PROTO-GET
-   #:LIST-OBJECTS-WITH-ATTRIBUTE
-   #:COSINE-SIMILARITY
-   #:VAULT-MASK-STRING
-   #:*VAULT-MEMORY*
-   #:parse-message
-   #:make-hello-message
-   #:validate-communication-protocol-schema
-
-   ;; --- Daemon Lifecycle ---
-   #:start-daemon
-   #:stop-daemon
-   #:harness-log
-   #:main
-
-   ;; --- Memory (CLOSOS) ---
-   #:ingest-ast
-   #:lookup-object
-   #:list-objects-by-type
-   #:org-id-new
-   #:*memory*
-   #:*history-store*
-   #:org-object
-   #:make-org-object
-   #:org-object-id
-   #:org-object-type
-   #:org-object-attributes
-   #:org-object-parent-id
-   #:org-object-children
-   #:org-object-version
-   #:org-object-last-sync
-   #:org-object-vector
-   #:org-object-content
-   #:org-object-hash
-   #:snapshot-memory
-   #:rollback-memory
-
-   ;; --- Context API (Peripheral Vision) ---
-   #:context-query-store
-   #:context-get-active-projects
-   #:context-get-recent-completed-tasks
-   #:context-list-all-skills
-   #:context-get-skill-source
-   #:context-get-system-logs
-   #:context-resolve-path
-   #:context-get-skill-telemetry
-   #:harness-track-telemetry
-   #:context-assemble-global-awareness
-
-   ;; --- Reactive Signal Pipeline ---
-   #:process-signal
-   #:perceive-gate
-   #:probabilistic-gate
-   #:consensus-gate
-   #:act-gate
-   #:reason-gate
-   #:perceive-gate
-   #:dispatch-gate
-   #:inject-stimulus
-   #:initialize-actuators
-   #:dispatch-action
-   #:register-actuator
-
-   ;; --- Skill Engine ---
-   #:load-skill-from-org
-   #:initialize-all-skills
-   #:load-skill-with-timeout
-   #:topological-sort-skills
-   #:validate-lisp-syntax
-   #:defskill
-   #:*skills-registry*
-   #:skill
-   #:skill-name
-   #:skill-priority
-   #:skill-dependencies
-   #:skill-trigger-fn
-   #:skill-probabilistic-prompt
-   #:skill-deterministic-fn
-
-   ;; --- Tool Registry ---
-   #:def-cognitive-tool
-   #:*cognitive-tools*
-   #:cognitive-tool
-   #:cognitive-tool-name
-   #:cognitive-tool-description
-   #:cognitive-tool-parameters
-   #:cognitive-tool-guard
-   #:cognitive-tool-body
-
-   ;; --- Emacs Client Registry ---
-   #:*emacs-clients*
-   #:*clients-lock*
-   #:register-emacs-client
-   #:unregister-emacs-client
-
-   ;; --- Probabilistic Engine ---
-   #:ask-probabilistic
-   #:register-probabilistic-backend
-   #:distill-prompt
-   #:*provider-cascade*
-
-   ;; --- Security Vault ---
-   #:vault-get-secret
-   #:vault-set-secret
-
-   ;; --- Deterministic Logic ---
-   #:list-objects-with-attribute
-   #:deterministic-verify
-
-   ;; --- AST Helpers ---
-   #:find-headline-missing-id))
-
-(in-package :opencortex)
-
-(defun proto-get (plist key)
-  "Robustly retrieves a value from a plist, checking both uppercase and lowercase keyword versions."
-  (let* ((s (string key))
-         (up (intern (string-upcase s) :keyword))
-         (dn (intern (string-downcase s) :keyword)))
-    (or (getf plist up) (getf plist dn))))
-
-(defvar *system-logs* nil)
-(defvar *logs-lock* (bordeaux-threads:make-lock "harness-logs-lock"))
-(defvar *max-log-history* 100)
-
-(defvar *skills-registry* (make-hash-table :test 'equal)
-  "Global registry of all loaded skills.")
-
-(defvar *skill-telemetry* (make-hash-table :test 'equal))
-(defvar *telemetry-lock* (bordeaux-threads:make-lock "harness-telemetry-lock"))
-
-(defun harness-track-telemetry (skill-name duration status)
-  "Updates performance metrics for a specific skill. Status should be :success or :rejected."
-  (when skill-name
-    (bordeaux-threads:with-lock-held (*telemetry-lock*)
-      (let ((entry (or (gethash skill-name *skill-telemetry*) (list :executions 0 :total-time 0 :failures 0))))
-        (incf (getf entry :executions))
-        (incf (getf entry :total-time) duration)
-        (when (eq status :rejected) (incf (getf entry :failures)))
-        (setf (gethash skill-name *skill-telemetry*) entry)))))
-
-(defvar *cognitive-tools* (make-hash-table :test 'equal))
-
-(defstruct cognitive-tool
-  name
-  description
-  parameters
-  guard
-  body)
-
-(defmacro def-cognitive-tool (name description parameters &key guard body)
-  "Registers a new cognitive tool into the global registry. Parameters must be a list of property lists."
-  `(setf (gethash (string-downcase (string ',name)) *cognitive-tools*)
-         (make-cognitive-tool :name (string-downcase (string ',name))
-                              :description ,description
-                              :parameters ',parameters
-                              :guard ,guard
-                              :body ,body)))
-
-(defun harness-log (msg &rest args)
-  "Centralized logging for the harness."
-  (let ((formatted-msg (apply #'format nil msg args)))
-    (bordeaux-threads:with-lock-held (*logs-lock*)
-      (push formatted-msg *system-logs*)
-      (when (> (length *system-logs*) *max-log-history*)
-        (setq *system-logs* (subseq *system-logs* 0 *max-log-history*))))
-    (format t "~a~%" formatted-msg)
-    (finish-output)))
--- a/library/perceive.lisp
+++ b/library/perceive.lisp
@@ -1,130 +0,0 @@
-(in-package :opencortex)
-
-(defvar *async-sensors* '(:chat-message :delegation :user-command)
-  "Sensors that are processed in dedicated threads.
-
-  These sensors can block (waiting for API responses, user input, etc.)
-  so they run in separate threads to avoid blocking the main pipeline.
-
-  Other sensors (:heartbeat, :interrupt, :buffer-update) are processed
-  synchronously to maintain temporal ordering.")
-
-(defvar *foveal-focus-id* nil
-  "The Org ID of the node the user is currently interacting with.
-
-  This enables the reasoning engine to provide contextually relevant
-  responses. When editing a specific note, the agent knows which
-  note you're referring to without needing explicit ID references.
-
-  Updated on :point-update events from Emacs.")
-
-(defun inject-stimulus (raw-message &key stream (depth 0))
-  "Inject a raw message into the signal processing pipeline.
-
-  RAW-MESSAGE is a property list that will be normalized into a Signal.
-  STREAM is an optional output stream for responses (used by TUI/CLI).
-  DEPTH tracks recursion depth for feedback loops.
-
-  This function determines whether to process synchronously or
-  asynchronously based on the sensor type, then calls process-signal
-  to run through the Perceive -> Reason -> Act pipeline.
-
-  Error handling: Uses restarts to prevent individual signals from
-  crashing the entire system. Failed signals are logged and dropped."
-
-  (let* ((payload (getf raw-message :payload))
-         (sensor (getf payload :sensor))
-         (meta (getf raw-message :meta))
-         (async-p (or (getf payload :async-p)
-                     (member sensor *async-sensors*))))
-
-    ;; Ensure metadata exists
-    (unless meta
-      (setf meta (list :SOURCE :SYSTEM :SESSION-ID "internal")))
-
-    ;; Attach reply stream if provided
-    (when stream
-      (setf (getf meta :reply-stream) stream))
-
-    (setf (getf raw-message :meta) meta)
-
-    (if async-p
-        ;; Async: process in dedicated thread
-        (bt:make-thread
-         (lambda ()
-           (restart-case
-               (handler-bind ((error (lambda (c)
-                                       (harness-log "ASYNC ERROR: ~a" c)
-                                       (invoke-restart 'skip-event))))
-                 (process-signal raw-message))
-             (skip-event () nil)))
-         :name "opencortex-async-task")
-
-        ;; Sync: process in main thread with recovery
-        (restart-case
-            (handler-bind ((error (lambda (c)
-                                    (harness-log "SYSTEM ERROR: ~a" c)
-                                    (invoke-restart 'skip-event))))
-              (process-signal raw-message))
-          (skip-event ()
-            (harness-log "SYSTEM RECOVERY: Stimulus dropped."))))))
-
-(defun perceive-gate (signal)
-  "Stage 1 of the metabolic pipeline: Normalize sensory input.
-
-  This function:
-  1. Logs the incoming signal for debugging
-  2. Handles special sensor types (:buffer-update, :point-update, etc.)
-  3. Updates the Memory graph with incoming data
-  4. Tracks foveal focus (user's current node)
-  5. Sets :status to :perceived
-
-  Modifies the signal in place and returns it for the next stage.
-
-  Memory snapshots are taken before AST updates to enable rollback
-  if the update causes issues."
-
-  (let* ((payload (getf signal :payload))
-         (type (getf signal :type))
-         (meta (getf signal :meta))
-         (sensor (getf payload :sensor)))
-
-    ;; Log the incoming signal for debugging
-    (harness-log "GATE [Perceive]: ~a (~a) [Source: ~s]"
-                 type (or sensor "no-sensor") (getf meta :source))
-
-    ;; Handle EVENT type sensors
-    (cond ((eq type :EVENT)
-           (case sensor
-
-             ;; Org buffer was modified - update memory
-             (:buffer-update
-              (let ((ast (getf payload :ast)))
-                (when ast
-                  (snapshot-memory)  ; Enable rollback if update causes issues
-                  (ingest-ast ast))))
-
-             ;; Point moved to different org node - update focus
-             (:point-update
-              (let ((element (getf payload :element)))
-                (when element
-                  (snapshot-memory)
-                  ;; Track foveal focus for contextual reasoning
-                  (setf *foveal-focus-id*
-                        (ignore-errors (getf element :id)))
-                  (ingest-ast element))))
-
-             ;; System interrupt - trigger shutdown
-             (:interrupt
-              (bt:with-lock-held (*interrupt-lock*)
-                (setf *interrupt-flag* t)))))
-
-          ;; Log responses from actuators
-          ((eq type :RESPONSE)
-           (harness-log "GATE [Perceive]: Act Result -> ~a"
-                       (getf payload :status))))
-
-    ;; Update signal status
-    (setf (getf signal :status) :perceived)
-    (setf (getf signal :foveal-focus) *foveal-focus-id*)
-    signal))
--- a/library/reason.lisp
+++ b/library/reason.lisp
@@ -1,361 +0,0 @@
-(in-package :opencortex)
-
-(defvar *probabilistic-backends* (make-hash-table :test 'equal)
-  "Registry mapping provider keywords (:openrouter, :ollama) to their calling functions.")
-
-(defvar *provider-cascade* nil
-  "Ordered list of provider keywords to try. First available provider wins.")
-
-(defvar *model-selector-fn* nil
-  "Optional function that selects a specific model for each provider.
-  Signature: (funcall fn provider context) => model-name-string")
-
-(defvar *consensus-enabled-p* nil
-  "When T, run multiple providers and compare results for critical decisions.")
-
-(defun register-probabilistic-backend (name fn)
-  "Register a neural provider backend.
-
-  NAME is a keyword like :openrouter or :ollama.
-  FN is a function with signature: (funcall fn prompt system-prompt &key model)
-     returning either:
-     - (list :status :success :content \"response text\")
-     - (list :status :error :message \"error description\")
-     - a simple string on success
-
-  Example registration:
-    (register-probabilistic-backend :openrouter #'openrouter-call)"
-
-  (setf (gethash name *probabilistic-backends*) fn))
-
-(defun probabilistic-call (prompt &key
-                                (system-prompt "You are the Probabilistic engine.")
-                                (cascade nil)
-                                (context nil))
-  "Dispatch a neural request through the provider cascade.
-
-  PROMPT - The user's query or task description.
-  SYSTEM-PROMPT - Instructions for how the LLM should behave.
-  CASCADE - Override the default provider cascade.
-  CONTEXT - Current signal context (for model selection).
-
-  Returns the LLM response as a string, or a failure plist if all providers fail.
-
-  The cascade mechanism ensures reliability: if OpenRouter is rate-limited,
-  it automatically falls back to OpenAI, then Anthropic, etc."
-
-  (let ((backends (or cascade *provider-cascade*)))
-    (or (dolist (backend backends)
-          (let ((backend-fn (gethash backend *probabilistic-backends*)))
-            (when backend-fn
-              (harness-log "PROBABILISTIC: Attempting backend ~a..." backend)
-
-              ;; Optional model selection based on context
-              (let* ((model (when *model-selector-fn*
-                              (funcall *model-selector-fn* backend context)))
-                     (result (if model
-                                 (funcall backend-fn prompt system-prompt :model model)
-                                 (funcall backend-fn prompt system-prompt))))
-
-                ;; Normalize result format
-                (cond ((and (listp result) (eq (getf result :status) :success))
-                       (return (getf result :content)))
-                      ((stringp result)
-                       (return result))
-                      (t
-                       (harness-log "PROBABILISTIC: Backend ~a failed: ~a"
-                                   backend (getf result :message))))))))
-
-        ;; All providers failed
-        (list :type :LOG
-              :payload (list :text "Neural Cascade Failure: All providers exhausted.")))))
-
-(defun strip-markdown (text)
-  "Strip markdown formatting from LLM output.
-
-  LLMs often wrap their responses in code fences (```lisp ...```).
-  This function removes those markers to extract the raw plist.
-
-  Handles:
-  - Leading code fences with language tags: ```lisp
-  - Trailing code fences: ```
-  - Orphan closing fences: ```"
-
-  (if (and text (stringp text))
-      (let ((cleaned text))
-        (setf cleaned (cl-ppcre:regex-replace-all "^```[a-z]*\\n" cleaned ""))
-        (setf cleaned (cl-ppcre:regex-replace-all "\\n```$" cleaned ""))
-        (setf cleaned (cl-ppcre:regex-replace-all "```" cleaned ""))
-        (string-trim '(#\Space #\Newline #\Tab) cleaned))
-      text))
-
-(defun normalize-plist-keywords (plist)
-  "Normalize all keys in a plist to keywords.
-
-  LLMs often return plists with unquoted keys: (TYPE REQUEST ...)
-  instead of keyword syntax: (:TYPE :REQUEST ...)
-
-  This function converts all symbol keys to their keyword equivalents,
-  making the plist compatible with standard Lisp property accessors.
-
-  Example transformation:
-    (TYPE REQUEST PAYLOAD (ACTION MESSAGE TEXT \"Hi\"))
-    => (:TYPE :REQUEST :PAYLOAD (:ACTION :MESSAGE :TEXT \"Hi\"))"
-
-  (when (listp plist)
-    (loop for (k . rest) on plist by #'cddr
-          collect (if (and (symbolp k) (not (keywordp k)))
-                       (intern (string k) :keyword)
-                       k)
-          collect (car rest))))
-
-(defun think (context)
-  "Generate a Lisp action proposal based on current context.
-
-  This is the core cognitive function. It:
-
-  1. Finds the most relevant skill based on context
-  2. Assembles global awareness (memory context, system logs)
-  3. Constructs a detailed prompt with available tools
-  4. Calls the LLM via probabilistic-call
-  5. Parses the LLM response into a structured action plist
-
-  The LLM is instructed to respond with exactly ONE plist, never prose.
-  This constraint makes parsing deterministic and prevents rambling.
-
-  Returns a plist with structure:
-    (:TYPE :REQUEST :TARGET :CLI :PAYLOAD (:ACTION :MESSAGE :TEXT \"...\"))"
-
-  ;; Gather context components
-  (let* ((active-skill (find-triggered-skill context))
-         (tool-belt (generate-tool-belt-prompt))
-         (global-context (context-assemble-global-awareness))
-         (system-logs (context-get-system-logs))
-         (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent")))
-
-    ;; Generate prompt from skill or raw text
-    (let* ((prompt-generator (when active-skill
-                              (skill-probabilistic-prompt active-skill)))
-           (raw-prompt (if prompt-generator
-                           (funcall prompt-generator context)
-                           ;; Fallback: use raw user input
-                           (let ((p (proto-get (proto-get context :payload) :text)))
-                             (if (and p (stringp p))
-                                 p
-                                 "Maintain metabolic stasis."))))
-           (system-prompt (format nil
-                                   "IDENTITY: ~a
-
-You are a component of the OpenCortex neurosymbolic AI agent.
-Your task is to generate exactly ONE valid Lisp plist response.
-
-MANDATE: Respond with ONE Lisp plist. Never output prose.
-
-IMPORTANT: To reply to the user, you MUST use:
-(:TYPE :REQUEST :PAYLOAD (:ACTION :MESSAGE :TEXT \"<Response Text>\"))
-
-To call a tool, you MUST use:
-(:TYPE :REQUEST :TARGET :TOOL :ACTION :CALL :TOOL \"<name>\" :ARGS (:arg1 \"val\"))
-
-MANDATORY VALIDATION RULE: Before declaring any Lisp code edit complete,
-you MUST call the `:validate-lisp` tool with the proposed code. If the tool
-returns `:status :error`, read the `:reason` and `:failed` fields, fix the
-defect, and re-validate. You are strictly forbidden from relying on your
-own paren-balancing or syntax intuition.
-
-PROVIDER RULE: Always use the default cascade provider unless a specific
-model or capability is required for the task.
-
-AVAILABLE TOOLS:
-~a
-
-GLOBAL CONTEXT:
-~a
-
-RECENT LOGS:
-~a"
-                                   assistant-name
-                                   tool-belt
-                                   global-context
-                                   system-logs)))
-
-      ;; Call LLM and process response
-      (let* ((thought (probabilistic-call raw-prompt
-                                           :system-prompt system-prompt
-                                           :context context))
-             (cleaned (strip-markdown thought))
-             (meta (proto-get context :meta))
-             (source (proto-get meta :source)))
-
-        (when cleaned
-          (harness-log "THINK: LLM raw output = ~a"
-                       (subseq cleaned 0 (min 200 (length cleaned)))))
-
-        ;; Parse LLM response
-        (if (and cleaned (stringp cleaned) (> (length cleaned) 0))
-            (let ((*read-eval* nil))
-              (if (char= (char cleaned 0) #\()
-                  ;; Response starts with paren - try to parse as plist
-                  (handler-case
-                      (let ((parsed (read-from-string cleaned)))
-                        (when parsed
-                          (harness-log "THINK: parsed = ~a" parsed)
-
-                          ;; Normalize keyword keys (LLM often returns TYPE instead of :TYPE)
-                          (let ((parsed-normalized (normalize-plist-keywords parsed))
-                                (type (proto-get parsed :TYPE))
-                                (target (or (proto-get parsed :TARGET)
-                                           (proto-get parsed :target))))
-
-                            (cond
-                              ;; Recognized message type - use directly
-                              ((member type '(:REQUEST :EVENT :STATUS :RESPONSE))
-                               (unless (proto-get parsed :target)
-                                 (setf (getf parsed :target) (or source :CLI)))
-                               parsed-normalized)
-
-                              ;; Tool call detected - wrap in standard envelope
-                              ((or (eq target :TOOL)
-                                   (eq target :tool)
-                                   (getf parsed :TOOL)
-                                   (getf parsed :tool)
-                                   (and (listp parsed)
-                                        (listp (car parsed))
-                                        (keywordp (caar parsed))))
-                               (list :TYPE :REQUEST
-                                     :TARGET :TOOL
-                                     :PAYLOAD (normalize-plist-keywords parsed)))
-
-                              ;; Unknown format - treat as user message
-                              (t
-                               (list :TYPE :REQUEST
-                                     :TARGET (or source :CLI)
-                                     :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned)))))))
-                    (error (c)
-                      (harness-log "THINK ERROR: ~a" c)
-                      (list :TYPE :REQUEST
-                            :TARGET (or source :CLI)
-                            :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned))))
-
-                  ;; No leading paren - treat as plain text message
-                  (list :TYPE :REQUEST
-                        :TARGET (or source :CLI)
-                        :PAYLOAD (list :ACTION :MESSAGE :TEXT cleaned))))
-
-            ;; No response from LLM
-            thought)))))
-
-(defun deterministic-verify (proposed-action context)
-  "Run all skill deterministic gates on a proposed action.
-
-  Each skill can define a deterministic function that either:
-  - Passes the action through unchanged
-  - Modifies the action (adds explanation, changes target, etc.)
-  - Blocks the action (returns a :LOG message instead)
-
-  Skills are sorted by priority (highest first). A skill with higher
-  priority can intercept and modify actions before lower-priority
-  skills see them.
-
-  The Bouncer Pattern: If any skill returns a :LOG or :EVENT type,
-  processing stops and that message is returned immediately. This
-  allows skills to veto actions.
-
-  Example skill chain:
-  1. Policy skill (priority 500) - checks for missing explanations
-  2. Protocol validator (priority 95) - validates message schema
-  3. Shell actuator guard (priority 50) - checks command whitelist"
-
-  (let ((current-action proposed-action)
-        (skills nil))
-
-    ;; Collect all skills with deterministic functions
-    (maphash (lambda (name skill)
-               (declare (ignore name))
-               (when (skill-deterministic-fn skill)
-                 (push skill skills)))
-             *skills-registry*)
-
-    ;; Sort by priority (highest first)
-    (setf skills (sort skills #'> :key #'skill-priority))
-
-    ;; Run each skill's gate
-    (dolist (skill skills)
-      (let ((trigger (skill-trigger-fn skill))
-            (gate (skill-deterministic-fn skill)))
-
-        ;; Skill activates if no trigger or trigger returns true
-        (when (or (null trigger)
-                  (ignore-errors (funcall trigger context)))
-
-          ;; Run the gate
-          (let ((next-action (funcall gate current-action context)))
-            (let ((original-type (proto-get current-action :type)))
-
-              ;; Check if skill intercepted (returned LOG/EVENT instead of REQUEST)
-              (when (and (listp next-action)
-                         (member (proto-get next-action :type)
-                                '(:LOG :EVENT :log :event))
-                         (or (not (member original-type '(:LOG :EVENT :log :event)))
-                             (not (eq next-action current-action))))
-
-                ;; Skill blocked or modified - stop processing
-                (harness-log "DETERMINISTIC: Intercepted by skill '~a'"
-                            (skill-name skill))
-                (return-from deterministic-verify next-action)))
-
-            ;; Action passed through - continue to next skill
-            (setf current-action next-action)))))
-
-    ;; Return final action (may be modified by skills, or original if all passed)
-    current-action))
-
-(defun reason-gate (signal)
-  "Stage 2 of the metabolic pipeline: Reason.
-
-  Transforms perceived signals into approved actions by combining:
-  1. Probabilistic reasoning (LLM generates proposal)
-  2. Deterministic verification (skills validate proposal)
-
-  Only processes :EVENT signals with :user-input or :chat-message sensors.
-  Other signals pass through unchanged (heartbeats, tool outputs, etc.).
-
-  Modifies the signal in place by setting:
-  - :approved-action - The final verified action, or NIL
-  - :status - :reasoned
-
-  Returns the modified signal."
-
-  (let* ((type (proto-get signal :type))
-         (payload (proto-get signal :payload))
-         (sensor (proto-get payload :sensor)))
-
-    ;; Only reason about user input, not internal signals
-    (unless (and (eq type :EVENT)
-                (member sensor '(:user-input :chat-message)))
-      (return-from reason-gate signal))
-
-    ;; Generate proposal via LLM
-    (let ((candidate (think signal)))
-
-      (harness-log "REASON: candidate type = ~a" (type-of candidate))
-
-      ;; Validate candidate is a proper plist (not an error string or symbol)
-      (if (and candidate
-               (listp candidate)
-               (or (keywordp (car candidate))
-                   (eq (car candidate) 'TYPE)
-                   (eq (car candidate) 'type)))
-
-          ;; Valid proposal - run through deterministic verification
-          (setf (getf signal :approved-action)
-                (deterministic-verify candidate signal))
-
-          ;; Invalid response - log and drop
-          (progn
-            (harness-log "REASON: Invalid candidate type ~a, dropping"
-                         (type-of candidate))
-            (setf (getf signal :approved-action) nil)))
-
-      (setf (getf signal :status) :reasoned)
-      signal)))
--- a/library/skills.lisp
+++ b/library/skills.lisp
@@ -1,429 +0,0 @@
-(in-package :opencortex)
-
-(defun COSINE-SIMILARITY (v1 v2)
-  "Computes the cosine similarity between two vectors.
-Both arguments should be sequences of numbers. Returns a value between -1.0 and 1.0."
-  (let ((len1 (length v1)) (len2 (length v2)))
-    (if (or (zerop len1) (zerop len2))
-        0.0
-        (let ((dot-product 0.0d0)
-              (norm1 0.0d0)
-              (norm2 0.0d0))
-          (let ((len (min len1 len2)))
-            (dotimes (i len)
-              (let ((x (coerce (elt v1 i) 'double-float)))
-                (let ((y (coerce (elt v2 i) 'double-float)))
-                  (incf dot-product (* x y))
-                  (incf norm1 (* x x))
-                  (incf norm2 (* y y))))))
-          (if (or (zerop norm1) (zerop norm2))
-              0.0
-              (/ dot-product (sqrt (* norm1 norm2))))))))
-(defun VAULT-MASK-STRING (s) "[MASKED]") ; Stub
-(defvar *VAULT-MEMORY* (make-hash-table :test 'equal))
-
-
-(defstruct skill name priority dependencies trigger-fn probabilistic-prompt deterministic-fn)
-
-(defvar *skill-catalog* (make-hash-table :test 'equal)
-  "A stateful tracking table for all skill files discovered in the environment.")
-
-(defstruct skill-entry 
-  filename 
-  (status :discovered) ;; :discovered, :loading, :ready, :failed
-  error-log
-  (load-time 0))
-
-(defun find-triggered-skill (context)
-  "Returns the highest priority skill whose trigger matches context AND has a probabilistic prompt."
-  (let ((triggered nil))
-    (maphash (lambda (name skill) 
-               (declare (ignore name)) 
-               (when (and (skill-probabilistic-prompt skill)
-                          (ignore-errors (funcall (skill-trigger-fn skill) context)))
-                 (push skill triggered))) 
-             *skills-registry*)
-    (first (sort triggered #'> :key #'skill-priority))))
-
-(defmacro defskill (name &key priority dependencies trigger probabilistic deterministic)
-  "Registers a new skill into the global registry."
-  `(setf (gethash (string-downcase (string ,name)) *skills-registry*)
-         (make-skill :name (string-downcase (string ,name)) 
-                     :priority (or ,priority 10) 
-                     :dependencies ',dependencies
-                     :trigger-fn ,trigger 
-                     :probabilistic-prompt ,probabilistic 
-                     :deterministic-fn ,deterministic)))
-
-(defun resolve-skill-dependencies (skill-name)
-  "Recursively resolves dependencies for a given skill name."
-  (let ((resolved nil) (seen nil))
-    (labels ((visit (name) 
-               (unless (member name seen :test #'equal) 
-                 (push name seen)
-                 (let ((skill (gethash (string-downcase (string name)) *skills-registry*)))
-                   (when skill 
-                     (dolist (dep (skill-dependencies skill)) 
-                       (visit dep))))
-                 (push name resolved))))
-      (visit skill-name) 
-      (nreverse resolved))))
-
-(defun parse-skill-metadata (filepath)
-  "Extracts ID and DEPENDS_ON tags using robust regex scanning."
-  (let ((dependencies nil)
-        (id nil)
-        (content (uiop:read-file-string filepath)))
-    ;; Extract ID
-    (multiple-value-bind (match regs)
-        (ppcre:scan-to-strings "(?im:^:ID:\\s*([^\\s\\r\\n]+))" content)
-      (when match (setf id (aref regs 0))))
-    ;; Extract all DEPENDS_ON lines
-    (ppcre:do-register-groups (deps-string)
-        ("(?im:^#\\+DEPENDS_ON:\\s*(.*))" content)
-      (let ((deps (ppcre:split "\\s+" (string-trim " " deps-string))))
-        (setf dependencies (append dependencies (mapcar (lambda (s) (string-trim "[] " s)) deps)))))
-    (values id (remove-if (lambda (s) (= 0 (length s))) dependencies))))
-
-(defun topological-sort-skills (skills-dir)
-  "Returns a list of skill filepaths sorted by dependency (dependencies first)."
-  (let ((files (uiop:directory-files skills-dir "org-skill-*.org"))
-        (adj (make-hash-table :test 'equal))
-        (name-to-file (make-hash-table :test 'equal))
-        (id-to-file (make-hash-table :test 'equal))
-        (result nil)
-        (visited (make-hash-table :test 'equal))
-        (stack (make-hash-table :test 'equal)))
-    (dolist (file files)
-      (let ((filename (pathname-name file)))
-        (multiple-value-bind (id deps) (parse-skill-metadata file)
-          (setf (gethash (string-downcase filename) name-to-file) file)
-          (when id (setf (gethash (string-downcase id) id-to-file) file))
-          (setf (gethash (string-downcase filename) adj) deps))))
-    (labels ((visit (file)
-               (let* ((filename (pathname-name file))
-                      (node-key (string-downcase filename)))
-                 (unless (gethash node-key visited)
-                   (setf (gethash node-key stack) t)
-                   (dolist (dep (gethash node-key adj))
-                     (let* ((is-id-p (uiop:string-prefix-p "id:" (string-downcase dep)))
-                            (dep-key (string-downcase (if is-id-p (subseq dep 3) dep)))
-                            (dep-file (if is-id-p 
-                                          (gethash dep-key id-to-file)
-                                          (or (gethash dep-key id-to-file)
-                                              (gethash dep-key name-to-file)))))
-                       (when dep-file
-                         (let ((dep-filename (pathname-name dep-file)))
-                           (if (gethash (string-downcase dep-filename) stack)
-                               (error "Circular dependency detected: ~a -> ~a" filename dep-filename)
-                               (visit dep-file))))))
-                   (setf (gethash node-key stack) nil)
-                   (setf (gethash node-key visited) t)
-                   (push file result)))))
-      (let ((filenames (sort (mapcar #'pathname-name files) #'string<)))
-        (dolist (name filenames)
-          (let ((file (gethash (string-downcase name) name-to-file)))
-            (when file (visit file)))))
-      (nreverse result))))
-
-(defun validate-lisp-syntax (code-string)
-  "Checks if a string contains valid, readable Common Lisp forms.
-Delegates to the Lisp Validator skill when available; falls back to a basic
-reader check during early boot before the validator skill is loaded."
-  (let ((result
-          (if (fboundp 'lisp-validator-validate)
-              (lisp-validator-validate code-string :strict nil)
-              (handler-case
-                  (let ((*read-eval* nil))
-                    (with-input-from-string (stream (format nil "(progn ~a)" code-string))
-                      (loop for form = (read stream nil :eof) until (eq form :eof)))
-                    (list :status :success))
-                (error (c)
-                  (list :status :error :reason (format nil "~a" c)))))))
-    (if (eq (getf result :status) :success)
-        (values t nil)
-        (values nil (or (getf result :reason) "Lisp Validator rejected code.")))))
-
-(defun load-skill-from-org (filepath)
-  "Parses and evaluates Lisp blocks with :tangle directives from an Org file.
-Only loads blocks that specify a .lisp tangle target, ignoring tests and examples."
-  (let* ((skill-base-name (pathname-name filepath))
-         (entry (or (gethash skill-base-name *skill-catalog*) (make-skill-entry :filename skill-base-name))))
-    (setf (skill-entry-status entry) :loading)
-    (setf (gethash skill-base-name *skill-catalog*) entry)
-    
-    (handler-case
-        (let* ((content (uiop:read-file-string filepath)) 
-               (lines (uiop:split-string content :separator '(#\Newline)))
-               (in-lisp-block nil) 
-               (collect-this-block nil)
-               (lisp-code "") 
-               (pkg-name (intern (string-upcase (format nil "OPENCORTEX.SKILLS.~a" skill-base-name)) :keyword)))
-          
-          (dolist (line lines)
-            (let ((clean-line (string-trim '(#\Space #\Tab #\Return) line)))
-              (cond ((uiop:string-prefix-p "#+begin_src lisp" (string-downcase clean-line))
-                     (setf in-lisp-block t)
-                     ;; Only collect blocks with a :tangle directive pointing to a
-                     ;; runtime .lisp file (exclude tests and :tangle no)
-                     (let ((tl (string-downcase clean-line)))
-                       (setf collect-this-block
-                             (and (search ":tangle" tl)
-                                  (not (search ":tangle no" tl))
-                                  (search ".lisp" tl)
-                                  (not (search "tests/" tl))
-                                  (not (search "test/" tl))))))
-                     ((uiop:string-prefix-p "#+end" (string-downcase clean-line))
-                      (setf in-lisp-block nil)
-                      (setf collect-this-block nil))
-                    ((and in-lisp-block collect-this-block)
-                     (unless (or (uiop:string-prefix-p ":PROPERTIES:" (string-upcase clean-line))
-                                 (uiop:string-prefix-p ":END:" (string-upcase clean-line)))
-                       (setf lisp-code (concatenate 'string lisp-code line (string #\Newline))))))))
-          
-          (if (= (length lisp-code) 0)
-              (progn (setf (skill-entry-status entry) :ready) t)
-              (progn
-                (multiple-value-bind (valid-p err) (validate-lisp-syntax lisp-code)
-                  (unless valid-p (error "Syntax Error: ~a" err)))
-                (harness-log "HARNESS: Jailing skill '~a' in package ~a" skill-base-name pkg-name)
-                (unless (find-package pkg-name)
-                  (let ((new-pkg (make-package pkg-name :use '(:cl))))
-                    (use-package :opencortex new-pkg)))
-                (let ((*read-eval* nil) (*package* (find-package pkg-name)))
-                  (eval (read-from-string (format nil "(progn ~a)" lisp-code))))
-                (setf (skill-entry-status entry) :ready)
-                t)))
-      (error (c)
-        (let ((msg (format nil "~a" c)))
-          (harness-log "LOADER ERROR in skill '~a': ~a" skill-base-name msg)
-          (setf (skill-entry-status entry) :failed)
-          (setf (skill-entry-error-log entry) msg)
-          nil)))))
-
-(defun load-skill-with-timeout (filepath timeout-seconds)
-  "Loads a skill Org file with a hard execution timeout."
-  (let* ((finished nil)
-         (thread (bt:make-thread (lambda () 
-                                   (if (load-skill-from-org filepath)
-                                       (setf finished t)
-                                       (setf finished :error)))
-                                 :name (format nil "loader-~a" (pathname-name filepath))))
-         (start-time (get-internal-real-time))
-         (timeout-units (truncate (* timeout-seconds internal-time-units-per-second))))
-    (loop 
-      (when (eq finished t) (return :success))
-      (when (eq finished :error) (return :error))
-      (unless (bt:thread-alive-p thread) (return :error))
-      (when (> (- (get-internal-real-time) start-time) timeout-units)
-        (harness-log "HARNESS: Timing out skill ~a..." (pathname-name filepath))
-        #+sbcl (sb-thread:terminate-thread thread)
-        #-sbcl (bt:destroy-thread thread)
-        (return :timeout))
-      (sleep 0.05))))
-
-(defun initialize-all-skills ()
-  "Scans the directory defined by SKILLS_DIR and hot-loads skills using topological order."
-  (let* ((env-path (uiop:getenv "SKILLS_DIR"))
-         (skills-dir-str (or env-path (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-         (resolved-path (context-resolve-path skills-dir-str))
-         (skills-dir (if resolved-path (uiop:ensure-directory-pathname resolved-path) nil)))
-    
-    (unless (and skills-dir (uiop:directory-exists-p skills-dir))
-      (harness-log "HARNESS ERROR: Skills directory not found: ~a" skills-dir-str)
-      (return-from initialize-all-skills nil))
-
-    (let ((sorted-files (topological-sort-skills skills-dir)))
-      (let* ((mandatory-env (uiop:getenv "MANDATORY_SKILLS"))
-             (mandatory-skills (if mandatory-env 
-                                   (mapcar (lambda (s) (string-trim '(#\Space #\" #\') s)) 
-                                           (uiop:split-string mandatory-env :separator '( #\,)))
-                                   '("org-skill-policy" "org-skill-bouncer"))))
-        (dolist (req mandatory-skills)
-          (unless (member req sorted-files :key #'pathname-name :test #'string-equal)
-            (error "BOOT FAILURE: Mandatory skill '~a' not found in skills directory: ~a" req (uiop:native-namestring skills-dir))))
-      
-        (harness-log "==================================================")
-        (harness-log " LOADER: Initializing ~a skills..." (length sorted-files))
-      
-        (dolist (file sorted-files)
-          (let* ((skill-name (pathname-name file))
-                 (is-mandatory (member skill-name mandatory-skills :test #'string-equal)))
-            (harness-log " LOADER: Loading ~a..." skill-name)
-            (let ((status (load-skill-with-timeout file 5)))
-              (unless (eq status :success)
-                (if is-mandatory
-                    (error "BOOT FAILURE: Mandatory skill '~a' failed to load (Status: ~a)." skill-name status)
-                    (harness-log "LOADER WARNING: Skill '~a' failed to load." skill-name))))))
-      
-        (let ((ready 0) (failed 0))
-          (maphash (lambda (k v) 
-                     (declare (ignore k))
-                     (if (eq (skill-entry-status v) :ready) (incf ready) (incf failed)))
-                   *skill-catalog*)
-          (harness-log " LOADER: Boot Complete. [Ready: ~a] [Failed: ~a]" ready failed)
-          (harness-log "==================================================")
-          (values ready failed))))))
-
-(defun generate-tool-belt-prompt ()
-  "Aggregates all registered cognitive tools into a descriptive prompt."
-  (let ((output (format nil "AVAILABLE TOOLS:
-You can call tools by returning a Lisp plist: (:target :tool :action :call :tool <name> :args (...))
-
-EXAMPLES:
-(:target :tool :action :call :tool \"eval\" :args (:code \"(+ 1 1)\"))
-(:target :tool :action :call :tool \"grep-search\" :args (:pattern \"autonomousty\"))
-(:target :tool :action :call :tool \"shell\" :args (:cmd \"ls -la\"))
-
---
-" )))
-    (maphash (lambda (name tool)
-               (setf output (concatenate 'string output
-                                         (format nil "- ~a: ~a~%  Parameters: ~s~%~%"
-                                                 name
-                                                 (cognitive-tool-description tool)
-                                                 (cognitive-tool-parameters tool)))))
-             *cognitive-tools*)
-    output))
-
-(def-cognitive-tool :eval "Evaluates raw Common Lisp code in the harness image. Use this for complex calculations or internal state inspection."
-  ((:code :type :string :description "The Lisp code to evaluate"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((code (getf args :code)))
-             (let ((harness-pkg (find-package :opencortex.skills.org-skill-lisp-validator)))
-               (if harness-pkg 
-                   (uiop:symbol-call :opencortex.skills.org-skill-lisp-validator :lisp-validator-validate code)
-                   t))))
-  :body (lambda (args)
-          (let ((code (getf args :code)))
-            (handler-case (let ((result (eval (read-from-string code))))
-                            (format nil "~s" result))
-              (error (c) (format nil "ERROR: ~a" c))))))
-
-(def-cognitive-tool :grep-search "Searches for a pattern in the project files."
-  ((:pattern :type :string :description "The regex pattern to search for")
-   (:dir :type :string :description "Directory to search in (default is project root)"))
-  :body (lambda (args)
-          (let ((pattern (getf args :pattern))
-                (dir (or (getf args :dir) (uiop:getenv "MEMEX_DIR"))))
-            (uiop:run-program (list "grep" "-r" "-n" "--exclude-dir=node_modules" pattern dir) 
-                              :output :string :ignore-error-status t))))
-
-(def-cognitive-tool :shell "Executes a shell command on the local machine. Use this for file operations, system checks, or running tests."
-  ((:cmd :type :string :description "The full bash command to execute"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((cmd (getf args :cmd)))
-             (not (or (search "rm -rf /" cmd) (search ":(){ :|:& };:" cmd)))))
-  :body (lambda (args)
-          (let ((cmd (getf args :cmd)))
-            (multiple-value-bind (out err code)
-                (uiop:run-program (list "bash" "-c" cmd) :output :string :error-output :string :ignore-error-status t)
-              (format nil "EXIT-CODE: ~a~%~%STDOUT:~%~a~%~%STDERR:~%~a" code out err)))))
-
-(def-cognitive-tool :reload-skill "Reloads a skill from its Org-mode source file, recompiling into the live image without restarting the daemon."
-  ((:skill :type :string :description "The skill name (e.g., \"org-skill-policy\") or full path to the .org file"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let ((skill (getf args :skill)))
-             (or (uiop:file-exists-p skill)
-                 (let ((skills-dir (or (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                       (namestring (merge-pathnames "notes/" (user-homedir-pathname))))))
-                   (uiop:file-exists-p (merge-pathnames (format nil "~a.org" skill) skills-dir))))))
-  :body (lambda (args)
-          (let ((skill (getf args :skill)))
-            (snapshot-memory)
-            (let ((skills-dir (or (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                  (namestring (merge-pathnames "notes/" (user-homedir-pathname)))))
-                 (resolved-path (context-resolve-path skills-dir))
-                 (skills-dir-actual (if (ignore-errors (uiop:getenv "SKILLS_DIR"))
-                                        (uiop:ensure-directory-pathname (context-resolve-path (uiop:getenv "SKILLS_DIR")))
-                                        (uiop:ensure-directory-pathname (user-homedir-pathname)))))
-              (let ((file (if (uiop:file-exists-p skill)
-                             (uiop:ensure-pathname skill)
-                             (merge-pathnames (format nil "~a.org" skill) skills-dir-actual))))
-                (cond
-                  ((not (uiop:file-exists-p file))
-                   (format nil "ERROR: Skill file not found: ~a" (uiop:native-namestring file)))
-                  (t
-                   (harness-log "SKILL: Hot-reloading ~a..." (pathname-name file))
-                   (let ((status (load-skill-with-timeout file 10)))
-                     (if (eq status :success)
-                         (let ((base-name (pathname-name file)))
-                           (setf (skill-entry-status (gethash base-name *skill-catalog*)) :ready)
-                           (format nil "OK: Skill '~a' reloaded successfully." base-name))
-                         (format nil "ERROR: Reload failed with status ~a" status))))))))))
-
-(def-cognitive-tool :read-file "Reads the contents of a file as a string."
-  ((:file :type :string :description "The path to the file to read"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file)))
-            (handler-case
-                (uiop:read-file-string file)
-              (error (c)
-                (format nil "ERROR reading ~a: ~a" file c))))))
-
-(def-cognitive-tool :write-file "Writes content to a file, creating it if it doesn't exist."
-  ((:file :type :string :description "The path to the file to write")
-   (:content :type :string :description "The content to write")
-   (:append :type :string :description "\"t\" to append instead of overwriting (optional)"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (content (getf args :content))
-                (append-p (string-equal (getf args :append) "t")))
-            (handler-case
-                (progn
-                  (snapshot-memory)
-                  (with-open-file (out file
-                                      :direction :output
-                                      :if-exists (if append-p :append :supersede)
-                                      :if-does-not-exist :create)
-                    (write-string content out))
-                  (format nil "OK: ~a written to ~a" 
-                          (if append-p "content appended" "file written")
-                          file))
-              (error (c)
-                (format nil "ERROR writing ~a: ~a" file c))))))
-
-(def-cognitive-tool :replace-string "Replaces occurrences of old-string with new-string in a file."
-  ((:file :type :string :description "The path to the file")
-   (:old :type :string :description "The substring to find and replace")
-   (:new :type :string :description "The replacement string"))
-  :guard (lambda (args context)
-           (declare (ignore context))
-           (let* ((file (getf args :file))
-                  (memex-root (or (uiop:getenv "MEMEX_DIR") "/home/user/memex"))
-                  (truename (ignore-errors (namestring (truename file)))))
-             (or (null truename)
-                 (str:starts-with-p memex-root truename))))
-  :body (lambda (args)
-          (let ((file (getf args :file))
-                (old (getf args :old))
-                (new (getf args :new)))
-            (handler-case
-                (progn
-                  (snapshot-memory)
-                  (let ((content (uiop:read-file-string file)))
-                    (if (search old content)
-                        (let ((new-content (cl-ppcre:regex-replace-all (cl-ppcre:quote-meta-chars old) content new)))
-                          (with-open-file (out file :direction :output :if-exists :supersede)
-                            (write-string new-content out))
-                          (format nil "OK: Replaced first occurrence in ~a" file))
-                        (format nil "ERROR: Pattern not found in ~a" file))))
-              (error (c)
-                (format nil "ERROR replacing in ~a: ~a" file c))))))
--- a/library/tui-client.lisp
+++ b/library/tui-client.lisp
@@ -1,235 +0,0 @@
-(in-package :cl-user)
-(defpackage :opencortex.tui
-  (:use :cl :croatoan)
-  (:export :main))
-(in-package :opencortex.tui)
-
-(defvar *daemon-host* "127.0.0.1")
-(defvar *daemon-port* 9105)
-(defvar *socket* nil)
-(defvar *stream* nil)
-(defvar *chat-history* (list))
-(defvar *status-text* "Connecting...")
-(defvar *input-buffer* (make-array 0 :element-type 'char :fill-pointer 0 :adjustable t))
-(defvar *command-history* (make-array 0 :element-type 't :fill-pointer 0 :adjustable t))
-(defvar *history-index* -1)
-(defvar *input-mode* :single)  ; :single or :multi
-(defvar *is-running* t)
-(defvar *queue-lock* (bt:make-lock))
-(defvar *incoming-msgs* nil)
-
-(defun enqueue-msg (msg)
-  (bt:with-lock-held (*queue-lock*)
-    (push msg *incoming-msgs*)))
-
-(defun add-to-history (cmd)
-  "Add command to history, preserving most recent."
-  (when (and cmd (> (length cmd) 0))
-    ;; Don't duplicate the last command
-    (unless (and (> (length *command-history*) 0)
-                  (string= cmd (aref *command-history* (1- (length *command-history*))))))
-      (vector-push-extend cmd *command-history* :adjustable t))
-    (setf *history-index* (length *command-history*))))
-
-(defun history-previous ()
-  "Navigate to previous command in history."
-  (when (> (length *command-history*) 0)
-    (setf *history-index* (max 0 (1- *history-index*)))
-    (let ((cmd (aref *command-history* *history-index*)))
-      (setf (fill-pointer *input-buffer*) 0)
-      (loop for ch across cmd do (vector-push-extend ch *input-buffer*))
-      cmd)))
-
-(defun history-next ()
-  "Navigate to next command in history."
-  (when (and *history-index* (< *history-index* (1- (length *command-history*))))
-    (setf *history-index* (1+ *history-index*))
-    (let ((cmd (aref *command-history* *history-index*)))
-      (setf (fill-pointer *input-buffer*) 0)
-      (loop for ch across cmd do (vector-push-extend ch *input-buffer*))
-      cmd))
-  (when (>= *history-index* (1- (length *command-history*)))
-    (setf (fill-pointer *input-buffer*) 0)))
-
-(defun dequeue-msgs ()
-  (bt:with-lock-held (*queue-lock*)
-    (let ((msgs (nreverse *incoming-msgs*)))
-      (setf *incoming-msgs* nil)
-      msgs)))
-
-(defun clean-keywords (msg)
-  (if (listp msg)
-      (let ((clean nil))
-        (loop for (k v) on msg by #'cddr
-              do (push (intern (string k) :keyword) clean)
-                 (push v clean))
-        (nreverse clean))
-      msg))
-
-(defun format-payload (payload)
-  "Extracts human-readable text from a protocol payload, handling nested tool calls."
-  (let* ((action (getf payload :ACTION))
-         (text (getf payload :TEXT))
-         (msg (getf payload :MESSAGE))
-         (tool (getf payload :TOOL))
-         (prompt (getf payload :PROMPT))
-         (args (getf payload :ARGS))
-         (result (getf payload :RESULT)))
-    (cond (text text)
-          (msg msg)
-          ((eq action :MESSAGE) (getf payload :TEXT))
-          ((and tool prompt) (format nil "🤔 ~a: ~a" tool prompt))
-          ((and tool args) 
-           (let ((inner-prompt (or (getf args :PROMPT) (getf args :TEXT))))
-             (if inner-prompt
-                 (format nil "🤔 ~a: ~a" tool inner-prompt)
-                 (format nil "🔧 ~a args: ~s" tool args))))
-          (result (format nil "✅ ~a" result))
-          (t (format nil "~s" payload)))))
-
-(defun format-incoming (msg)
-  "Formats incoming message with styling."
-  (let ((type (or (getf msg :TYPE) (getf msg :type)))
-        (payload (or (getf msg :PAYLOAD) (getf msg :payload))))
-    (cond
-      ((and (listp msg) (eq type :EVENT))
-       (let ((action (or (getf payload :ACTION) (getf payload :action)))
-             (text (or (getf payload :TEXT) (getf payload :text) (getf payload :MESSAGE) (getf payload :message)))))
-         (cond ((eq action :handshake) (format nil "👋 ~a" (or text "Connected")))
-               ((eq action :thinking) (format nil "🤔 ~a" (or text "Thinking...")))
-               ((eq action :tool-complete) (format nil "🔧 Done"))
-               (text (format nil "💬 ~a" text))
-               (t (format nil "📢 ~s" msg)))))
-      ((and (listp msg) (eq type :STATUS))
-       (format nil "🔄 Scribe: ~a | Gardener: ~a" 
-               (or (getf msg :SCRIBE) "idle")
-               (or (getf msg :GARDENER) "idle")))
-      ((and (listp msg) (member type '(:REQUEST :RESPONSE :LOG)))
-       (format-payload payload))
-      ((and (listp msg) (eq type :EVENT) (eq (getf payload :SENSOR) :TOOL-OUTPUT))
-       (format nil "🔧 ~a" (getf payload :RESULT)))
-      (t (format nil "~s" msg))))
-
-(defun listen-thread ()
-  (loop while *is-running* do
-    (handler-case
-        (when (and *stream* (open-stream-p *stream*))
-          (let ((raw-msg (opencortex:read-framed-message *stream*)))
-            (unless (member raw-msg '(:eof :error))
-              (let* ((msg (clean-keywords raw-msg))
-                     (type (or (getf msg :TYPE) (getf msg :type)))
-                     (payload (or (getf msg :PAYLOAD) (getf msg :payload))))
-                (cond ((and (listp msg) (eq type :EVENT))
-                       (let ((action (or (getf payload :ACTION) (getf payload :action)))
-                             (text (or (getf payload :TEXT) (getf payload :text) (getf payload :MESSAGE) (getf payload :message))))
-                         (cond ((eq action :handshake) (setf *status-text* "Ready"))
-                               (text (enqueue-msg (format nil "SYSTEM: ~a" text))))))
-                      ((and (listp msg) (eq type :STATUS))
-                       (setf *status-text* (format nil "[Scribe: ~a] [Gardener: ~a]" 
-                                                   (or (getf msg :SCRIBE) (getf msg :scribe))
-                                                   (or (getf msg :GARDENER) (getf msg :gardener)))))
-                      ((and (listp msg) (member type '(:REQUEST :RESPONSE :LOG)))
-                       (let ((formatted (format-payload payload)))
-                         (when formatted (enqueue-msg formatted))))
-                      ((and (listp msg) (eq type :EVENT) (eq (getf payload :SENSOR) :TOOL-OUTPUT))
-                       (let ((formatted (format-payload payload)))
-                         (when formatted (enqueue-msg formatted))))
-                      (t (harness-log "TUI: Ignored unknown type ~a" type)))))
-            (when (eq raw-msg :eof) (setf *is-running* nil))
-            (when (eq raw-msg :error) (setf *status-text* "Protocol Error"))))
-      (error (c) (setf *status-text* (format nil "Net Error: ~a" c)) (setf *is-running* nil)))
-    (sleep 0.05)))
-
-(defun main ()
-  (handler-case
-      (setf *socket* (usocket:socket-connect *daemon-host* *daemon-port*))
-    (error (e) (format t "Error connecting: ~a~%" e) (return-from main)))
-  (setf *stream* (usocket:socket-stream *socket*))
-  (bt:make-thread #'listen-thread :name "tui-listener")
-  
-  (unwind-protect
-      (with-screen (scr :input-echoing nil :input-blocking nil :enable-colors t :cursor-visible t :window-border-chars #\┌#\─#\┐#\│#\└#\┘#\─#\│)
-        (let* ((h (height scr))
-               (w (width scr))
-               (chat-height (- h 5))
-               (chat-win (make-instance 'window :height chat-height :width (- w 2) :position (list 1 1) :border t))
-               (status-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 4) 1) :border t))
-               (help-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 3) 1)))
-               (input-win (make-instance 'window :height 1 :width (- w 2) :position (list (- h 2) 1) :border t))
-               (last-status nil))
-           
-           ;; Draw help once
-           (add-string help-win "↑↓ History | Esc Clear | /help /exit | Multi-line: Shift+Enter" :y 0 :x 0 :attributes '(:bold))
-           (refresh help-win)
-           
-           (setf (function-keys-enabled-p input-win) t)
-           (setf (input-blocking input-win) nil)
-
-           (loop while *is-running* do
-             ;; 1. Handle incoming messages
-             (let ((new-msgs (dequeue-msgs)))
-               (when new-msgs
-                 (dolist (msg new-msgs)
-                   (let ((formatted (format-incoming msg)))
-                     (when formatted 
-                       (push formatted *chat-history*)
-                       (setf *chat-history* (subseq *chat-history* 0 (min (length *chat-history*) 500))))))
-                 
-                 (clear chat-win)
-                 (let ((line-num 1))
-                   (dolist (m (reverse (subseq *chat-history* 0 (min (length *chat-history*) (- chat-height 3)))))
-                     (add-string chat-win (format nil "│ ~a" m) :y line-num :x 1)
-                     (incf line-num)))
-                 ;; Add border line count
-                 (add-string chat-win (format nil "├─ ~d messages" (length *chat-history*)) :y (1- chat-height) :x 1 :attributes '(:dim))
-                 (refresh chat-win)))
-
-             ;; 2. Render Status Bar ONLY if changed
-             (unless (equal *status-text* last-status)
-               (clear status-win)
-               (add-string status-win (format nil "┤ ~a ┤" *status-text*) :y 0 :x 1 :attributes '(:reverse))
-               (refresh status-win)
-               (setf last-status *status-text*))
-
-              ;; 3. Handle Keyboard Input
-              (let* ((event (get-wide-event input-win))
-                     (ch (and event (typep event 'event) (event-key event))))
-                (when ch
-                  (cond
-                    ((or (eq ch #\Newline) (eq ch #\Return))
-                     (let ((cmd (coerce *input-buffer* 'string)))
-                       (setf (fill-pointer *input-buffer*) 0)
-                       (when (> (length cmd) 0)
-                         (add-to-history cmd)
-                         (enqueue-msg (format nil "⬆ ~a" cmd))
-                         (let ((framed (opencortex:frame-message (list :TYPE :EVENT 
-                                                                      :META (list :SOURCE :tui :SESSION-ID "default")
-                                                                      :PAYLOAD (list :SENSOR :user-input :TEXT cmd)))))
-                           (format *stream* "~a" framed)
-                           (finish-output *stream*)))
-                       (when (string= cmd "/exit") (setf *is-running* nil))
-                       (when (string= cmd "/clear") (setf *chat-history* nil))
-                       (when (string= cmd "/help") 
-                         (enqueue-msg "Available commands: /help /exit /clear /status")
-                         (enqueue-msg "Use ↑↓ for history, Esc to clear input"))))
-                    ((eq ch :up) (history-previous))
-                    ((eq ch :down) (history-next))
-                    ((eq ch :escape) 
-                     (setf (fill-pointer *input-buffer*) 0)
-                     (setf *history-index* (length *command-history*)))
-                    ((or (eq ch :backspace) (eq ch #\Backspace) (eq ch #\Rubout) (eq ch #\Del))
-                     (when (> (fill-pointer *input-buffer*) 0)
-                       (decf (fill-pointer *input-buffer*))))
-                    ((eq ch :shift-left)  ; Shift+Enter for multi-line
-                     (vector-push-extend #\Newline *input-buffer*))
-                    ((characterp ch)
-                     (vector-push-extend ch *input-buffer*))))
-                
-                (clear input-win)
-                (let ((prompt (if (> (fill-pointer *input-buffer*) 0) "│" "▶")))
-                  (add-string input-win (format nil "~a ~a" prompt (coerce *input-buffer* 'string)) :y 0 :x 1 :attributes (when (> (fill-pointer *input-buffer*) 0) '(:bold))))
-                (refresh input-win))
-             
-             (sleep 0.02))))
-    (setf *is-running* nil)
-    (when *socket* (usocket:socket-close *socket*))))
--- a/opencortex.asd
+++ b/opencortex.asd
@@ -1,84 +0,0 @@
-(defsystem :opencortex
-  :name "opencortex"
-  :author "Amr"
-  :version "0.1.0"
-  :license "AGPLv3"
-  :description "The Probabilistic-Deterministic Lisp Machine Harness"
-
-  :depends-on (:usocket              ; TCP socket networking
-               :bordeaux-threads     ; Threading (heartbeat, async sensors)
-               :dexador              ; HTTP client (LLM APIs)
-               :uiop                 ; Portable I/O, file operations
-               :cl-dotenv            ; Environment variable loading
-               :cl-ppcre             ; Regular expressions (parsing)
-               :hunchentoot          ; HTTP server (optional web interface)
-               :ironclad             ; Cryptography (Merkle hashing)
-               :str                  ; String utilities
-               :cl-json              ; JSON parsing/serialization
-               :uuid)                ; UUID generation for org-mode IDs
-
-  :serial t                          ; Load files in order listed below
-
-   :components ((:file "library/package")           ; Package definitions, core vars
-                (:file "library/skills")            ; Skill engine, cognitive tools
-                (:file "library/communication")     ; Protocol, framing
-                (:file "library/communication-validator") ; Schema validation
-                (:file "library/memory")            ; Org-object store, snapshots
-                (:file "library/context")           ; Context assembly, query
-                (:file "library/perceive")         ; Stage 1: Sensory normalization
-                (:file "library/reason")           ; Stage 2: Neural + deterministic
-                (:file "library/act")               ; Stage 3: Actuation
-                (:file "library/loop"))             ; Main entry, heartbeat
-
-  :build-operation "program-op"
-  :build-pathname "opencortex-server"
-  :entry-point "opencortex:main")
-
-(defsystem :opencortex/tests
-  :depends-on (:opencortex           ; The harness we're testing
-               :fiveam)              ; Testing framework
-
-   :components ((:file "library/gen/org-skill-engineering-standards")
-                 (:file "library/gen/org-skill-literate-programming")
-                 (:file "library/gen/org-skill-self-edit")
-                 (:file "library/gen/org-skill-emacs-edit")
-                 (:file "library/gen/org-skill-lisp-utils")
-                 (:file "tests/engineering-standards-tests")
-                 (:file "tests/literate-programming-tests")
-                 (:file "tests/pipeline-perceive-tests")
-                 (:file "tests/pipeline-reason-tests")
-                 (:file "tests/pipeline-act-tests")
-                 (:file "tests/act-tests")
-                 (:file "tests/boot-sequence-tests")
-                 (:file "tests/memory-tests")
-                 (:file "tests/immune-system-tests")
-                 (:file "tests/emacs-edit-tests")
-                 (:file "tests/lisp-utils-tests")
-                 (:file "tests/lisp-validator-tests")
-                 (:file "tests/self-edit-tests")
-                 (:file "tests/tool-permissions-tests")
-                 (:file "tests/peripheral-vision-tests"))
-
-   :perform (test-op (o s)
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :communication-protocol-suite :opencortex-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :pipeline-suite :opencortex-pipeline-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :boot-suite :opencortex-boot-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :memory-suite :opencortex-memory-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :immune-suite :opencortex-immune-system-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :emacs-edit-suite :opencortex-emacs-edit-tests))
-              (uiop:symbol-call :fiveam :run!
-                (uiop:find-symbol* :lisp-utils-suite :opencortex-lisp-utils-tests))))
-
-(defsystem :opencortex/tui
-  :depends-on (:opencortex           ; The daemon we're connecting to
-               :croatoan            ; Terminal UI library
-               :usocket              ; Socket communication
-               :bordeaux-threads)    ; Background listening thread
-
-  :components ((:file "library/tui-client")))
--- a/opencortex.sh
+++ b/opencortex.sh
@@ -1,233 +0,0 @@
-#!/bin/bash
-set -e
-
-PORT=9105
-HOST="localhost"
-RED='\033[0;31m'; GREEN='\033[0;32m'; BLUE='\033[0;34m'; YELLOW='\033[0;33m'; NC='\033[0m'
-
-command_exists() { command -v "$1" >/dev/null 2>&1; }
-
-# Resolve symlinks to find the actual repository location
-SOURCE="${BASH_SOURCE[0]}"
-while [ -h "$SOURCE" ]; do
-    DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-    SOURCE="$(readlink "$SOURCE")"
-    [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE"
-done
-export SCRIPT_DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
-
-# Load environment variables if they exist
-if [ -f "$SCRIPT_DIR/.env" ]; then
-    while IFS="=" read -r key value || [ -n "$key" ]; do
-        if [[ $key =~ ^[a-zA-Z_][a-zA-Z0-9_]*$ ]]; then
-            val=$(echo "$value" | sed "s/^\"//;s/\"$//")
-            export "$key=$val"
-        fi
-    done < "$SCRIPT_DIR/.env"
-    [ -n "$ORG_AGENT_DAEMON_PORT" ] && PORT=$ORG_AGENT_DAEMON_PORT
-    [ -n "$DAEMON_HOST" ] && HOST=$DAEMON_HOST
-fi
-
-# --- 1. BOOTSTRAP ---
-# If the script is run standalone, it clones the full repo and restarts itself.
-if [ ! -d "$SCRIPT_DIR/.git" ] && [ ! -d "$HOME/.opencortex" ] && [[ ! "$(pwd)" =~ "opencortex" ]]; then
-    echo -e "${BLUE}=== OpenCortex: Zero-to-One Bootstrapper ===${NC}"
-    git clone ssh://git@10.10.10.201:2222/amr/opencortex.git ~/.opencortex
-    cd ~/.opencortex && git submodule update --init --recursive
-    exec ./opencortex.sh "$@"
-fi
-
-# --- 2. SETUP ---
-setup_system() {
-    NON_INTERACTIVE=false
-    for arg in "$@"; do
-        if [ "$arg" == "--non-interactive" ]; then NON_INTERACTIVE=true; fi
-    done
-
-    echo -e "${BLUE}=== OpenCortex: Initializing System ===${NC}"
-    echo -e "${YELLOW}--- Installing System Dependencies ---${NC}"
-    if command_exists apt-get; then
-        sudo apt-get update && sudo apt-get install -y sbcl emacs-nox rlwrap netcat-openbsd curl git socat libssl-dev libncurses5-dev libffi-dev zlib1g-dev libsqlite3-dev
-    fi
-    if [ ! -d "$HOME/quicklisp" ]; then
-        curl -O https://beta.quicklisp.org/quicklisp.lisp
-        sbcl --non-interactive --load quicklisp.lisp --eval "(quicklisp-quickstart:install)" --eval "(ql-util:without-prompting (ql:add-to-init-file))"
-        rm quicklisp.lisp
-    fi
-
-    cd "$SCRIPT_DIR"
-    if [ ! -f .env ]; then
-        if [ "$NON_INTERACTIVE" = true ]; then
-            echo "Non-interactive mode: Using environment variables for .env creation."
-            cp .env.example .env
-            [ -n "$MEMEX_USER" ] && sed -i "s|MEMEX_USER=.*|MEMEX_USER=\"$MEMEX_USER\"|" .env
-            [ -n "$MEMEX_ASSISTANT" ] && sed -i "s|MEMEX_ASSISTANT=.*|MEMEX_ASSISTANT=\"$MEMEX_ASSISTANT\"|" .env
-            [ -n "$OPENROUTER_API_KEY" ] && sed -i "s|OPENROUTER_API_KEY=.*|OPENROUTER_API_KEY=\"$OPENROUTER_API_KEY\"|" .env
-            [ -n "$MEMEX_DIR" ] && sed -i "s|MEMEX_DIR=.*|MEMEX_DIR=\"$MEMEX_DIR\"|" .env
-        else
-            cp .env.example .env
-            echo -e "\n${YELLOW}--- Identity Configuration ---${NC}"
-            read -p "Your Name [User]: " user_name < /dev/tty
-            user_name=${user_name:-User}
-            sed -i "s|MEMEX_USER=.*|MEMEX_USER=\"$user_name\"|" .env
-
-            read -p "Agent Name [OpenCortex]: " agent_name < /dev/tty
-            agent_name=${agent_name:-OpenCortex}
-            sed -i "s|MEMEX_ASSISTANT=.*|MEMEX_ASSISTANT=\"$agent_name\"|" .env
-
-            echo -e "\n${YELLOW}--- LLM Configuration ---${NC}"
-            read -p "OpenRouter API Key: " openrouter_key < /dev/tty
-            [ -n "$openrouter_key" ] && sed -i "s|OPENROUTER_API_KEY=.*|OPENROUTER_API_KEY=\"$openrouter_key\"|" .env
-
-            echo -e "\n${YELLOW}--- Memex Folder Structure ---${NC}"
-            read -p "Memex Root [\$HOME/memex]: " memex_dir < /dev/tty
-            memex_dir=${memex_dir:-\$HOME/memex}
-            sed -i "s|MEMEX_DIR=.*|MEMEX_DIR=\"$memex_dir\"|" .env
-        fi
-
-        # Hydrate default paths
-        M_DIR=$(grep MEMEX_DIR .env | cut -d'"' -f2 | sed "s|\$HOME|$HOME|")
-        sed -i "s|SKILLS_DIR=.*|SKILLS_DIR=\"$SCRIPT_DIR/skills\"|" .env
-        sed -i "s|ZETTELKASTEN_DIR=.*|ZETTELKASTEN_DIR=\"$M_DIR/notes\"|" .env
-        mkdir -p "$M_DIR" "$M_DIR/notes" "$M_DIR/areas" "$M_DIR/resources" "$M_DIR/archives" "$M_DIR/system" "$M_DIR/inbox" "$M_DIR/daily" "$M_DIR/projects"
-    fi
-
-    mkdir -p library
-    for f in harness/*.org skills/*.org; do
-        emacs -Q --batch --eval "(require 'org)" --eval "(org-babel-tangle-file \"$f\")" >/dev/null 2>&1 || true
-    done
-
-    mkdir -p "$HOME/.local/bin"
-    ln -sf "$SCRIPT_DIR/opencortex.sh" "$HOME/.local/bin/opencortex"
-
-    for shell_config in "$HOME/.bashrc" "$HOME/.profile"; do
-        if [ -f "$shell_config" ]; then
-            if ! grep -q ".local/bin" "$shell_config"; then
-                echo 'export PATH="$HOME/.local/bin:$PATH"' >> "$shell_config"
-            fi
-        fi
-    done
-    export PATH="$HOME/.local/bin:$PATH"
-
-    echo -e "${YELLOW}--- Compiling and Loading OpenCortex ---${NC}"
-    sbcl --non-interactive --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval "(ql:quickload '(:opencortex :croatoan))"
-
-    if [ $? -ne 0 ]; then
-        echo -e "${RED}✗ Compilation failed.${NC}"
-        exit 1
-    fi
-
-    if [ "$NON_INTERACTIVE" = true ]; then
-        echo "Setup complete (Non-interactive)."
-        exit 0
-    fi
-
-    echo -e "${YELLOW}--- Finalizing: Awakening the Brain ---${NC}"
-    "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-
-    success=false
-    for i in {1..30}; do
-        if nc -z localhost $PORT 2>/dev/null; then success=true; break; fi
-        sleep 2
-        echo -n "."
-    done
-
-    if [ "$success" = true ]; then
-        echo -e "\n${GREEN}✓ Brain is alive on port $PORT.${NC}"
-        exit 0
-    else
-        echo -e "\n${RED}✗ Brain failed to wake up.${NC}"
-        exit 1
-    fi
-}
-
-# --- 3. COMMAND ROUTER ---
-COMMAND=$1
-[ -z "$COMMAND" ] && COMMAND="cli"
-shift || true
-
-DEFAULT_PORT=9105
-DEFAULT_HOST="localhost"
-TARGET_PORT=${PORT:-$DEFAULT_PORT}
-TARGET_HOST=${HOST:-$DEFAULT_HOST}
-
-# If uninitialized, force setup.
-if [ ! -f "$SCRIPT_DIR/library/package.lisp" ] || [ ! -f "$SCRIPT_DIR/.env" ]; then
-    COMMAND="setup"
-fi
-
-case "$COMMAND" in
-    setup)
-        setup_system "$@"
-        ;;
-
-    --boot|boot)
-        export SKILLS_DIR="${SCRIPT_DIR}/skills"
-        [ -z "$MEMEX_DIR" ] && export MEMEX_DIR="$HOME/memex"
-        if [ -f "$SCRIPT_DIR/.env" ]; then
-           export OPENROUTER_API_KEY=$(grep OPENROUTER_API_KEY "$SCRIPT_DIR/.env" | cut -d'"' -f2)
-        fi
-        exec sbcl --non-interactive --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(setf *debugger-hook* (lambda (c h) (declare (ignore h)) (format *error-output* "FATAL LISP ERROR: ~a~%" c) (uiop:print-backtrace :stream *error-output*) (uiop:quit 1)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval '(format t "--- Quickloading OpenCortex ---~%")' --eval "(ql:quickload '(:opencortex :croatoan))" --eval '(opencortex:main)'
-        ;;
-
-    tui)
-        if ! nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then
-            echo -e "Brain is offline. Awakening..."
-            "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-            for i in {1..15}; do
-                sleep 2
-                if nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then break; fi
-                echo -n "."
-            done
-            echo ""
-        fi
-        echo -e "Launching Croatoan TUI..."
-        export SKILLS_DIR="${SCRIPT_DIR}/skills"
-        [ -z "$MEMEX_DIR" ] && export MEMEX_DIR="$HOME/memex"
-        exec sbcl --eval '(load (merge-pathnames "quicklisp/setup.lisp" (user-homedir-pathname)))' --eval '(push (truename (uiop:getenv "SCRIPT_DIR")) asdf:*central-registry*)' --eval '(ql:quickload :opencortex/tui)' --eval '(opencortex.tui:main)'
-        ;;
-
-    cli)
-        if ! nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then
-            echo -e "Brain is offline. Awakening..."
-            "$SCRIPT_DIR/opencortex.sh" --boot > "$SCRIPT_DIR/brain.log" 2>&1 &
-            for i in {1..15}; do
-                sleep 2
-                if nc -z $TARGET_HOST $TARGET_PORT 2>/dev/null; then break; fi
-                echo -n "."
-            done
-            echo ""
-        fi
-        if command_exists socat; then
-            echo -e "Connected to OpenCortex on $TARGET_HOST:$TARGET_PORT (Channel: CLI)"
-            while true; do
-                read -p "User: " MESSAGE
-                if [ -z "$MESSAGE" ]; then continue; fi
-                if [ "$MESSAGE" = "/exit" ]; then break; fi
-                
-                # Frame the message
-                PAYLOAD="(:TYPE :EVENT :META (:SOURCE :CLI) :PAYLOAD (:SENSOR :USER-INPUT :TEXT \"$MESSAGE\"))"
-                LEN=$(printf "%s" "$PAYLOAD" | wc -c)
-                HEXLEN=$(printf "%06x" $LEN)
-                
-                # Send and read response
-                (printf "%s%s" "$HEXLEN" "$PAYLOAD" | nc -N $TARGET_HOST $TARGET_PORT) | while read -r LINE; do
-                    CLEAN=$(echo "$LINE" | sed 's/^......//')
-                    if [[ "$CLEAN" == *":TEXT"* ]]; then
-                         TEXT=$(echo "$CLEAN" | sed -n 's/.*:TEXT "\([^"]*\)".*/\1/p')
-                         echo -e "Agent: $TEXT"
-                    fi
-                done
-            done
-        else
-            echo "Error: socat required for CLI interaction."
-            exit 1
-        fi
-        ;;
-
-    *)
-        echo -e "Unknown command: $COMMAND"
-        echo "Available commands: setup, boot, tui, cli"
-        exit 1
-        ;;
-esac
--- a/org/channel-cli.org
+++ b/org/channel-cli.org
@@ -0,0 +1,72 @@
+#+TITLE: SKILL: CLI Gateway (org-skill-cli-gateway.org)
+#+AUTHOR: Agent
+#+FILETAGS: :skill:gateway:cli:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-cli.lisp
+
+* Overview
+The CLI Gateway is the simplest interface to Passepartout — raw stdin/stdout over TCP. It connects to the daemon's framed protocol and translates between terminal input/output and the plist-based communication format. No TUI, no ncurses, no dependencies beyond a TCP socket. Every other gateway (TUI, Emacs, Telegram) builds on this same protocol.
+
+** Contract
+
+1. (channel-cli-input text): wraps text in a ~:user-input~ envelope
+   with ~:source :CLI~ and injects into the pipeline via
+   ~stimulus-inject~.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** CLI Command Handling
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun channel-cli-input (text)
+  "Processes raw text from the command line."
+  (stimulus-inject (list :type :EVENT 
+                         :payload (list :sensor :user-input :text text) 
+                         :meta (list :source :CLI))))
+#+end_src
+
+** Skill Registration
+#+begin_src lisp
+(defskill :passepartout-channel-cli
+  :priority 100
+  :trigger (lambda (ctx) (eq (getf (getf ctx :meta) :source) :CLI))
+  :deterministic (lambda (action ctx) (declare (ignore ctx)) action))
+#+end_src
+
+* Test Suite
+
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-channel-cli-tests
+  (:use :cl :passepartout)
+  (:export #:cli-suite))
+
+(in-package :passepartout-channel-cli-tests)
+
+(fiveam:def-suite cli-suite :description "Verification of the CLI Gateway")
+(fiveam:in-suite cli-suite)
+
+(fiveam:test test-channel-cli-input-format
+  "Contract 1: channel-cli-input injects a properly formed signal without error."
+  (handler-case
+      (progn (channel-cli-input "hello") (fiveam:pass))
+    (error (c)
+      (fiveam:fail "channel-cli-input crashed: ~a" c))))
+#+end_src
+
+** Load-Time Sanity Check
+
+Verifies the function exists and can be called at load time without
+depending on FiveAM macro resolution in the jailed package.
+
+#+begin_src lisp
+(handler-case
+    (progn (channel-cli-input "test-load") (log-message "CLI: Load-time test OK"))
+  (error (c) (log-message "CLI: Load-time test FAILED: ~a" c)))
+#+end_src
--- a/org/channel-discord.org
+++ b/org/channel-discord.org
@@ -0,0 +1,90 @@
+#+TITLE: Channel Discord (channel-discord.org)
+#+AUTHOR: Agent
+#+FILETAGS: :channel:discord:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-discord.lisp
+
+* Channel Discord
+
+Extracted from gateway-messaging in v0.5.0. Isolated platform — Discord-specific poll and send logic.
+
+* Overview
+
+The Discord channel provides bidirectional communication via the Discord REST API
+and Gateway WebSocket. Messages received from Discord channels are injected into
+the cognitive pipeline as ~:user-input~ signals with ~:source :discord~. Outbound
+messages route through the actuator registry when the pipeline targets ~:discord~.
+
+The channel uses two functions: ~discord-poll~ (inbound sensor, REST polling)
+and ~discord-send~ (outbound actuator, REST POST). Both retrieve the bot token
+from the credentials vault (~vault-get-secret :discord~). HITL commands are
+intercepted before injection so approval flows work identically across all channels.
+
+** Contract
+
+1. (discord-get-token): returns the Discord bot token from the vault
+   (via ~vault-get-secret :discord~), or nil if not configured.
+2. (discord-poll): polls configured channels via GET /channels/{id}/messages,
+   injects each non-bot message as a ~:user-input~ stimulus with
+   ~:source :discord~. Handles JSON parse failures and API errors
+   gracefully. HITL commands are intercepted before injection.
+3. (discord-send action context): sends a message via POST /channels/{id}/messages.
+   Extracts ~:channel-id~ and ~:text~ from the action plist. Uses bot token
+   authentication. Logs send failures without crashing the pipeline.
+
+* Implementation
+
+#+begin_src lisp
+(in-package :passepartout)
+(defun discord-get-token ()
+  (vault-get-secret :discord))
+
+(defun discord-send (action context)
+  "Sends a message via Discord REST API."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (meta (getf action :meta))
+         (channel-id (or (getf meta :channel-id) (getf payload :chat-id)))
+         (text (or (getf payload :text) (getf action :text)))
+         (token (discord-get-token)))
+    (when (and token channel-id text)
+      (handler-case
+          (dex:post (format nil "https://discord.com/api/v10/channels/~a/messages" channel-id)
+                    :headers '(("Authorization" . ,(format nil "Bot ~a" token))
+                               ("Content-Type" . "application/json"))
+                    :content (cl-json:encode-json-to-string
+                              `((content . ,text))))
+        (error (c) (log-message "DISCORD ERROR: ~a" c))))))
+
+(defun discord-poll ()
+  "Polls Discord via HTTP GET /channels/{id}/messages. In production,
+a WebSocket connection to the Gateway is preferred for real-time events."
+  (let* ((token (discord-get-token)))
+    (when token
+      (handler-case
+          (dolist (channel '("channel-id-here"))  ;; configured channel IDs
+            (let* ((last-id (getf (gethash "discord" *gateway-configs*) :last-update-id 0))
+                   (url (format nil "https://discord.com/api/v10/channels/~a/messages?after=~a"
+                               channel last-id))
+                   (response (dex:get url :headers
+                                       `(("Authorization" . ,(format nil "Bot ~a" token))))))
+              (let ((messages (ignore-errors
+                               (cdr (assoc :message
+                                      (cl-json:decode-json-from-string response))))))
+                (dolist (msg (and (listp messages) messages))
+                  (let* ((id (cdr (assoc :id msg)))
+                         (content (cdr (assoc :content msg)))
+                         (author (cdr (assoc :author msg)))
+                         (author-id (cdr (assoc :id author)))
+                         (is-bot (cdr (assoc :bot author))))
+                    (when (and id content (not is-bot))
+                      (setf (getf (gethash "discord" *gateway-configs*) :last-update-id) id)
+                      (unless (ignore-errors (hitl-handle-message content :discord))
+                        (stimulus-inject
+                         (list :type :EVENT
+                               :meta (list :source :discord :chat-id channel)
+                               :payload (list :sensor :user-input :text content))))))))))
+        (error (c) (log-message "DISCORD POLL ERROR: ~a" c))))))
+#+end_src
+
+
+#+end_src
--- a/org/channel-shell.org
+++ b/org/channel-shell.org
@@ -0,0 +1,135 @@
+#+TITLE: SKILL: Shell Actuator (org-skill-shell-actuator.org)
+#+AUTHOR: Agent
+#+FILETAGS: :skill:actuator:shell:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-shell.lisp
+
+* Overview: The Physical Actuator
+
+The Shell Actuator is the agent's hand in the physical world. Given a shell command, it executes it via ~bash -c~ and returns the output. This is how the agent installs packages, reads files, runs scripts, and interacts with any Unix tool.
+
+Because shell execution is the highest-risk operation in the system, the Shell Actuator is protected by multiple safety layers:
+1. The Dispatcher's shell safety gate blocks destructive commands (~rm -rf /~, ~dd~, ~mkfs~)
+2. The Dispatcher's injection gate blocks backtick and ~$()~ patterns
+3. The Dispatcher's network exfil gate blocks connections to unwhitelisted hosts
+4. The actuator enforces a timeout (default 30s) so hanging commands don't freeze the agent
+5. The actuator caps output (default 100KB) so infinite output doesn't exhaust memory
+6. (v0.4.3) When ~bwrap~ (Bubblewrap) is available, commands execute inside a Linux namespace sandbox with network and IPC isolation
+
+** Contract
+
+1. (bwrap-available-p): returns T if ~bwrap~ is installed and usable, NIL otherwise.
+   Cached at load time via ~which bwrap~.
+2. (bwrap-wrap-command cmd timeout memex-dir): returns a command list suitable for
+   ~uiop:run-program~ — wraps ~cmd~ in a ~bwrap~ sandbox with ~--unshare-net~,
+   ~--unshare-ipc~, ~--ro-bind~ for system dirs, and ~--bind~ for the memex and /tmp.
+3. (actuator-shell-execute action context): when ~bwrap~ is available, wraps the
+   command through the sandbox. When ~bwrap~ is unavailable, falls back to the
+   existing ~timeout bash -c~ behavior.
+
+* Implementation
+
+** Shell Execution (actuator-shell-execute)
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(in-package :passepartout)
+
+(defvar *bwrap-available* nil
+  "Set to T at load time if the bwrap binary is found in PATH.")
+
+(defvar *bwrap-base-args*
+  '("--ro-bind" "/usr" "/usr"
+    "--ro-bind" "/lib" "/lib"
+    "--ro-bind" "/bin" "/bin"
+    "--ro-bind" "/etc" "/etc"
+    "--bind" "/tmp" "/tmp"
+    "--unshare-net"
+    "--unshare-ipc")
+  "Base bwrap arguments for the sandbox. --bind ~/memex ~/memex is added dynamically.")
+
+(defun bwrap-available-p ()
+  "Returns T if bwrap (bubblewrap) is installed and usable."
+  *bwrap-available*)
+
+(defun bwrap-wrap-command (cmd timeout memex-dir)
+  "Wrap CMD in a bwrap sandbox with network and IPC isolation.
+Returns a list suitable for uiop:run-program."
+  `("bwrap"
+    ,@*bwrap-base-args*
+    "--bind" ,memex-dir ,memex-dir
+    "timeout" ,(format nil "~a" timeout)
+    "bash" "-c" ,cmd))
+
+;; Initialize at load time
+(setf *bwrap-available*
+      (= 0 (nth-value 2 (uiop:run-program '("which" "bwrap") :output nil :error-output nil :ignore-error-status t))))
+
+(defun actuator-shell-execute (action context)
+  "Executes a shell command via the OS timeout binary with output limit.
+When bwrap is available, wraps the command in a Linux namespace sandbox."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (cmd (getf payload :cmd))
+         (timeout-sym (find-symbol "*DISPATCHER-SHELL-TIMEOUT*" :passepartout))
+         (timeout (or (getf payload :timeout) (if timeout-sym (symbol-value timeout-sym) 30)))
+         (max-sym (find-symbol "*DISPATCHER-SHELL-MAX-OUTPUT*" :passepartout))
+         (max-output (or (getf payload :max-output) (if max-sym (symbol-value max-sym) 100000)))
+         (memex-dir (or (uiop:getenv "MEMEX_DIR") (namestring (merge-pathnames "memex/" (user-homedir-pathname))))))
+    (log-message "ACT [Shell]: ~a (timeout: ~as)~@[ bwrap: enabled~]" cmd timeout (and *bwrap-available* " (bwrap)"))
+    (let ((cmdline (if *bwrap-available*
+                       (bwrap-wrap-command cmd timeout memex-dir)
+                       (list "timeout" (format nil "~a" timeout) "bash" "-c" cmd))))
+      (multiple-value-bind (out err code)
+          (uiop:run-program cmdline
+                            :output :string :error-output :string
+                            :ignore-error-status t)
+        (cond
+          ((= code 124) (format nil "ERROR: Command timed out after ~a seconds" timeout))
+          ((> (length out) max-output)
+           (format nil "~a~%... (output truncated to ~a chars)" (subseq out 0 max-output) max-output))
+          ((= code 0) out)
+          (t (format nil "ERROR [~a]: ~a" code err)))))))
+#+end_src
+
+** Skill Registration
+#+begin_src lisp
+(register-actuator :shell #'actuator-shell-execute)
+
+(defskill :passepartout-channel-shell
+  :priority 50
+  :trigger (lambda (ctx) (declare (ignore ctx)) nil))
+#+end_src
+
+* Test Suite
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-shell-actuator-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:shell-actuator-suite))
+
+(in-package :passepartout-shell-actuator-tests)
+
+(def-suite shell-actuator-suite :description "Verification of the Shell Actuator")
+(in-suite shell-actuator-suite)
+
+(test test-bwrap-wrap-command
+  "Contract 2: bwrap-wrap-command returns properly formatted command list."
+  (let ((cmdline (passepartout::bwrap-wrap-command "echo hello" 30 "/home/user/memex")))
+    (is (member "bwrap" cmdline :test #'string=))
+    (is (member "--unshare-net" cmdline :test #'string=))
+    (is (member "--unshare-ipc" cmdline :test #'string=))
+    (is (member "echo hello" cmdline :test #'string=))))
+
+(test test-bwrap-available-p-returns-boolean
+  "Contract 1: bwrap-available-p returns T or NIL."
+  (let ((avail (passepartout::bwrap-available-p)))
+    (is (typep avail 'boolean))))
+
+(test test-actuator-shell-execute-echo
+  "Contract 3: actuator-shell-execute runs echo and returns output."
+  (let* ((action '(:type :REQUEST :target :shell :payload (:cmd "echo hello")))
+         (result (passepartout::actuator-shell-execute action nil)))
+    (is (stringp result))
+    (is (search "hello" result :test #'char-equal))))
+#+end_src
--- a/org/channel-signal.org
+++ b/org/channel-signal.org
@@ -0,0 +1,82 @@
+#+TITLE: Channel Signal (channel-signal.org)
+#+AUTHOR: Agent
+#+FILETAGS: :channel:signal:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-signal.lisp
+
+* Channel Signal
+
+Extracted from gateway-messaging in v0.5.0. Isolated platform — Signal-specific poll and send logic.
+
+* Overview
+
+The Signal channel provides bidirectional communication via the ~signal-cli~ CLI tool.
+Messages received from Signal contacts are injected into the cognitive pipeline
+as ~:user-input~ signals with ~:source :signal~. Outbound messages route through
+the actuator registry when the pipeline targets ~:signal~.
+
+The channel uses two functions: ~signal-poll~ (inbound sensor) and ~signal-send~
+(outbound actuator). Both retrieve the Signal account identifier from the
+credentials vault. HITL commands (~/approve~, ~/deny~) are intercepted before
+injection so approval flows work identically across all channels.
+
+** Contract
+
+1. (signal-get-account): returns the Signal phone number from the vault
+   (via ~vault-get-secret :signal~), or nil if not configured.
+2. (signal-poll): queries ~signal-cli receive --json~ for new messages,
+   injects each non-system message as a ~:user-input~ stimulus with
+   ~:source :signal~. Handles JSON parse failures and network errors
+   gracefully (logs and continues). HITL commands are intercepted before
+   injection.
+3. (signal-send action context): sends a message via ~signal-cli send~.
+   Extracts ~:chat-id~ and ~:text~ from the action plist. Logs send
+   failures without crashing the pipeline.
+
+* Implementation
+
+#+begin_src lisp
+(in-package :passepartout)
+(defun signal-get-account ()
+  (vault-get-secret :signal))
+
+(defun signal-poll ()
+  "Polls Signal for new messages and injects them into the harness."
+  (let ((account (signal-get-account)))
+    (when account
+      (handler-case
+          (let* ((output (uiop:run-program (list "signal-cli" "-u" account "receive" "--json")
+                                            :output :string :error-output :string :ignore-error-status t))
+                 (lines (cl-ppcre:split "\\\\n" output)))
+            (dolist (line lines)
+              (when (and line (> (length line) 0))
+                (let* ((json (ignore-errors (cl-json:decode-json-from-string line)))
+                       (envelope (cdr (assoc :envelope json)))
+                       (source (cdr (assoc :source envelope)))
+                       (data-message (cdr (assoc :data-message envelope)))
+                       (text (cdr (assoc :message data-message))))
+                  (when (and source text)
+                    (log-message "SIGNAL: Received message from ~a" source)
+                    (unless (ignore-errors (hitl-handle-message text :signal))
+                      (stimulus-inject
+                       (list :type :EVENT
+                             :meta (list :source :signal :chat-id source)
+                             :payload (list :sensor :user-input :text text)))))))))
+        (error (c) (log-message "SIGNAL POLL ERROR: ~a" c))))))
+
+(defun signal-send (action context)
+  "Sends a message via Signal."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (meta (getf action :meta))
+         (chat-id (or (getf meta :chat-id) (getf payload :chat-id) (getf action :chat-id)))
+         (text (or (getf payload :text) (getf action :text)))
+         (account (signal-get-account)))
+    (when (and account chat-id text)
+      (handler-case
+          (uiop:run-program (list "signal-cli" "-u" account "send" "-m" text chat-id)
+                            :output :string :error-output :string)
+        (error (c) (log-message "SIGNAL ERROR: ~a" c))))))
+#+end_src
+
+
+#+end_src
--- a/org/channel-slack.org
+++ b/org/channel-slack.org
@@ -0,0 +1,86 @@
+#+TITLE: Channel Slack (channel-slack.org)
+#+AUTHOR: Agent
+#+FILETAGS: :channel:slack:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-slack.lisp
+
+* Channel Slack
+
+Extracted from gateway-messaging in v0.5.0. Isolated platform — Slack-specific poll and send logic.
+
+* Overview
+
+The Slack channel provides bidirectional communication via the Slack Web API
+(chat.postMessage for outbound, conversations.history for inbound polling).
+Messages from Slack channels are injected into the cognitive pipeline as
+~:user-input~ signals with ~:source :slack~. Outbound messages route through
+the actuator registry when the pipeline targets ~:slack~.
+
+The channel uses two functions: ~slack-poll~ (inbound sensor) and ~slack-send~
+(outbound actuator). Both retrieve the bot token from the credentials vault.
+HITL commands are intercepted before injection so approval flows work identically
+across all channels.
+
+** Contract
+
+1. (slack-get-token): returns the Slack bot token from the vault
+   (via ~vault-get-secret :slack~), or nil if not configured.
+2. (slack-poll): polls configured channels via conversations.history,
+   injects each non-bot message as a ~:user-input~ stimulus with
+   ~:source :slack~. Handles API errors gracefully. HITL commands are
+   intercepted before injection.
+3. (slack-send action context): sends a message via chat.postMessage.
+   Extracts ~:channel-id~ and ~:text~ from the action plist. Uses Bearer
+   token authentication. Logs send failures without crashing the pipeline.
+
+* Implementation
+
+#+begin_src lisp
+(in-package :passepartout)
+(defun slack-get-token ()
+  (vault-get-secret :slack))
+
+(defun slack-send (action context)
+  "Sends a message via Slack Web API."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (meta (getf action :meta))
+         (channel (or (getf meta :channel-id) (getf payload :chat-id)))
+         (text (or (getf payload :text) (getf action :text)))
+         (token (slack-get-token)))
+    (when (and token channel text)
+      (handler-case
+          (dex:post "https://slack.com/api/chat.postMessage"
+                    :headers `(("Authorization" . ,(format nil "Bearer ~a" token))
+                               ("Content-Type" . "application/json; charset=utf-8"))
+                    :content (cl-json:encode-json-to-string
+                              `((channel . ,channel) (text . ,text))))
+        (error (c) (log-message "SLACK ERROR: ~a" c))))))
+
+(defun slack-poll ()
+  "Polls Slack for new messages via conversations.history."
+  (let* ((token (slack-get-token)))
+    (when token
+      (dolist (channel '("general"))  ;; configured channel IDs
+        (handler-case
+            (let* ((url (format nil "https://slack.com/api/conversations.history?channel=~a&limit=5" channel))
+                   (response (dex:get url :headers
+                                       `(("Authorization" . ,(format nil "Bearer ~a" token))))))
+              (let* ((json (ignore-errors (cl-json:decode-json-from-string response)))
+                     (ok (cdr (assoc :ok json)))
+                     (messages (cdr (assoc :messages json))))
+                (when (and ok messages (listp messages))
+                  (dolist (msg messages)
+                    (let* ((text (cdr (assoc :text msg)))
+                           (user (cdr (assoc :user msg)))
+                           (ts (cdr (assoc :ts msg))))
+                      (when (and text user (not (string= user "USLACKBOT")))
+                        (unless (ignore-errors (hitl-handle-message text :slack))
+                          (stimulus-inject
+                           (list :type :EVENT
+                                 :meta (list :source :slack :chat-id channel)
+                                 :payload (list :sensor :user-input :text text))))))))))
+          (error (c) (log-message "SLACK POLL ERROR: ~a" c)))))))
+#+end_src
+
+
+#+end_src
--- a/org/channel-telegram.org
+++ b/org/channel-telegram.org
@@ -0,0 +1,90 @@
+#+TITLE: Channel Telegram (channel-telegram.org)
+#+AUTHOR: Agent
+#+FILETAGS: :channel:telegram:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-telegram.lisp
+
+* Channel Telegram
+
+Extracted from gateway-messaging in v0.5.0. Isolated platform — Telegram-specific poll and send logic.
+
+* Overview
+
+The Telegram channel provides bidirectional communication via the Telegram Bot
+API. Messages from Telegram chats are injected into the cognitive pipeline as
+~:user-input~ signals with ~:source :telegram~. Outbound messages route through
+the actuator registry when the pipeline targets ~:telegram~.
+
+The channel uses two functions: ~telegram-poll~ (inbound sensor, getUpdates
+with offset tracking) and ~telegram-send~ (outbound actuator, sendMessage).
+Both retrieve the bot token from the credentials vault. The polling offset
+(~:last-update-id~ in ~*gateway-configs*~) prevents duplicate processing across
+poll cycles. HITL commands are intercepted before injection so approval flows
+work identically across all channels.
+
+** Contract
+
+1. (telegram-get-token): returns the Telegram bot token from the vault
+   (via ~vault-get-secret :telegram~), or nil if not configured.
+2. (telegram-poll): polls getUpdates with offset tracking (prevents
+   duplicate processing), injects each message as a ~:user-input~ stimulus
+   with ~:source :telegram~. Updates ~:last-update-id~ per cycle. Handles
+   API and JSON parse errors gracefully. HITL commands are intercepted
+   before injection.
+3. (telegram-send action context): sends a message via sendMessage.
+   Extracts ~:chat-id~ and ~:text~ from the action plist. Logs send
+   failures without crashing the pipeline.
+
+* Implementation
+
+#+begin_src lisp
+(in-package :passepartout)
+(defun telegram-get-token ()
+  (vault-get-secret :telegram))
+
+(defun telegram-poll ()
+  "Polls Telegram for new messages and injects them into the harness."
+  (let* ((token (telegram-get-token)))
+    (when token
+      (let* ((last-id (getf (gethash "telegram" *gateway-configs*) :last-update-id 0))
+             (url (format nil "https://api.telegram.org/bot~a/getUpdates?offset=~a"
+                          token (1+ last-id))))
+        (handler-case
+            (let* ((response (dex:get url))
+                   (json (cl-json:decode-json-from-string response))
+                   (updates (cdr (assoc :result json))))
+              (dolist (update updates)
+                (let* ((update-id (cdr (assoc :update--id update)))
+                       (message (cdr (assoc :message update)))
+                       (chat (cdr (assoc :chat message)))
+                       (chat-id (cdr (assoc :id chat)))
+                       (text (cdr (assoc :text message))))
+                  (setf (getf (gethash "telegram" *gateway-configs*) :last-update-id) update-id)
+                  (when (and text chat-id)
+                    (log-message "TELEGRAM: Received message from ~a" chat-id)
+                    (unless (ignore-errors (hitl-handle-message text :telegram))
+                      (stimulus-inject
+                       (list :type :EVENT
+                             :meta (list :source :telegram :chat-id (format nil "~a" chat-id))
+                             :payload (list :sensor :user-input :text text))))))))
+          (error (c) (log-message "TELEGRAM POLL ERROR: ~a" c)))))))
+
+(defun telegram-send (action context)
+  "Sends a message via Telegram."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (meta (getf action :meta))
+         (chat-id (or (getf meta :chat-id) (getf payload :chat-id) (getf action :chat-id)))
+         (text (or (getf payload :text) (getf action :text)))
+         (token (telegram-get-token)))
+    (when (and token chat-id text)
+      (handler-case
+          (let ((url (format nil "https://api.telegram.org/bot~a/sendMessage" token)))
+            (dex:post url
+                      :headers '(("Content-Type" . "application/json"))
+                      :content (cl-json:encode-json-to-string
+                                `((chat_id . ,chat-id) (text . ,text)))))
+        (error (c) (log-message "TELEGRAM ERROR: ~a" c))))))
+#+end_src
+
+
+#+end_src
--- a/org/channel-tui-main.org
+++ b/org/channel-tui-main.org
--- a/org/channel-tui-state.org
+++ b/org/channel-tui-state.org
@@ -0,0 +1,367 @@
+#+TITLE: Passepartout TUI — Model
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-state.lisp
+
+* Model
+
+The TUI state is a single plist accessed via ~st~ / ~(setf st)~.
+All state mutation flows through event handlers in the controller.
+
+** Contract
+
+1. (init-state): returns a fresh state plist with ~:msgs~ list,
+   ~:input~ buffer, ~:dirty~ flag, ~:busy~ flag, and ~:connection~ status.
+2. (add-msg role content &key gate-trace): appends a message object
+   to the ~:messages~ vector (v0.3.3), tagged with timestamp, role,
+   and optional gate-trace from the daemon (v0.4.0).
+3. (queue-event ev): thread-safely enqueues an event for the
+   reader loop. (drain-queue) returns and clears the queue.
+
+** Package + State
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-state.lisp
+(defpackage :passepartout.channel-tui
+  (:use :cl :passepartout :usocket :bordeaux-threads)
+  (:export :tui-main :st :add-msg :now
+           :queue-event :drain-queue :init-state
+            :view-status :view-chat :view-input :redraw
+            :input-panel-top
+            :on-key :process-key-event :input-text :on-daemon-msg :send-daemon
+            :connect-daemon :disconnect-daemon
+            :*theme* :theme-color :theme-switch))
+(in-package :passepartout.channel-tui)
+
+(defvar *state* nil)
+(defvar *event-queue* nil)
+(defvar *event-lock* (bt:make-lock "tui-event-lock"))
+
+(defvar *theme* (cl-tty.theme:make-theme)
+  "The active theme instance. Populated by cl-tty.theme:load-preset.
+
+Semantic keys (all presets define these):
+  :user-fg, :user-bg, :user-border, :agent-border, :agent-header, :agent-fg,
+  :system, :input-prompt, :input-fg, :hint, :status-bg, :status-fg,
+  :bg, :bg-panel, :bg-element, :bg-input, :text-muted,
+  :dot-connected, :dot-disconnected, :error,
+  :tool-running, :tool-done, :tool-error,
+  :thinking-bg, :symbolic-border, :separator, :accent, :dim.")
+
+(cl-tty.theme:define-preset :amber
+  :dark (:user-fg "#fab283" :user-bg "#1e1e1e" :user-border "#fab283"
+          :agent-border "#c0a080" :agent-header "#d4956a" :agent-fg "#e8e8e8"
+          :system "#808080"
+          :input-prompt "#fab283" :input-fg "#e8e8e8" :hint "#606060"
+          :status-bg "#141414" :status-fg "#e8e8e8"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7fd88f" :dot-disconnected "#e06c75"
+          :error "#e06c75"
+          :tool-running "#fab283" :tool-done "#7fd88f" :tool-error "#e06c75"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#fab283" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :gold
+  :dark (:user-fg "#ffd700" :user-bg "#1e1e1e" :user-border "#ffd700"
+          :agent-border "#c0a080" :agent-header "#d4a574" :agent-fg "#e8e8e8"
+          :system "#808080"
+          :input-prompt "#ffd700" :input-fg "#e8e8e8" :hint "#606060"
+          :status-bg "#141414" :status-fg "#ffd700"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7fd88f" :dot-disconnected "#e06c75"
+          :error "#e06c75"
+          :tool-running "#ffd700" :tool-done "#7fd88f" :tool-error "#e06c75"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#ffd700" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :terracotta
+  :dark (:user-fg "#e87a5d" :user-bg "#1e1e1e" :user-border "#e87a5d"
+          :agent-border "#c0a080" :agent-header "#d4956a" :agent-fg "#e0c8b0"
+          :system "#808080"
+          :input-prompt "#e87a5d" :input-fg "#e0c8b0" :hint "#606060"
+          :status-bg "#141414" :status-fg "#d4956a"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#6cb85c" :dot-disconnected "#d94a3a"
+          :error "#d94a3a"
+          :tool-running "#e87a5d" :tool-done "#6cb85c" :tool-error "#d94a3a"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#e87a5d" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :sepia
+  :dark (:user-fg "#c4a882" :user-bg "#1e1e1e" :user-border "#c4a882"
+          :agent-border "#c0a080" :agent-header "#b89870" :agent-fg "#d4c4a8"
+          :system "#808080"
+          :input-prompt "#c4a882" :input-fg "#d4c4a8" :hint "#606060"
+          :status-bg "#141414" :status-fg "#b89870"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7aac5c" :dot-disconnected "#c84a3a"
+          :error "#c84a3a"
+          :tool-running "#c4a882" :tool-done "#7aac5c" :tool-error "#c84a3a"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#c4a882" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :nord-warm
+  :dark (:user-fg "#d4a574" :user-bg "#1e1e1e" :user-border "#d4a574"
+          :agent-border "#c0a080" :agent-header "#c49870" :agent-fg "#e0d0c0"
+          :system "#808080"
+          :input-prompt "#d08770" :input-fg "#e0d0c0" :hint "#606060"
+          :status-bg "#141414" :status-fg "#c8a080"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7cb860" :dot-disconnected "#d06050"
+          :error "#d06050"
+          :tool-running "#d08770" :tool-done "#7cb860" :tool-error "#d06050"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#d4a574" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :monokai-warm
+  :dark (:user-fg "#e6b87d" :user-bg "#1e1e1e" :user-border "#e6b87d"
+          :agent-border "#c0a080" :agent-header "#d4a06a" :agent-fg "#d8c8b0"
+          :system "#808080"
+          :input-prompt "#e6b87d" :input-fg "#d8c8b0" :hint "#606060"
+          :status-bg "#141414" :status-fg "#cc9966"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7ab85c" :dot-disconnected "#d94a3a"
+          :error "#d94a3a"
+          :tool-running "#e6b87d" :tool-done "#7ab85c" :tool-error "#d94a3a"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#e6b87d" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :gruvbox-warm
+  :dark (:user-fg "#d8a657" :user-bg "#1e1e1e" :user-border "#d8a657"
+          :agent-border "#c0a080" :agent-header "#c8a070" :agent-fg "#e0c8a8"
+          :system "#808080"
+          :input-prompt "#d8a657" :input-fg "#e0c8a8" :hint "#606060"
+          :status-bg "#141414" :status-fg "#c8a070"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1e1e1e"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#7ab85c" :dot-disconnected "#d94a3a"
+          :error "#d94a3a"
+          :tool-running "#d8a657" :tool-done "#7ab85c" :tool-error "#d94a3a"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3c3c3c" :accent "#d8a657" :dim "#606060")
+  :light nil)
+(cl-tty.theme:define-preset :light-amber
+  :dark (:user-fg "#d4a574" :user-bg "#f5f0eb" :user-border "#c4956a"
+          :agent-border "#c0a090" :agent-header "#b88050" :agent-fg "#3a3a3a"
+          :system "#606060"
+          :input-prompt "#c4956a" :input-fg "#3a3a3a" :hint "#a0a0a0"
+          :status-bg "#e8e0d8" :status-fg "#5a5a5a"
+          :bg "#f5f0eb" :bg-panel "#e8e0d8" :bg-element "#f0ebe5"
+          :bg-input "#ffffff" :text-muted "#909090"
+          :dot-connected "#6cb85c" :dot-disconnected "#c84a3a"
+          :error "#c84a3a"
+          :tool-running "#c4956a" :tool-done "#6cb85c" :tool-error "#c84a3a"
+          :thinking-bg "#e8e0d8" :symbolic-border "#a09080"
+          :separator "#d0c8c0" :accent "#b88050" :dim "#a0a0a0")
+  :light nil)
+(cl-tty.theme:define-preset :catppuccin
+  :dark (:user-fg "#fab387" :user-bg "#1e1e2e" :user-border "#fab387"
+          :agent-border "#a6adc8" :agent-header "#cba6f7" :agent-fg "#cdd6f4"
+          :system "#808080"
+          :input-prompt "#fab387" :input-fg "#cdd6f4" :hint "#6c7086"
+          :status-bg "#181825" :status-fg "#bac2de"
+          :bg "#11111b" :bg-panel "#181825" :bg-element "#1e1e2e"
+          :bg-input "#2e2e2e" :text-muted "#6c7086"
+          :dot-connected "#a6e3a1" :dot-disconnected "#f38ba8"
+          :error "#f38ba8"
+          :tool-running "#fab387" :tool-done "#a6e3a1" :tool-error "#f38ba8"
+          :thinking-bg "#363a4f" :symbolic-border "#6c7086"
+          :separator "#313244" :accent "#fab387" :dim "#585b70")
+  :light nil)
+(cl-tty.theme:define-preset :tokyonight
+  :dark (:user-fg "#ff9e64" :user-bg "#1a1b26" :user-border "#ff9e64"
+          :agent-border "#7982a8" :agent-header "#7aa2f7" :agent-fg "#a9b1d6"
+          :system "#808080"
+          :input-prompt "#ff9e64" :input-fg "#a9b1d6" :hint "#565f89"
+          :status-bg "#16161e" :status-fg "#9aa5ce"
+          :bg "#0f0f18" :bg-panel "#16161e" :bg-element "#1a1b26"
+          :bg-input "#2e2e2e" :text-muted "#565f89"
+          :dot-connected "#9ece6a" :dot-disconnected "#db4b4b"
+          :error "#db4b4b"
+          :tool-running "#ff9e64" :tool-done "#9ece6a" :tool-error "#db4b4b"
+          :thinking-bg "#363b54" :symbolic-border "#565f89"
+          :separator "#292e42" :accent "#ff9e64" :dim "#444b6a")
+  :light nil)
+(cl-tty.theme:define-preset :dracula
+  :dark (:user-fg "#ff9580" :user-bg "#1e1f2b" :user-border "#ff9580"
+          :agent-border "#c0c0e0" :agent-header "#bd93f9" :agent-fg "#f8f8f2"
+          :system "#808080"
+          :input-prompt "#ff9580" :input-fg "#f8f8f2" :hint "#6272a4"
+          :status-bg "#191a24" :status-fg "#e0e0e0"
+          :bg "#0f101a" :bg-panel "#191a24" :bg-element "#1e1f2b"
+          :bg-input "#2e2e2e" :text-muted "#6272a4"
+          :dot-connected "#50fa7b" :dot-disconnected "#ff5555"
+          :error "#ff5555"
+          :tool-running "#ff9580" :tool-done "#50fa7b" :tool-error "#ff5555"
+          :thinking-bg "#3a3b50" :symbolic-border "#6272a4"
+          :separator "#34354a" :accent "#ff9580" :dim "#5a5b7a")
+  :light nil)
+(cl-tty.theme:define-preset :gemini
+  :dark (:user-fg "#87afff" :user-bg "#1a1a1a" :user-border "#87afff"
+          :agent-border "#d0d0d0" :agent-header "#d7afff" :agent-fg "#ffffff"
+          :system "#808080"
+          :input-prompt "#87afff" :input-fg "#ffffff" :hint "#606060"
+          :status-bg "#141414" :status-fg "#afafaf"
+          :bg "#000000" :bg-panel "#141414" :bg-element "#1a1a1a"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#d7ffd7" :dot-disconnected "#ff87af"
+          :error "#ff87af"
+          :tool-running "#87afff" :tool-done "#d7ffd7" :tool-error "#ff87af"
+          :thinking-bg "#3a3a3a" :symbolic-border "#707070"
+          :separator "#3a3a3a" :accent "#87afff" :dim "#5f5f5f")
+  :light nil)
+(cl-tty.theme:define-preset :mono
+  :dark (:user-fg "#e0e0e0" :user-bg "#1a1a1a" :user-border "#808080"
+          :agent-border "#a0a0a0" :agent-header "#c0c0c0" :agent-fg "#d0d0d0"
+          :system "#808080"
+          :input-prompt "#ffffff" :input-fg "#d0d0d0" :hint "#606060"
+          :status-bg "#141414" :status-fg "#b0b0b0"
+          :bg "#0a0a0a" :bg-panel "#141414" :bg-element "#1a1a1a"
+          :bg-input "#2e2e2e" :text-muted "#808080"
+          :dot-connected "#a0a0a0" :dot-disconnected "#808080"
+          :error "#808080"
+          :tool-running "#e0e0e0" :tool-done "#a0a0a0" :tool-error "#808080"
+          :thinking-bg "#3a3a3a" :symbolic-border "#808080"
+          :separator "#303030" :accent "#ffffff" :dim "#505050")
+  :light nil)
+
+;; Load default theme at startup
+(cl-tty.theme:load-preset *theme* :amber)
+
+(defun theme-save ()
+  "Persist current theme to disk."
+  (let ((path (merge-pathnames ".cache/passepartout/theme.lisp"
+                               (user-homedir-pathname))))
+    (ensure-directories-exist path)
+    (cl-tty.theme:save-theme *theme* path)))
+
+(defun theme-load ()
+  "Load persisted theme from disk. Called at startup."
+  (let ((path (merge-pathnames ".cache/passepartout/theme.lisp"
+                               (user-homedir-pathname))))
+    (unless (cl-tty.theme:load-theme *theme* path)
+      (cl-tty.theme:load-preset *theme* :amber))))
+
+(defun theme-switch (name)
+  "Switch to a named theme preset. Returns the preset name or nil if not found."
+  (let ((key (intern (string-upcase (string name)) :keyword)))
+    (cl-tty.theme:load-preset *theme* key)
+    (theme-save)
+    (setf (st :dirty) (list t t t))
+    key))
+
+(defun theme-color (role)
+  "Returns a hex color string for a semantic role via cl-tty.theme."
+  (or (cl-tty.theme:theme-color *theme* role)
+      "#FFFFFF"))
+
+(defun st (key) (getf *state* key))
+(defun (setf st) (val key) (setf (getf *state* key) val))
+
+(defun init-state ()
+  (setf *state*
+        (list :running t :mode :chat :connected nil :stream nil
+              :input-history nil :input-hpos 0
+              :text-input (cl-tty.input:make-text-input
+                           :on-submit #'handle-submit
+                           :on-cancel #'handle-cancel
+                           :on-tab #'handle-tab
+                           :on-history #'handle-history)
+              :messages (make-array 16 :adjustable t :fill-pointer 0)
+               :scroll-offset 0 :busy nil
+              :pending-ctrl-x nil
+              :scroll-at-bottom t :scroll-notify nil
+              :streaming-text nil :url-buffer nil            ; v0.7.1
+              :collapsed-gates nil                          ; v0.7.2
+              :search-mode nil :search-query ""           ; v0.7.2
+              :search-matches nil :search-match-idx 0
+               :sidebar-mode :auto                       ; v0.8.0: :auto/:visible/:hidden
+               :sidebar-width 42                           ; v0.8.0
+               :expand-tool-calls nil                      ; v0.8.0
+               :mcp-count 0                                ; v0.8.0
+               :kill-ring nil                               ; v0.9.0
+               :dialog-stack nil                           ; v0.8.0
+               :minibuffer-active nil                      ; v0.8.0
+                :command-palette-active nil                 ; v0.8.0
+                :command-palette-dialog nil                 ; v0.8.0
+                :session-cost 0.0                          ; v0.9.0
+                :daemon-version nil                        ; filled by handshake
+                :dirty (list nil nil nil))))
+#+END_SRC
+
+** Helpers
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-state.lisp
+(defun now ()
+  (multiple-value-bind (s m h) (get-decoded-time)
+    (declare (ignore s))
+    (format nil "~2,'0d:~2,'0d" h m)))
+
+(defun add-msg (role content &key gate-trace panel)
+  (vector-push-extend (list :role role :content content :time (now) :gate-trace gate-trace :panel panel) (st :messages))
+  ;; v0.7.0: notify when scrolled up and new msg arrives
+  (unless (st :scroll-at-bottom)
+    (setf (st :scroll-notify) t))
+  (setf (st :dirty) (list t t nil)))
+#+END_SRC
+
+** Slash Commands
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-state.lisp
+(defvar *slash-commands*
+  '((:title "/eval <expr> — Evaluate Lisp"        :value "/eval")
+    (:title "/undo — Undo last operation"           :value "/undo")
+    (:title "/redo — Redo last operation"           :value "/redo")
+    (:title "/reconnect — Re-establish daemon"     :value "/reconnect")
+    (:title "/quit — Save history and exit"        :value "/quit")
+    (:title "/q — Quick quit"                       :value "/q")
+    (:title "/why — Show last gate trace"           :value "/why")
+    (:title "/tags — List tag severities"           :value "/tags")
+    (:title "/audit <id> — Inspect memory"          :value "/audit")
+    (:title "/audit verify — Memory integrity"      :value "/audit verify")
+    (:title "/rewind <n> — Rewind to snapshot"     :value "/rewind")
+    (:title "/sessions — Show memory snapshots"    :value "/sessions")
+    (:title "/resume <n> — Resume from snapshot"   :value "/resume")
+    (:title "/theme [name] — Show/switch theme"    :value "/theme")
+    (:title "/context — Show context summary"      :value "/context")
+    (:title "/search <query> — Search messages"    :value "/search")
+    (:title "/help — Show commands"                 :value "/help")
+    (:title "/help <topic> — Search manual"         :value "/help "))
+  "Slash commands for minibuffer select-dialog.")
+
+(defvar *daemon-commands*
+  '((:title "Status — Daemon health info"          :value (:action :status))
+    (:title "Stats — Daemon statistics"              :value (:action :stats))
+    (:title "Ping — Daemon reachability"             :value (:action :ping))
+    (:title "Test Provider — Check connection"      :value (:action :provider-test))
+    (:title "Discover Models — List available"       :value (:action :provider-models))
+    (:title "Memory Snapshot — Capture state"        :value (:action :memory-snapshot))
+    (:title "Memory Rebuild — Rebuild indices"       :value (:action :memory-rebuild))
+    (:title "Memory Compact — Optimize storage"      :value (:action :memory-compact))
+    (:title "Reload Config — Reload configuration"   :value (:action :reload-config))
+    (:title "Reload Identity — Reload identity file" :value (:action :reload-identity))
+    (:title "List Skills — Available skills"         :value (:action :list-skills))
+    (:title "Help — Show daemon help"                :value (:action :help)))
+  "Daemon commands for the command palette (Ctrl+P).")
+
+(defun all-commands ()
+  "Merge slash commands, daemon commands, and menu entries into one unified list."
+  (append *menu-entries* *slash-commands* *daemon-commands*))
+
+(defvar *menu-entries*
+  '((:title "/config — LLM providers, cascade, network, folders, identity"
+     :value :config-menu
+     :action passepartout.channel-tui::show-config-main-menu))
+  "Special menu entries with actions (open submenus).")
+#+END_SRC
+
+** Event Queue
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-state.lisp
+(defun queue-event (ev)
+  (bt:with-lock-held (*event-lock*) (push ev *event-queue*)))
+
+(defun drain-queue ()
+  (bt:with-lock-held (*event-lock*)
+    (let ((evs (nreverse *event-queue*)))
+      (setf *event-queue* nil) evs)))
+#+END_SRC
--- a/org/channel-tui-view.org
+++ b/org/channel-tui-view.org
@@ -0,0 +1,517 @@
+#+TITLE: Passepartout TUI — View
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+
+* View
+
+|Pure render functions. Each takes the cl-tty backend and current state.
+|State is read via ~(st :key)~ — no mutation here.
+
+** Contract
+
+1. (view-status fb w h): no-op. Status bar is a clean black line.
+2. (view-chat fb w h): renders scrolled chat messages. User messages
+   get amber left border (│), agent messages no border, streaming
+   agent gets grey left border. Gate traces/tool calls use ╎ prefix.
+3. (view-input fb w h): renders expanding light grey input box,
+    multi-line word-wrapped prompt, hint bar at h-2. Text and cursor
+   rendered by cl-tty.input text-input's render method.
+4. (view-sidebar fb w h): renders sidebar panels using ~sidebar-lines~.
+5. (sidebar-lines): builds a flat list of (text . color-key) pairs for
+   the sidebar: gate trace, rules, cost, files, version.
+6. (msg->pairs msg index bordered-w unbordered-w is-search): converts
+    a message to renderable ~(border border-color text text-color &optional bg)~
+    lines. Handles markdown, gate trace, tool calls, search highlight.
+7. (render-pair fb hpad y pair): draws one message line pair.
+8. (redraw fb w h): wraps view-status/chat/input in begin-sync/end-sync,
+   dispatches per dirty flags, fills global :bg first.
+9. ~cl-tty.box:char-width~ for terminal column width.
+   ASCII < 128 = 1. CJK, fullwidth, emoji = 2. Combining marks = 0.
+   Tab = 8. Used by cl-tty.box:word-wrap for accurate line counting.
+10. (sidebar-visible-p w): returns T if sidebar should show given width W
+    and current :sidebar-mode (:auto >120, :visible always, :hidden never).
+
+** Status Bar
+
+The status bar, as of v0.4.0, renders Passepartout's three differentiator
+visualizations — data only available because of the deterministic gate
+architecture:
+
+- *Rule counter* (~Rules:N~): the number of pending HITL actions from the
+  Dispatcher's ~*hitl-pending*~ hash table. The user watches this tick up
+  as they teach the agent their preferences through approve/deny decisions.
+- *Focus map* (~[Focus: <id>]~): the foveal focus from the daemon's signal
+  context. Shows the user what the agent is currently looking at.
+- *Gate trace* (not rendered in status bar — attached to individual
+  messages via ~:gate-trace~ field for future collapsible rendering per
+  message).
+
+All three enrichments cost 0 LLM tokens — they are daemon-state queries
+that the TUI actuator attaches to the response plist before transmission.
+
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(in-package :passepartout.channel-tui)
+
+(defun sidebar-visible-p (w)
+  "Compute whether sidebar should be shown given terminal width W
+and current sidebar mode (:auto/:visible/:hidden)."
+  (let ((mode (st :sidebar-mode)))
+    (or (eq mode :visible)
+        (and (eq mode :auto) (> w 120)))))
+
+(defun view-status (fb w h)
+  (declare (ignore fb w h))
+  ;; Status bar is now a clean black line — blends with global :bg.
+  ;; No clock, no dot, no text. Everything clean.
+  )
+
+(defun input-panel-top (chat-w h)
+  "Compute the top row of the input panel based on current input text."
+  (let* ((hpad 2)
+         (inner-w (- chat-w (* 2 hpad)))
+         (prompt-w (- inner-w 2))
+         (text (cl-tty.input:text-input-value (st :text-input)))
+         (lines (cl-tty.box:word-wrap text prompt-w))
+         (n-lines (max 1 (length lines)))
+         (panel-rows (max 4 (+ n-lines 2))))
+    (- h 4 panel-rows -1)))
+#+end_src
+
+;; Build simple tab-like blocks
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(in-package :passepartout.channel-tui)
+
+(defun msg->pairs (msg index bordered-w unbordered-w is-search)
+  "Convert a message to a list of (border-str border-color text-str text-color &optional bg) lines."
+  (let* ((role (getf msg :role))
+         (content (getf msg :content))
+         (cs (if is-search (cl-tty.markdown:search-highlight content (st :search-query)) content))
+         (pairs nil)
+         (think-bg (theme-color :thinking-bg))
+         (sym-bdr (theme-color :symbolic-border))
+         (agent-bdr (theme-color :agent-border))
+         (user-bdr (theme-color :user-border))
+         (user-fg (theme-color :user-fg))
+         (agent-fg (theme-color :agent-fg))
+         (system-fg (theme-color :system)))
+    (case role
+      (:user
+       (dolist (l (cl-tty.box:word-wrap cs bordered-w))
+         (push (list "│" user-bdr l user-fg) pairs)))
+      (:agent
+       (let* ((streaming (getf msg :streaming))
+              (think-rect (if streaming think-bg nil))
+              (bdr (if streaming nil agent-bdr))
+              (bstr (if streaming nil "│"))
+              (wrap-w (if streaming unbordered-w bordered-w))
+              (nodes (cl-tty.markdown:parse-blocks cs))
+              (raw-body (or (and nodes (cl-tty.markdown:render-md nodes)) (list "")))
+              (body (mapcan (lambda (l) (cl-tty.box:word-wrap l wrap-w)) raw-body)))
+         (dolist (l body)
+           (push (list bstr bdr l agent-fg think-rect) pairs))))
+      (t (dolist (l (cl-tty.box:word-wrap cs unbordered-w))
+           (push (list nil nil l system-fg) pairs))))
+    ;; Gate trace
+    (let ((gt (getf msg :gate-trace)))
+      (when (and gt (eq role :agent))
+        (if (member index (st :collapsed-gates))
+            (push (list "│" sym-bdr (format nil "Gate trace: ~a gates" (length gt)) sym-bdr) pairs)
+            (dolist (entry (passepartout::gate-trace-lines gt))
+              (let ((ec (theme-color (getf (cdr entry) :fgcolor))))
+                (dolist (l (cl-tty.box:word-wrap (car entry) bordered-w))
+                  (push (list "│" sym-bdr l ec) pairs)))))))
+    ;; Tool calls
+    (let ((tc (getf msg :tool-calls)))
+      (when tc
+        (if (member index (st :collapsed-tools))
+            (let* ((n (or (getf (first tc) :name) "tool"))
+                   (d (or (getf (first tc) :duration) 0.0)))
+              (push (list "│" (theme-color :tool-done) (format nil "~a … ~,1fs" n d) (theme-color :tool-done)) pairs))
+            (dolist (call tc)
+              (let* ((name (or (getf call :name) "tool"))
+                     (dur (or (getf call :duration) 0.0))
+                     (st (getf call :status))
+                     (out (getf call :output))
+                     (bc (theme-color
+                          (cond ((eq st :running) :tool-running)
+                                ((eq st :error) :tool-error)
+                                (t :tool-done))))
+                     (pfx (cond ((eq st :error) "✗") ((eq st :running) "●") (t "✓")))
+                     (ol (when out (cl-tty.box:word-wrap out bordered-w))))
+                (push (list "│" bc (format nil "~a ~a  ~,1fs" pfx name dur) bc) pairs)
+                (dolist (l ol)
+                  (push (list "│" bc l bc) pairs)))))))
+    (nreverse pairs)))
+
+(defun render-pair (fb hpad y pair)
+  "Draw a single (border-str border-color text-str text-color &optional bg) line."
+  (destructuring-bind (bstr bcolor tstr tcolor &optional rect-bg) pair
+    (when rect-bg
+      (cl-tty.backend:draw-rect fb 0 y 1 1 :bg rect-bg))
+    (let ((has-border (and bstr (> (length bstr) 0))))
+      (when has-border
+        (cl-tty.backend:draw-text fb hpad y bstr bcolor (theme-color :bg)))
+      (cl-tty.backend:draw-text fb (+ hpad (if has-border 2 0)) y tstr tcolor (theme-color :bg)))))
+
+(defun view-chat (fb w h)
+  (let* ((w (or (and (numberp w) (> w 0) w) 80))
+         (h (or (and (numberp h) (> h 0) h) 24))
+         (hpad 2)
+         (sidebar-w (if (sidebar-visible-p w) (or (st :sidebar-width) 42) 0))
+         (chat-w (- w sidebar-w))
+         (msgs (st :messages)) (total (length msgs))
+         (panel-top (input-panel-top chat-w h))
+         (max-lines (max 0 panel-top)) (is-search (st :search-mode))
+         (bordered-w (- chat-w (* 2 hpad) 2))
+         (unbordered-w (- chat-w (* 2 hpad)))
+         (y 0))
+    ;; Search header
+    (when is-search
+      (let* ((matches (st :search-matches)) (idx (st :search-match-idx))
+             (query (st :search-query))
+             (hdr (format nil "Search: ~d matches for '~a' (~d/~d) — Esc to exit"
+                          (length matches) query (1+ idx) (length matches))))
+        (cl-tty.backend:draw-text fb hpad y hdr (theme-color :accent) nil)
+        (incf y) (decf max-lines)))
+    ;; Build all message lines once
+    (let* ((msg-lines (map 'vector
+                           (lambda (msg i) (msg->pairs msg i bordered-w unbordered-w is-search))
+                           msgs
+                           (make-array total :initial-contents (loop for i below total collect i))))
+           (heights (map 'vector #'length msg-lines))
+           (scroll-skip (st :scroll-offset))
+           (i 0))
+      ;; Forward scan: skip messages scrolled past, then render visible ones
+      (loop while (< i total)
+            do (let ((hgt (aref heights i)))
+                 (if (> scroll-skip 0)
+                     (decf scroll-skip hgt)
+                     (let ((msg-y y))
+                       (dolist (pair (aref msg-lines i))
+                         (when (>= msg-y panel-top) (return))
+                         (render-pair fb hpad msg-y pair)
+                         (incf msg-y))
+                       (setf y (1+ msg-y))  ;; +1 spacer between messages
+                       (when (>= y panel-top) (return)))))
+            (incf i)))))
+#+END_SRC
+
+** Input Line
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(defun view-input (fb w h)
+  (let* ((w (or (and (numberp w) (> w 0) w) 80))
+         (h (or (and (numberp h) (> h 0) h) 24))
+         (hpad 2)
+         (sidebar-w (if (sidebar-visible-p w) (or (st :sidebar-width) 42) 0))
+         (chat-w (- w sidebar-w))
+         (inner-w (- chat-w (* 2 hpad)))
+         (prompt-w (- inner-w 2))
+         (input (st :text-input))
+         (n-lines (max 1 (length (cl-tty.box:word-wrap (cl-tty.input:text-input-value input) prompt-w))))
+          (panel-rows (max 4 (+ n-lines 2)))
+          (panel-top (input-panel-top chat-w h))
+         (bg-i (theme-color :bg-input))
+         (hint-fg (theme-color :hint)))
+    ;; Fill input panel
+    (cl-tty.backend:draw-rect fb hpad panel-top inner-w panel-rows :bg bg-i)
+    ;; Speaker lines for all input rows
+    (dotimes (r panel-rows)
+      (cl-tty.backend:draw-text fb hpad (+ panel-top r) "│" (theme-color :input-prompt) nil))
+    ;; Render text-input widget (word-wrap + cursor)
+    (let ((ln (cl-tty.layout:make-layout-node)))
+      (setf (cl-tty.layout:layout-node-x ln) (+ hpad 2)
+            (cl-tty.layout:layout-node-y ln) (1+ panel-top)
+            (cl-tty.layout:layout-node-width ln) prompt-w)
+      (setf (cl-tty.input:text-input-layout-node input) ln)
+      (cl-tty.box:render input fb))
+    ;; Hint bar at h-2
+    (let* ((focal (or (st :foveal-id) "-"))
+           (focal-str (format nil "F:~a" focal))
+           (mcp-str (format nil "MCP:~d" (or (st :mcp-count) 0)))
+           (left-str (format nil "~a  ~a" focal-str mcp-str))
+           (msg-count (max 1 (length (st :messages))))
+           (ctx-est (* msg-count 60))
+           (ctx-limit 8192)
+           (ctx-pct (min 100 (floor (* 100 ctx-est) ctx-limit)))
+           (ctx-tok (if (< ctx-est 1000)
+                        (format nil "~d" ctx-est)
+                        (format nil "~dK" (floor ctx-est 1000))))
+           (ctx-str (format nil "~a (~d%%)" ctx-tok ctx-pct))
+           (hint-str "ctrl+p | /help")
+           (ctx-fg (cond ((< ctx-pct 50) (theme-color :tool-done))
+                         ((< ctx-pct 80) (theme-color :input-prompt))
+                         (t (theme-color :error))))
+           (hint-x (- chat-w (length hint-str) 2))
+           (ctx-x (- hint-x 1 (length ctx-str))))
+      (cl-tty.backend:draw-text fb hpad (- h 2) left-str hint-fg (theme-color :bg))
+      (cl-tty.backend:draw-text fb ctx-x (- h 2) ctx-str ctx-fg (theme-color :bg))
+      (cl-tty.backend:draw-text fb hint-x (- h 2) hint-str hint-fg (theme-color :bg)))))
+#+end_src
+
+** Sidebar
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(defun sidebar-lines ()
+  "Collect all sidebar lines as (text . color-key) pairs."
+  (let* ((msgs (st :messages))
+         (last-gt (loop for i from (1- (length msgs)) downto 0
+                        for m = (aref msgs i)
+                        when (getf m :gate-trace)
+                        return (getf m :gate-trace)))
+         (blocked (loop for i below (length msgs)
+                        for m = (aref msgs i)
+                        sum (loop for g in (getf m :gate-trace)
+                                  count (eq (getf g :result) :blocked))))
+         (ver (or (st :daemon-version) ""))
+         (ver-label (if (> (length ver) 0) (format nil "passepartout ~a" ver) "passepartout"))
+         (dot (if (st :connected) "●" "○"))
+         (dot-color (if (st :connected) :dot-connected :dot-disconnected)))
+    (append
+     ;; Gate Trace
+     (list (cons "GATE TRACE" :accent))
+     (if last-gt
+         (mapcan (lambda (g)
+                   (let* ((name (getf g :gate))
+                          (result (getf g :result))
+                          (reason (getf g :reason))
+                          (glyph (case result (:passed "✓") (:blocked "✗") (:approval "→") (t "?")))
+                          (color (case result
+                                   (:passed :tool-done)
+                                   (:blocked :error)
+                                   (:approval :input-prompt)
+                                   (t :dim))))
+                     (if reason
+                         (list (cons (format nil "  ~a ~a" glyph name) color)
+                               (cons (format nil "    ~a" reason) :dim))
+                         (list (cons (format nil "  ~a ~a" glyph name) color)))))
+                 last-gt)
+         (list (cons "  (none)" :dim)))
+     ;; Rules
+     (list (cons "" nil))
+     (list (cons "RULES" :accent))
+     (list (cons (format nil "  ~d active" (or (st :rule-count) 0)) :agent-fg))
+     (list (cons (format nil "  ~d blocked" blocked)
+                  (if (> blocked 0) :error :dim)))
+     ;; Cost
+     (list (cons "" nil))
+     (list (cons "COST" :accent))
+     (list (cons (format nil "  $~,2f" (or (st :session-cost) 0.0)) :status-fg))
+     ;; Files
+     (list (cons "" nil))
+     (list (cons "FILES" :accent))
+     (list (cons "  (not yet)" :dim))
+     ;; spacer
+     (list (cons "" nil))
+     ;; Version footer — rendered at h-2, not in the loop
+     (list (cons (format nil "~a ~a" dot ver-label) dot-color)))))
+
+(defun view-sidebar (fb w h)
+  (let* ((w (or (and (numberp w) (> w 0) w) 80))
+         (h (or (and (numberp h) (> h 0) h) 24))
+         (x (- w (or (st :sidebar-width) 42)))
+         (lines (sidebar-lines))
+         (content-lines (butlast lines))
+         (footer-line (car (last lines))))
+    (cl-tty.backend:draw-rect fb x 0 (- w x) (1- h) :bg (theme-color :bg-panel))
+    (loop for (text . color-key) in content-lines
+          for y from 0
+          when text
+            do (cl-tty.backend:draw-text fb (+ x 2) y text
+                                          (if color-key (theme-color color-key) (theme-color :dim))
+                                          (theme-color :bg-panel)))
+    ;; Version footer at h-2
+    (when footer-line
+      (cl-tty.backend:draw-text fb (+ x 2) (- h 2) (car footer-line)
+                                (theme-color (cdr footer-line))
+                                (theme-color :bg-panel)))))
+#+END_SRC
+
+** Redraw (dirty-flag dispatch)
+#+begin_src lisp
+(defun redraw (fb w h)
+  (setq w (or (and (numberp w) (> w 0) w) 80)
+        h (or (and (numberp h) (> h 0) h) 24))
+  (when (or (first (st :dirty)) (second (st :dirty)) (third (st :dirty)))
+    (handler-case
+        (progn
+          (cl-tty.backend:with-frame (fb)
+            (cl-tty.backend:draw-rect fb 0 0 w h :bg (theme-color :bg))
+            (view-status fb w h)
+            (view-chat fb w h)
+            (view-input fb w h)
+            (when (sidebar-visible-p w)
+              (view-sidebar fb w h)))
+          (setf (st :dirty) (list nil nil nil)))
+      (error (c)
+        (add-msg :system (format nil "* Render error: ~a *" c))))))
+
+#+END_SRC
+
+* v0.7.2 — Gate Trace
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(in-package :passepartout)
+
+(defun gate-trace-lines (trace)
+  "Convert gate-trace plist to display lines."
+  (let ((lines nil))
+    (dolist (entry trace)
+      (let* ((gate (getf entry :gate))
+             (result (getf entry :result))
+             (reason (getf entry :reason))
+             (name (or gate "unknown"))
+             (color (case result
+                       (:passed :tool-done)
+                       (:blocked :error)
+                       (:approval :accent)
+                       (t :dim)))
+             (prefix (case result
+                       (:passed "  \u2713 ")
+                       (:blocked "  \u2717 ")
+                       (:approval "  \u2192 ")
+                       (t "  ? ")))
+             (text (format nil "~a~a~@[~a~]~@[~a~]"
+                           prefix name
+                           (when reason (format nil ": ~a" reason))
+                           (if (eq result :approval) " (HITL required)" ""))))
+        (push (cons text (list :fgcolor color)) lines)))
+    (nreverse lines)))
+#+END_SRC
+
+* Test Suite
+#+BEGIN_SRC lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui-view.lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-tui-view-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:tui-view-suite))
+
+(in-package :passepartout-tui-view-tests)
+
+(def-suite tui-view-suite :description "TUI view rendering helpers")
+(in-suite tui-view-suite)
+
+(test test-markdown-bold
+  "parse-inline detects **bold**."
+  (let ((nodes (cl-tty.markdown:parse-inline "hello **world**!")))
+    (is (= 3 (length nodes)))
+    (is (eq :bold (getf (second nodes) :type)))))
+
+(test test-markdown-plain
+  "parse-inline returns text node for plain input."
+  (let ((nodes (cl-tty.markdown:parse-inline "plain")))
+    (is (= 1 (length nodes)))
+    (is (eq :text (getf (first nodes) :type)))))
+
+(test test-markdown-url
+  "parse-inline returns text nodes including URLs (no built-in auto-link)."
+  (let ((nodes (cl-tty.markdown:parse-inline "see https://example.com for more")))
+    (is (>= (length nodes) 1))))
+
+(test test-markdown-blocks
+  "parse-blocks detects code blocks."
+  (let* ((text (format nil "before~%```lisp~%(+ 1 2)~%```~%after"))
+         (nodes (cl-tty.markdown:parse-blocks text)))
+    (is (= 3 (length nodes)))
+    (is (eq :code-block (getf (second nodes) :type)))
+    (is (string= "(+ 1 2)" (string-trim '(#\Space #\Newline)
+                              (getf (second nodes) :content))))))
+
+(test test-markdown-blocks-no-close
+  "parse-blocks returns code-block even when unclosed."
+  (let* ((text "```~%unclosed code")
+         (nodes (cl-tty.markdown:parse-blocks text)))
+    (is (eq :code-block (getf (first nodes) :type)))))
+
+(test test-syntax-highlight
+  "highlight-code returns segment pairs for Lisp code."
+  (let ((result (cl-tty.markdown:highlight-code "(defun foo (x) (+ x 1))" "lisp")))
+    (is (listp result))
+    (is (> (length result) 0))))
+
+(test test-syntax-highlight-keyword
+  "highlight-code classifies keywords."
+  (let ((result (cl-tty.markdown:highlight-code "(let ((x 1)) (+ x 2))" "lisp")))
+    (is (find :keyword result :key #'cdr))))
+
+(test test-syntax-highlight-function
+  "highlight-code classifies function calls."
+  (let ((result (cl-tty.markdown:highlight-code "(+ 1 2)" "lisp")))
+    (is (listp result))
+    (is (> (length result) 0))))
+
+(test test-gate-trace-lines-passed
+  "Contract 9: gate-trace-lines for passed gate."
+  (let ((lines (passepartout::gate-trace-lines
+                '((:gate "path" :result :passed)))))
+    (is (= 1 (length lines)))
+    (is (eq :tool-done (getf (cdar lines) :fgcolor)))))
+
+(test test-gate-trace-lines-blocked
+  "Contract 9: gate-trace-lines for blocked gate."
+  (let ((lines (passepartout::gate-trace-lines
+                '((:gate "shell" :result :blocked :reason "rm")))))
+    (is (= 1 (length lines)))
+    (is (search "rm" (caar lines)))))
+
+(test test-gate-trace-lines-approval
+  "Contract 9: gate-trace-lines for approval gate."
+  (let ((lines (passepartout::gate-trace-lines
+                '((:gate "network" :result :approval)))))
+    (is (= 1 (length lines)))
+    (is (search "HITL" (caar lines)))))
+
+(test test-init-state-has-collapsed-gates
+  "Contract v0.7.2: init-state includes :collapsed-gates field."
+  (passepartout.channel-tui::init-state)
+  (let ((cg (passepartout.channel-tui::st :collapsed-gates)))
+    (is (null cg))))
+
+(test test-sidebar-state
+  "Contract v0.8.0: init-state includes :sidebar-mode (:auto) and :sidebar-width (42)."
+  (passepartout.channel-tui::init-state)
+  (is (eq :auto (passepartout.channel-tui::st :sidebar-mode)))
+  (is (= 42 (passepartout.channel-tui::st :sidebar-width))))
+
+(defun sidebar-visible-p (w)
+  "Compute whether sidebar should be shown given terminal width W
+and current sidebar mode."
+  (let ((mode (passepartout.channel-tui::st :sidebar-mode)))
+    (or (eq mode :visible)
+        (and (eq mode :auto) (> w 120)))))
+
+(test test-sidebar-auto-wide
+  "Contract v0.8.0: sidebar auto-shows when terminal > 120 cols."
+  (passepartout.channel-tui::init-state)
+  (setf (passepartout.channel-tui::st :sidebar-mode) :auto)
+  (is (sidebar-visible-p 140))
+  (is (not (sidebar-visible-p 100))))
+
+(test test-sidebar-visible-mode
+  "Contract v0.8.0: :visible mode shows sidebar regardless of width."
+  (passepartout.channel-tui::init-state)
+  (setf (passepartout.channel-tui::st :sidebar-mode) :visible)
+  (is (sidebar-visible-p 40))
+  (is (sidebar-visible-p 140)))
+
+(test test-sidebar-hidden-mode
+  "Contract v0.8.0: :hidden mode hides sidebar regardless of width."
+  (passepartout.channel-tui::init-state)
+  (setf (passepartout.channel-tui::st :sidebar-mode) :hidden)
+  (is (not (sidebar-visible-p 140)))
+  (is (not (sidebar-visible-p 40))))
+
+(test test-status-bar-tokens
+  "v0.9.0: status bar uses :status-fg and :status-bg theme tokens."
+  (is (stringp (passepartout.channel-tui:theme-color :status-fg)))
+  (is (stringp (passepartout.channel-tui:theme-color :status-bg))))
+
+(test test-new-theme-keys
+  "v0.10.0: theme has all zone keys."
+  (is (stringp (passepartout.channel-tui:theme-color :bg)))
+  (is (stringp (passepartout.channel-tui:theme-color :bg-panel)))
+  (is (stringp (passepartout.channel-tui:theme-color :bg-element)))
+  (is (stringp (passepartout.channel-tui:theme-color :bg-input)))
+  (is (stringp (passepartout.channel-tui:theme-color :agent-border)))
+  (is (stringp (passepartout.channel-tui:theme-color :thinking-bg)))
+  (is (stringp (passepartout.channel-tui:theme-color :symbolic-border)))
+  (is (stringp (passepartout.channel-tui:theme-color :text-muted))))
+#+END_SRC
--- a/org/channel-tui.org
+++ b/org/channel-tui.org
@@ -0,0 +1,173 @@
+#+TITLE: Passepartout TUI
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui.lisp
+
+* TUI
+
+Direct-rendering TUI using cl-tty backend + framebuffer. Layout by
+~compute-layout~. Three zones: status (3 lines), chat, input.
+
+#+begin_src lisp :tangle /home/user/.local/share/passepartout/lisp/channel-tui.lisp
+(in-package :cl-user)
+
+(ql:quickload :cl-tty :silent t)
+(ql:quickload :passepartout :silent t)
+(ql:quickload :usocket :silent t)
+(ql:quickload :bordeaux-threads :silent t)
+
+(defpackage :passepartout.tui
+  (:use :cl :cl-tty.backend :cl-tty.input :cl-tty.rendering :cl-tty.layout)
+  (:export #:tui-main))
+(in-package :passepartout.tui)
+
+(defvar *messages* (make-array 0 :fill-pointer 0 :adjustable t))
+(defvar *daemon-stream* nil)
+(defvar *event-queue* nil)
+(defvar *event-lock* (bt:make-lock "tui-event"))
+(defvar *streaming-text* nil)
+(defvar *input-buf* nil)
+(defvar *cursor-pos* 0)
+(defvar *connected* nil)
+(defvar *running* t)
+
+;; Input
+(defun input-insert-char (ch)
+  (let ((pos *cursor-pos*))
+    (setf *input-buf* (concatenate 'list (subseq *input-buf* 0 pos) (list ch)
+                                   (subseq *input-buf* pos)))
+    (incf *cursor-pos*)))
+
+(defun input-delete-char ()
+  (when (and *input-buf* (> *cursor-pos* 0))
+    (setf *input-buf* (nconc (subseq *input-buf* 0 (1- *cursor-pos*))
+                              (subseq *input-buf* *cursor-pos*)))
+    (decf *cursor-pos*)))
+
+(defun input-string () (coerce (reverse *input-buf*) 'string))
+
+(defun input-submit ()
+  (let ((text (string-trim '(#\Space) (input-string))))
+    (when (> (length text) 0)
+      (vector-push-extend (list :role :user :content text) *messages*)
+      (send-daemon `(:type :event :payload (:sensor :user-input :text ,text)))
+      (setf *input-buf* nil *cursor-pos* 0))))
+
+;; Daemon
+(defun send-daemon (msg)
+  (let ((s *daemon-stream*))
+    (when (and s (open-stream-p s))
+      (handler-case
+          (let ((str (prin1-to-string msg)))
+            (format s "~6,'0X~A" (length str) str)
+            (finish-output s))
+        (error () nil)))))
+
+(defun connect-daemon (&optional (host "127.0.0.1") (port 9105))
+  (handler-case
+      (let ((s (usocket:socket-connect host port :timeout 5)))
+        (setf *daemon-stream* (usocket:socket-stream s) *connected* t)
+        (bt:make-thread (lambda () (reader-loop)) :name "tui-reader")
+        (vector-push-extend '(:role :system :content "* Connected *") *messages*))
+    (error (c)
+      (vector-push-extend (list :role :system :content
+                                (format nil "* Connection failed: ~A *" c))
+                          *messages*))))
+
+(defun reader-loop ()
+  (loop while *running*
+        for msg = (handler-case
+                      (let* ((hdr (make-string 6)) (n 0))
+                        (loop while (< n 6)
+                              do (let ((ch (read-char *daemon-stream* nil)))
+                                   (unless ch (return-from reader-loop nil))
+                                   (setf (char hdr n) ch) (incf n)))
+                        (let* ((len (parse-integer hdr :radix 16 :junk-allowed t))
+                               (buf (make-string (or len 0))))
+                          (when (and len (> len 0))
+                            (loop for i from 0 below len
+                                  do (let ((ch (read-char *daemon-stream* nil)))
+                                       (unless ch (return-from reader-loop nil))
+                                       (setf (char buf i) ch)))
+                            (let ((*read-eval* nil)) (read-from-string buf)))))
+                    (error () nil))
+        if msg do (bt:with-lock-held (*event-lock*) (push msg *event-queue*))
+        else do (sleep 0.5)))
+
+;; Render
+(defun render-frame (fb w h)
+  (backend-clear fb)
+  (let ((fg (if *connected* "#00FF00" "#FF4444")))
+    (draw-text fb 1 1
+      (format nil " Passepartout  ~a  [CHAT]  msgs:~d"
+              (if *connected* "● Connected" "○ Disconnected")
+              (length *messages*))
+      fg nil)
+    (draw-text fb 1 2 " Ctrl+P: palette  Ctrl+Q: quit  /help: help" "#888888" nil))
+  (let ((y 4))
+    (loop for i from (1- (length *messages*)) downto 0
+          for msg = (aref *messages* i)
+          do (let* ((role (getf msg :role))
+                    (content (getf msg :content))
+                    (fg (case role (:user "#00FF00") (:agent "#FFFFFF")
+                                 (:system "#FFFF00") (t "#888888")))
+                    (pfx (case role (:user "> ") (:agent "  ") (:system "* ") (t "  ")))))
+               (draw-text fb 1 y (concatenate 'string pfx content) fg nil)
+               (incf y))
+          (when (> y (- h 3)) (loop-finish))))
+  (draw-text fb 1 (- h 1) (concatenate 'string "> " (input-string)) "#FFFFFF" "#0F3460"))
+
+;; Event loop
+(defun tui-main ()
+  (setf *running* t *messages* (make-array 0 :fill-pointer 0 :adjustable t))
+  (connect-daemon)
+  (with-raw-terminal
+    (with-terminal (be w h)
+      (let ((prev-fb (make-framebuffer w h))
+            (curr-fb (make-framebuffer w h)))
+        (loop while *running* do
+          (bt:with-lock-held (*event-lock*)
+            (dolist (msg (nreverse *event-queue*))
+              (let* ((payload (getf msg :payload)) (text (getf payload :text))
+                     (type (getf msg :type)))
+                (cond
+                  ((and (eq type :stream-chunk) text (not (string= text "")))
+                   (if *streaming-text*
+                       (setf *streaming-text* (concatenate 'string *streaming-text* text))
+                       (setf *streaming-text* text
+                             *messages* (let ((v (make-array (1+ (length *messages*))
+                                               :fill-pointer (1+ (length *messages*))
+                                               :adjustable t)))
+                                         (loop for i below (length *messages*)
+                                               do (setf (aref v i) (aref *messages* i)))
+                                         (setf (aref v (length *messages*))
+                                               (list :role :thinking :content text))
+                                         v))))
+                  ((and (eq type :stream-chunk) (string= text ""))
+                   (setf *streaming-text* nil))
+                  (text
+                   (vector-push-extend (list :role :agent :content text) *messages*)))))
+            (setf *event-queue* nil))
+          (multiple-value-bind (type data) (read-event be :timeout 0)
+            (declare (ignore type))
+            (when (key-event-p data)
+              (let ((k (key-event-key data)))
+                (cond
+                  ((eq k :escape) (when *streaming-text* (setf *streaming-text* nil)))
+                  ((eq k :enter) (input-submit))
+                  ((eq k :backspace) (input-delete-char))
+                  ((eq k :left) (when (> *cursor-pos* 0) (decf *cursor-pos*)))
+                  ((eq k :right) (when (< *cursor-pos* (length *input-buf*))
+                                   (incf *cursor-pos*)))
+                  ((eq k :ctrl-u) (setf *input-buf* nil *cursor-pos* 0))
+                  ((eq k :ctrl-a) (setf *cursor-pos* 0))
+                  ((eq k :ctrl-e) (setf *cursor-pos* (length *input-buf*)))
+                  ((eq k :ctrl-d) (when (null *input-buf*) (setf *running* nil)))
+                  ((eq k :ctrl-q) (setf *running* nil))
+                  (t (let ((chr (when (keywordp k)
+                                   (let ((s (string k)))
+                                     (when (= (length s) 1) (char-downcase (char s 0)))))))
+                       (when chr (input-insert-char chr))))))))
+          (render-frame curr-fb w h)
+          (flush-framebuffer prev-fb curr-fb be)
+          (rotatef prev-fb curr-fb)
+          (sleep 0.05))))))
+#+end_src
--- a/org/core-act.org
+++ b/org/core-act.org
@@ -0,0 +1,528 @@
+#+TITLE: Stage 3: Act (act.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:act:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-act.lisp
+
+* Overview: Architectural Intent
+
+The Act stage is where cognition meets reality. After the Probabilistic engine proposes an action and the Deterministic engine verifies it, Act executes it through the appropriate actuator.
+
+An actuator is a function that takes (action context) and performs a physical operation: send a message to the TUI, execute a shell command, call a Telegram API, write to a file. Actuators are registered in a global hash table (~*actuator-registry*~) and dispatched by name.
+
+The key architectural choice: **actuators are not privileged**. The same dispatch mechanism that routes to :shell or :file also routes to :telegram or :signal. There is no special handling for dangerous actuators — safety is enforced at the Reason stage by the deterministic engine, not by Act. This means:
+
+1. Adding a new actuator requires no changes to the core — just register it
+2. Safety is centralized in the deterministic gates, not scattered across actuator implementations
+3. Every actuator benefits from the same security checks (the Dispatcher, the Policy)
+
+** Why Dispatch-Action Verifies Again?
+
+The Reason stage already ran every proposed action through the deterministic engine. So why does ~loop-gate-act~ call ~cognitive-verify~ again?
+
+Because a skill's deterministic gate runs during Reason, but between Reason and Act, the action might have been transformed by the pipeline (metadata added, format normalized). The last-mile verification catches any transformation that might have introduced an unsafe property. It's the same philosophy as "trust but verify" — the second check is cheap and catches a class of bugs that would otherwise be silent data corruption.
+
+** Contract
+
+1. (loop-gate-act signal): the final pipeline stage. Handles HITL
+   ~:approval-required~ (suspends action), runs last-mile
+   ~cognitive-verify~ on approved actions, dispatches via
+   ~action-dispatch~, sets ~:status :acted~, returns feedback.
+2. (act-gate signal): thin alias for ~loop-gate-act~.
+3. (action-dispatch approved signal): routes approved actions to
+    registered actuators by ~:target~ keyword.
+ 4. (tui-enrich-response action context): enriches the outgoing action
+    plist with sidebar fields — ~:block-counts~, ~:context-usage~,
+    ~:modified-files~, ~:session-cost~ (v0.8.0) — plus existing
+    ~:rule-count~ and ~:foveal-id~ (v0.4.0). Each field is
+    ~fboundp~-guarded; missing skills produce nil. Called from the
+    ~:tui~ actuator lambda.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Actuator Configuration
+
+~*actuator-default*~ determines where actions go when no explicit target is specified. Defaults to ~:cli~.
+
+~*actuator-silent*~ lists actuator targets that don't generate tool-output feedback. For example, sending a message to the CLI or Emacs doesn't need to produce a tool-output event — the user can see the message directly. This prevents redundant feedback loops.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *actuator-default* :cli
+  "The actuator used when no explicit target is specified.")
+
+#+end_src
+** *actuator-silent*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *actuator-silent* '(:cli :system-message :emacs)
+  "List of actuators that don't generate tool-output feedback.")
+
+#+end_src
+** actuator-initialize
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun actuator-initialize ()
+  "Register core actuators and load configuration."
+  (let ((def (uiop:getenv "DEFAULT_ACTUATOR"))
+        (silent (uiop:getenv "SILENT_ACTUATORS")))
+    (when def
+      (setf *actuator-default* (intern (string-upcase def) :keyword)))
+    (when silent
+      (setf *actuator-silent*
+            (mapcar (lambda (s) (intern (string-upcase (string-trim '(#\Space) s)) :keyword))
+                    (uiop:split-string silent :separator '(#\,))))))
+
+  (register-actuator :system #'action-system-execute)
+  (register-actuator :tool #'action-tool-execute)
+
+  (register-actuator :tui (lambda (action context)
+                             (declare (ignore context))
+                             (let* ((meta (getf action :meta))
+                                    (stream (getf meta :reply-stream)))
+                               (when (and stream (open-stream-p stream))
+                                 ;; Enrich response with differentiator visualization data
+                              (setf (getf (getf action :payload) :rule-count)
+                                    (if (boundp '*hitl-pending*)
+                                        (hash-table-count *hitl-pending*)
+                                        0))
+                                 (setf (getf (getf action :payload) :foveal-id)
+                                       (getf context :foveal-id))
+                                 ;; v0.8.0: sidebar enrichment via fboundp guards
+                                 (when (fboundp 'dispatcher-block-counts-summary)
+                                   (setf (getf (getf action :payload) :block-counts)
+                                         (dispatcher-block-counts-summary)))
+                                 (when (fboundp 'context-usage-percentage)
+                                   (setf (getf (getf action :payload) :context-usage)
+                                         (context-usage-percentage)))
+                                 (when (fboundp 'tool-modified-files-summary)
+                                   (setf (getf (getf action :payload) :modified-files)
+                                         (tool-modified-files-summary)))
+                                 (when (fboundp 'cost-session-summary)
+                                   (setf (getf (getf action :payload) :session-cost)
+                                         (cost-session-summary)))
+                                 (format stream "~a" (frame-message action))
+                                 (finish-output stream))))))
+#+end_src
+
+** TUI Differentiator Enrichment (v0.4.0, extended v0.8.0)
+
+The TUI actuator is the last point in the pipeline before the response leaves the daemon. It enriches the action plist with fields that power the TUI's differentiator visualizations:
+
+- ~:rule-count~ = ~(hash-table-count *hitl-pending*)~ — the number of pending HITL actions. The user watches this counter tick as they teach the agent their preferences. (v0.4.0)
+- ~:foveal-id~ = the current foveal focus from the signal context — enables the TUI's focus map status line. (v0.4.0)
+- ~:gate-trace~ — already attached by ~cognitive-verify~, flows through the action plist unchanged. (v0.4.0)
+
+v0.8.0 adds four sidebar fields via ~fboundp~ guards — same pattern as
+~core-reason.lisp~'s calls into token-economics, awareness, and time skills.
+Each field degrades gracefully to nil when its source skill is not loaded:
+
+- ~:block-counts~ = ~(dispatcher-block-counts-summary)~ — per-gate block tallies from ~security-dispatcher~. Powers the sidebar's Protection panel.
+- ~:context-usage~ = ~(context-usage-percentage)~ — token budget percentage from ~token-economics~. Powers the sidebar's Context gauge.
+- ~:modified-files~ = ~(tool-modified-files-summary)~ — files modified this turn from ~programming-tools~. Powers the sidebar's Files panel.
+- ~:session-cost~ = ~(cost-session-summary)~ — cumulative cost data from ~cost-tracker~. Powers the sidebar's Cost panel.
+
+The enrichment is added inside the existing ~:tui~ actuator lambda (one block
+after the ~:rule-count~ and ~:foveal-id~ enrichment). No new actuator is
+registered; no new ASDF component is added. The contract is: each field
+arrives via ~fboundp~ guard and is silently nil when unavailable.
+
+** Action Dispatch (action-dispatch)
+
+Routes an approved action to its registered actuator. The target is resolved in priority order:
+
+1. The explicit ~:target~ field on the action
+2. The source of the original signal (reply to the sender)
+3. The default actuator (~:cli~)
+
+Heartbeats are silently dropped here — they should never generate an actuation.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun action-dispatch (action context)
+  "Route an approved action to its registered actuator."
+  (let ((payload (proto-get action :payload)))
+    (when (eq (proto-get payload :sensor) :heartbeat)
+      (return-from action-dispatch nil))
+
+    (when (and action (listp action))
+      (let* ((meta (proto-get context :meta))
+             (source (proto-get meta :source))
+             (raw-target (or (proto-get action :target) source *actuator-default*))
+             (target (intern (string-upcase (string raw-target)) :keyword))
+             ;; If target is :SYSTEM and we have a live reply-stream, route to :TUI instead
+             (actual-target (if (and (eq target :system)
+                                     (getf meta :reply-stream)
+                                     (ignore-errors (open-stream-p (getf meta :reply-stream))))
+                               :tui
+                               target))
+             (actuator-fn (gethash actual-target *actuator-registry*)))
+        (when (and meta (null (getf action :meta)))
+          (setf (getf action :meta) meta))
+        (if actuator-fn
+            (funcall actuator-fn action context)
+            (log-message "ACT ERROR: No actuator registered for '~s'" actual-target))))))
+#+end_src
+
+** System Actuator (action-system-execute)
+
+Handles internal harness commands: ~:eval~ (execute arbitrary Lisp) and ~:message~ (log to the harness log). This is how the deterministic engine communicates results back to the user.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun action-system-execute (action context)
+  "Execute internal harness commands."
+  (declare (ignore context))
+  (let* ((payload (getf action :payload))
+         (cmd (getf payload :action)))
+    (case cmd
+      (:eval
+       (eval (let ((*read-eval* nil)) (read-from-string (getf payload :code)))))
+      (:message
+       (log-message "ACT [System]: ~a" (getf payload :text)))
+      (t
+       (log-message "ACT ERROR [System]: Unknown command '~s'" cmd)))))
+#+end_src
+
+** Tool Actuator (action-tool-execute)
+
+Executes a registered cognitive tool. Cognitive tools are registered via ~def-cognitive-tool~ in the package.lisp and are the primary way the LLM interacts with the outside world.
+
+The function handles:
+- Tool dispatch by name (case-insensitive lookup)
+- Argument normalization (if the arguments are nested in a list, they're flattened)
+- Result formatting (structured results are sent back to the source)
+- Error handling (tool errors produce ~:tool-error~ events, not crashes)
+
+The tool's return value is packed into a ~:tool-output~ event and fed back into the pipeline, where it becomes the next perception. This is how the agent "sees" the result of its actions.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun action-tool-execute (action context)
+  "Execute a registered cognitive tool."
+  (let* ((payload (getf action :payload))
+         (tool-name (getf payload :tool))
+         (tool-args (getf payload :args))
+         (depth (getf context :depth 0))
+         (meta (getf context :meta))
+         (source (getf meta :source))
+         (tool (gethash (string-downcase (string tool-name)) *cognitive-tool-registry*)))
+    ;; v0.7.2: snapshot before destructive tool execution
+    (when (and tool (not (cognitive-tool-read-only-p tool)))
+      (undo-snapshot))
+    (if tool
+        (handler-case
+            (let* ((clean-args (if (and (listp tool-args) (listp (car tool-args))) (car tool-args) tool-args))
+                   (is-read-only (cognitive-tool-read-only-p tool))
+                   (cache-key (when is-read-only (tool-cache-key tool-name clean-args)))
+                   (cached (when cache-key (gethash cache-key *tool-cache*)))
+                   (raw-result (if cached
+                                   (progn (log-message "TOOL-CACHE: hit for ~a" tool-name) cached)
+                                   (let* ((res (call-with-tool-timeout tool-name
+                                                (lambda () (funcall (cognitive-tool-body tool) clean-args)))))
+                                     (when (and is-read-only cache-key)
+                                       (setf (gethash cache-key *tool-cache*) res))
+                                     res))))
+              ;; Timeout: propagate error
+              (when (and (listp raw-result) (eq (getf raw-result :status) :error))
+                (return-from action-tool-execute
+                  (list :TYPE :EVENT :DEPTH (1+ depth) :META meta
+                        :PAYLOAD (list :SENSOR :tool-error :TOOL tool-name
+                                      :MESSAGE (getf raw-result :message)))))
+              (when source
+                (action-dispatch (list :TYPE :REQUEST :TARGET source 
+                                       :PAYLOAD (list :ACTION :MESSAGE :TEXT (tool-result-format tool-name raw-result)))
+                                context))
+              (list :TYPE :EVENT :DEPTH (1+ depth) :META meta
+                    :PAYLOAD (list :SENSOR :tool-output :RESULT raw-result :TOOL tool-name)))
+          (error (c)
+            (list :TYPE :EVENT :DEPTH (1+ depth) :META meta
+                  :PAYLOAD (list :SENSOR :tool-error :TOOL tool-name :MESSAGE (format nil "~a" c)))))
+        (list :TYPE :EVENT :DEPTH (1+ depth) :META meta
+               :PAYLOAD (list :SENSOR :tool-error :MESSAGE (format nil "Tool '~a' not found" tool-name))))))
+#+end_src
+
+** v0.7.2 — Tool Execution Hardening
+#+begin_src lisp
+(defvar *tool-timeouts* (make-hash-table :test 'equal)
+  "Per-tool timeout in seconds. Default 120s.")
+
+;; Defaults: shell=300s, search-files=30s, eval-form=10s
+(setf (gethash "shell" *tool-timeouts*) 300)
+(setf (gethash "search-files" *tool-timeouts*) 30)
+(setf (gethash "eval-form" *tool-timeouts*) 10)
+
+(defun tool-timeout (tool-name)
+  "Return timeout for tool-name, default 120 seconds."
+  (gethash (string-downcase (string tool-name)) *tool-timeouts* 120))
+
+(defun call-with-tool-timeout (tool-name fn)
+  "Execute FN within the timeout for TOOL-NAME.
+On timeout, returns (:status :error :message ...)."
+  (let ((timeout (tool-timeout tool-name)))
+    (handler-case
+        (sb-ext:with-timeout timeout
+          (funcall fn))
+      (sb-ext:timeout (c)
+        (declare (ignore c))
+        (list :status :error :message
+              (format nil "Timed out after ~a second~:p" timeout))))))
+
+(defun verify-write (filepath expected-content)
+  "Verify that FILEPATH contains EXPECTED-CONTENT after write.
+Returns T on match, logs and returns NIL on mismatch or read error."
+  (handler-case
+      (let ((actual (uiop:read-file-string filepath)))
+        (if (string= expected-content actual)
+            t
+            (progn
+              (log-message "WRITE-VERIFY: Mismatch in ~a" filepath)
+              nil)))
+    (error (c)
+      (log-message "WRITE-VERIFY: Cannot read ~a: ~a" filepath c)
+      nil)))
+
+;; v0.7.2: read-only tool response cache
+(defvar *tool-cache* (make-hash-table :test 'equal)
+  "Cache for read-only tool results. Key: tool-name$sxhash-args. Cleared per session.")
+
+(defun tool-cache-key (tool-name args)
+  "Build a cache key from TOOL-NAME and ARGS."
+  (format nil "~a$~a" (string-downcase (string tool-name)) (sxhash args)))
+
+(defun tool-cache-clear ()
+  "Clear the read-only tool response cache."
+  (clrhash *tool-cache*))
+#+end_src
+
+** Tool Result Formatting (tool-result-format)
+
+Converts a tool's return value into a human-readable string for display to the user. Handles structured results (plists with ~:status~, ~:content~, ~:message~) and plain values.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun tool-result-format (tool-name result)
+  "Format a tool result for display."
+  (if (listp result)
+      (let ((status (getf result :status))
+            (content (getf result :content))
+            (msg (getf result :message)))
+        (cond
+          ((and (eq status :success) content) (format nil "~a" content))
+          ((and (eq status :error) msg) (format nil "ERROR [~a]: ~a" tool-name msg))
+          (t (format nil "TOOL [~a] RESULT: ~s" tool-name result))))
+      (format nil "TOOL [~a] RESULT: ~a" tool-name result)))
+#+end_src
+
+** Act Gate (Stage 3)
+
+The final stage of the metabolic pipeline. It receives a signal that has been reasoned (has an ~:approved-action~) and dispatches it.
+
+The gate runs a last-mile deterministic check on the approved action before execution. This catches any issues introduced during pipeline processing (e.g., metadata added by Perceive that changes the action's format).
+
+After dispatch, the gate captures any feedback produced by the actuation (tool output, error events) and returns it to the loop for the next cognitive cycle.
+
+*** loop-gate-act
+
+The main act pipeline stage.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun loop-gate-act (signal)
+  "Final stage of the metabolic pipeline: Actuation.
+For approval-required actions, creates a Flight Plan instead of executing."
+  (let* ((approved (getf signal :approved-action))
+         (signal-status (getf signal :status))
+         (type (getf signal :type))
+         (meta (getf signal :meta))
+         (source (getf meta :source))
+         (feedback nil))
+    ;; HITL: if the approved action requires human approval,
+    ;; create a Flight Plan (Emacs) and HITL entry (all gateways).
+    (when (and approved
+               (eq (getf approved :level) :approval-required))
+      (let* ((payload (getf approved :payload))
+             (blocked-action (getf payload :action))
+             (hitl (hitl-create blocked-action)))
+        (log-message "ACT: Action requires approval — creating Flight Plan + HITL (~a)" (getf hitl :token))
+        (dispatcher-flight-plan-create blocked-action)
+        (setf (getf signal :status) :suspended)
+        (action-dispatch (list :target source
+                               :payload (list :text (getf hitl :message)))
+                         signal)
+        (setf approved nil)
+        (setf feedback nil)))
+    (when approved
+      (let* ((original-type (getf approved :type))
+             (verified (cognitive-verify approved signal)))
+        (if (and (listp verified) (member (getf verified :type) '(:LOG :EVENT))
+                 (not (eq (getf verified :level) :approval-required))
+                 (not (member original-type '(:LOG :EVENT))))
+            (progn
+              (log-message "ACT BLOCKED: Action failed last-mile deterministic check.")
+              (setf (getf signal :approved-action) nil)
+              (setf feedback verified))
+            (progn
+              (setf (getf signal :approved-action) verified)
+              (setf approved verified)))))
+
+    (case type
+      (:REQUEST (action-dispatch signal signal))
+      (:LOG (action-dispatch signal signal))
+      (:EVENT
+       (if approved
+           (let* ((target (getf approved :target))
+                  (result (action-dispatch approved signal)))
+             (cond
+               ((and (listp result) (member (getf result :type) '(:EVENT :LOG)))
+                (setf feedback result))
+               ((and result (not (member target *actuator-silent*)))
+                (setf feedback (list :type :EVENT :depth (1+ (getf signal :depth 0)) :meta meta
+                                    :payload (list :sensor :tool-output :result result :tool approved))))))
+           (when source (action-dispatch signal signal)))))
+    (setf (getf signal :status) :acted)
+    feedback))
+#+end_src
+
+*** act-gate (backward-compatibility alias)
+
+The pipeline gate was originally named ~act-gate~. Code that still
+uses the old name can call this alias. New code should call
+~loop-gate-act~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun act-gate (signal)
+  (loop-gate-act signal))
+#+end_src
+
+* Test Suite
+Verifies that the act gate correctly processes an approved action and sets the signal status to ~:acted~.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-pipeline-act-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:pipeline-act-suite))
+
+(in-package :passepartout-pipeline-act-tests)
+
+(def-suite pipeline-act-suite :description "Test suite for Act pipeline")
+(in-suite pipeline-act-suite)
+
+(test test-loop-gate-act-basic
+  "Contract 1: approved action reaches :acted status via loop-gate-act."
+  (clrhash passepartout::*skill-registry*)
+  (let* ((signal (list :type :EVENT :status nil :depth 0 :approved-action '(:target :cli :payload (:text "Hello"))))
+          (result (loop-gate-act signal)))
+    (is (eq :acted (getf signal :status)))
+    (is (null result))))
+
+(test test-loop-gate-act-no-approved-action
+  "Contract 1: signal with no approved-action still reaches :acted status."
+  (clrhash passepartout::*skill-registry*)
+  (let* ((signal (list :type :EVENT :status nil :depth 0)))
+    (loop-gate-act signal)
+    (is (eq :acted (getf signal :status)))))
+
+(test test-loop-gate-act-last-mile-reject
+  "Contract 1: last-mile cognitive-verify rejection blocks approved-action."
+  (clrhash passepartout::*skill-registry*)
+  (passepartout::defskill :mock-blocker
+    :priority 50
+    :trigger (lambda (ctx) (declare (ignore ctx)) t)
+    :deterministic (lambda (action ctx)
+                    (declare (ignore ctx action))
+                    (list :type :LOG :payload (list :text "Last-mile block"))))
+  (let* ((signal (list :type :EVENT :status nil :depth 0
+                        :approved-action '(:type :REQUEST :target :cli :payload (:text "blocked")))))
+    (loop-gate-act signal)
+    (is (eq :acted (getf signal :status)))
+    (is (null (getf signal :approved-action)))))
+
+(test test-loop-gate-act-preserves-meta
+  "Contract 1: signal metadata is not mutated by loop-gate-act."
+  (clrhash passepartout::*skill-registry*)
+  (let* ((meta '(:source :tui :session "s1"))
+         (signal (list :type :EVENT :status nil :depth 0 :meta meta
+                        :approved-action '(:target :cli :payload (:text "test")))))
+    (loop-gate-act signal)
+    (is (equal meta (getf signal :meta)))))
+
+(test test-action-dispatch-routes
+  "Contract 3: action-dispatch routes to registered actuators without crashing."
+  (actuator-initialize)
+  (let ((result (action-dispatch '(:type :REQUEST :target :system :payload (:action :eval :code "(+ 1 2)"))
+                                  '(:type :EVENT :depth 0))))
+    (is (numberp result) "eval should return a number")))
+
+(test test-tool-timeout-shell
+  "Contract v0.7.2: shell timeout is 300 seconds."
+  (is (= 300 (passepartout::tool-timeout "shell"))))
+
+(test test-tool-timeout-unknown
+  "Contract v0.7.2: unknown tool gets default 120s."
+  (is (= 120 (passepartout::tool-timeout "nonexistent-tool"))))
+
+(test test-verify-write-match
+  "Contract v0.7.2: verify-write returns T on match."
+  (let ((path "/tmp/passepartout-verify-test.org")
+        (content "test content"))
+    (with-open-file (f path :direction :output :if-exists :supersede)
+      (write-string content f))
+    (unwind-protect
+         (is (passepartout::verify-write path content))
+      (ignore-errors (delete-file path)))))
+
+(test test-tool-timeout-enforcement
+  "Contract v0.7.2: tool exceeding timeout returns :error with timeout message."
+  (setf (gethash "sleep-forever" passepartout::*tool-timeouts*) 1)
+  (setf (gethash "sleep-forever" passepartout::*cognitive-tool-registry*)
+        (passepartout::make-cognitive-tool :name "sleep-forever"
+                                          :read-only-p nil
+                                          :body (lambda (args)
+                                                  (declare (ignore args))
+                                                  (sleep 10)
+                                                  "done")))
+  (unwind-protect
+       (let* ((action '(:type :REQUEST :payload (:tool "sleep-forever" :args nil)))
+              (ctx '(:depth 0))
+              (result (passepartout::action-tool-execute action ctx)))
+         (is (eq :EVENT (getf result :TYPE)))
+         (let ((payload (getf result :PAYLOAD)))
+           (is (eq :tool-error (getf payload :SENSOR)))
+           (is (search "timed out" (string-downcase (getf payload :MESSAGE))))))
+    (remhash "sleep-forever" passepartout::*cognitive-tool-registry*)
+    (remhash "sleep-forever" passepartout::*tool-timeouts*)))
+
+(test test-tool-cache-read-only
+  "Contract v0.7.2: read-only tool results are cached and reused."
+  (let ((call-count 0))
+    (setf (gethash "cache-test" passepartout::*cognitive-tool-registry*)
+          (passepartout::make-cognitive-tool :name "cache-test"
+                                            :read-only-p t
+                                            :body (lambda (args)
+                                                    (declare (ignore args))
+                                                    (incf call-count)
+                                                    (list :status :success :content (format nil "call ~d" call-count)))))
+    (unwind-protect
+         (progn
+           (clrhash passepartout::*tool-cache*)
+           (let* ((action '(:type :REQUEST :payload (:tool "cache-test" :args nil)))
+                  (ctx '(:depth 0))
+                  (r1 (passepartout::action-tool-execute action ctx))
+                  (r2 (passepartout::action-tool-execute action ctx)))
+             (is (= 1 call-count) "Second call should hit cache, not re-execute")
+             (let ((p1 (getf r1 :PAYLOAD))
+                   (p2 (getf r2 :PAYLOAD)))
+               (is (string= (getf (getf p1 :RESULT) :CONTENT)
+                            (getf (getf p2 :RESULT) :CONTENT))))))
+      (remhash "cache-test" passepartout::*cognitive-tool-registry*)
+      (clrhash passepartout::*tool-cache*))))
+#+end_src
--- a/org/core-manifest.org
+++ b/org/core-manifest.org
@@ -0,0 +1,55 @@
+#+TITLE: System Manifest (manifest.org)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:manifest:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/passepartout.asd
+
+* Overview: Architectural Intent
+
+The Manifest is the ASDF system definition for Passepartout. It defines what files belong to the harness, which external libraries are required, and how the test infrastructure is organized.
+
+The ~passepartout.asd~ file tangled from this manifest is what ~ql:quickload :passepartout~ reads to load the system. The files are loaded in the order listed here — dependencies first, then each pipeline stage in order.
+
+* Implementation
+
+** Main System
+
+The core system. The combined ~:depends-on~ list pulls in every external library the agent needs: networking (usocket, dexador, hunchentoot), concurrency (bordeaux-threads), utilities (uiop, cl-ppcre, cl-json, str), security (ironclad), and configuration (cl-dotenv, uuid).
+
+Components are loaded in sequence (~:serial t~): package first (defines the public API), then skills (does the defskill macro), then communication (defines the protocol), then memory (defines org-object), then context (defines peripheral vision), then each pipeline stage in order (perceive, reason, act), then doctor (diagnostics), then loop (orchestration).
+
+#+begin_src lisp
+(defsystem :passepartout
+  :name "Passepartout"
+  :author "Amr Gharbeia"
+  :version "0.4.3"
+  :license "AGPLv3"
+  :description "The Probabilistic-Deterministic Lisp Machine"
+  :depends-on (:usocket :bordeaux-threads :dexador :uiop :cl-dotenv :cl-ppcre :hunchentoot :ironclad :str :cl-json :uuid)
+  :serial t
+  :components ((:file "lisp/core-package")
+               (:file "lisp/core-skills")
+               (:file "lisp/core-transport")
+               (:file "lisp/core-memory")
+               (:file "lisp/core-perceive")
+               (:file "lisp/core-reason")
+               (:file "lisp/core-act")
+               (:file "lisp/core-pipeline")))
+#+end_src
+
+** Test System
+
+Tests are embedded directly in each module's source file — see the `* Test Suite` section at the end of each `.org` file. No separate test system is needed.
+
+** TUI System
+
+The TUI is a standalone system that depends on cl-tty (pure CL terminal UI) in addition to the core system. It's loaded separately because it requires a terminal and is not needed for daemon-mode operation.
+
+#+begin_src lisp
+(defsystem :passepartout/tui
+  :depends-on (:passepartout :cl-tty :usocket :bordeaux-threads)
+  :serial t
+  :components ((:file "lisp/channel-tui-state")
+               (:file "lisp/channel-tui-view")
+               (:file "lisp/channel-tui-main")))
+#+end_src
--- a/org/core-memory.org
+++ b/org/core-memory.org
@@ -0,0 +1,568 @@
+#+TITLE: The System Memory (memory.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:memory:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-memory.lisp
+
+* Overview: Architectural Intent
+
+The Memory module is the cognitive bedrock of Passepartout. It is not a database; it is the agent's live, active brain state. Every perception, every action, every decision is recorded here.
+
+Traditional architectures rely on external databases (SQLite, vector DBs, JSON files) which introduce I/O latency, structural impedance, and serialization overhead. Passepartout chooses a different path: the **Single Address Space**. By treating the entire knowledge base as a graph of Lisp pointers in RAM, we achieve microsecond recollection and total structural transparency.
+
+The memory system has three layers:
+1. **Active memory** (~*memory-store*~) — a hash table mapping IDs to ~memory-object~ instances. This is what the agent queries during reasoning.
+2. **Immutable history** (~*memory-history*~) — an append-only hash table keyed by SHA-256 Merkle hash. Every version of every object that has ever existed is preserved here.
+3. **Snapshot stack** (~*memory-snapshots*~) — point-in-time copies of active memory for rollback recovery. Up to 20 snapshots are retained.
+
+** Why Merkle Hashes?
+
+Every ~memory-object~ carries a ~hash~ field computed from its ID, type, attributes, content, and children. This hash is deterministic: the same data always produces the same hash.
+
+The hash serves three purposes:
+1. **Integrity verification** — detect corruption or tampering
+2. **Deduplication** — if an object already exists in history, we reuse the existing entry
+3. **Change detection** — compare hashes to find what changed between snapshots
+
+** Why Snapshots Instead of Git?
+
+Git tracks changes to files. Passepartout tracks changes to live memory state. The snapshot system captures the entire active memory at a point in time, enabling full rollback to any previous state. This is necessary because:
+
+1. The agent modifies memory continuously (learning, noting, deciding) — there's no discrete "commit" boundary
+2. Memory corruption from a bad LLM output can affect multiple objects — snapshot rollback restores all of them atomically
+3. Git can't snapshot the running Lisp image's hash tables
+
+The tradeoff is memory usage: each snapshot is a deep copy of every object in active memory. 20 snapshots means 20x the active memory size. For a typical knowledge base of 10,000 objects, this is manageable (~100MB for 20 snapshots).
+
+** Contract
+
+1. (ingest-ast ast &key scope): stores AST nodes in ~*memory-store*~.
+   Detaches children, gives each an ID, computes Merkle hash, and
+   populates the ~:vector~ slot via ~embeddings-compute~. Returns the
+   root ID string.
+2. (memory-object-hash object): returns the SHA-256 Merkle hash of the
+   object's content. Hash is deterministic — same content → same hash.
+3. (memory-object-get id): retrieves a stored object by ID, or nil.
+4. (snapshot-memory): deep-copies ~*memory-store*~ to ~*memory-snapshots*~.
+5. (rollback-memory snap-index): restores ~*memory-store*~ from a snapshot.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** The Object Store
+
+~*memory-store*~ holds the agent's current state. ~*memory-history*~ holds every past version, keyed by Merkle hash.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *memory-store* (make-hash-table :test 'equal))
+#+end_src
+** *memory-history*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *memory-history* (make-hash-table :test 'equal)
+  "Immutable Merkle-Tree versioning store mapping hashes to objects.")
+#+end_src
+#+end_src
+
+** Object Lookup (memory-object-get)
+
+Retrieve a single object by its ID from active memory. Returns nil if the ID doesn't exist.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-object-get (id)
+  "Retrieves an memory-object by ID from *memory-store*."
+  (gethash id *memory-store*))
+#+end_src
+
+** Object Search by Attribute (memory-objects-by-attribute)
+
+Scan the entire active memory for objects whose attributes plist contains a specific key-value pair. For example, finding all objects with ~:TODO "APPROVED"~ (used by the Dispatcher to find approved flight plans).
+
+This is a full scan — O(n) over all objects. For the typical knowledge base size (< 10,000 objects), this is microsecond-fast. For larger datasets, a proper index would be needed.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-objects-by-attribute (attr value)
+  "Returns all memory-objects whose :ATTRIBUTES plist has ATTR = VALUE."
+  (let ((results nil))
+    (maphash (lambda (id obj)
+               (declare (ignore id))
+               (when (equal (getf (memory-object-attributes obj) attr) value)
+                 (push obj results)))
+             *memory-store*)
+    (nreverse results)))
+#+end_src
+
+** ID Generation (memory-id-generate)
+
+Generates a unique identifier string for a new Org node. Uses the universal time encoded in base-36 for compactness and monotonic ordering (later IDs sort after earlier ones).
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-id-generate ()
+  "Generates a UUIDv4 unique ID. Compatible with Agora Note UUIDs."
+  (concatenate 'string "id-" (string-downcase (format nil "~a" (uuid:make-v4-uuid)))))
+#+end_src
+
+** The Data Structure (memory-object)
+
+The universal data unit. Every stored entity — a note, a task, a project, a person, a decision — is an ~memory-object~. The struct has:
+
+- ~id~ — unique identifier (string)
+- ~type~ — keyword (e.g., ~:HEADLINE~, ~:PROPERTY_DRAWER~)
+- ~attributes~ — property list (e.g., ~(:TITLE "My Note" :TAGS ("project") :TODO "NEXT")~)
+- ~content~ — raw text content
+- ~vector~ — optional embedding vector for semantic search
+- ~parent-id~ — ID of the parent object (for tree structure)
+- ~children~ — list of child IDs
+- ~version~ — Unix timestamp of last modification
+- ~last-sync~ — Unix timestamp of last sync to disk
+- ~hash~ — SHA-256 Merkle hash for integrity verification
+- ~scope~ — scope keyword (:memex/:session/:project) for context-aware retrieval
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defstruct memory-object
+  id type attributes content vector parent-id children version last-sync hash scope)
+#+end_src
+
+** Serialization Support
+
+Required by the Lisp runtime for saving/loading objects across image restarts via ~make-load-form-saving-slots~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defmethod make-load-form ((obj memory-object) &optional env)
+  (make-load-form-saving-slots obj :environment env))
+#+end_src
+
+** Deep Copy
+
+Creates an independent copy of an ~memory-object~, including fresh lists for attributes and children. Used by the snapshot system to capture a consistent memory state.
+
+Without deep copy, a snapshot would share structure with the live memory — mutating the live memory would also mutate the snapshot, defeating the purpose of having a recovery point.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun deep-copy-memory-object (obj)
+  "Creates a full copy of an memory-object, including fresh lists for attributes and children."
+  (make-memory-object :id (memory-object-id obj)
+                  :type (memory-object-type obj)
+                  :attributes (copy-list (memory-object-attributes obj))
+                  :content (memory-object-content obj)
+                  :vector (memory-object-vector obj)
+                  :parent-id (memory-object-parent-id obj)
+                  :children (copy-list (memory-object-children obj))
+                  :version (memory-object-version obj)
+                  :last-sync (memory-object-last-sync obj)
+                  :hash (memory-object-hash obj)
+                  :scope (memory-object-scope obj)))
+#+end_src
+
+** Merkle Tree Integrity (memory-merkle-hash)
+
+Computes a deterministic SHA-256 hash from an object's identity and contents. The hash covers:
+- The object's ID and type
+- All attributes (sorted by key name for determinism)
+- The raw content text
+- The hashes of all children (making the hash a true Merkle tree — changing a descendant changes this hash)
+
+This is NOT a cryptographic signature — it's an integrity check. If any part of an object or its descendants changes, the hash changes.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-merkle-hash (id type attributes content child-hashes)
+  (let* ((alist (loop for (k v) on attributes by #'cddr collect (cons k v)))
+         (sorted-alist (sort alist #'string< :key (lambda (x) (format nil "~a" (car x)))))
+         (attr-string (format nil "~s" sorted-alist))
+         (children-string (format nil "~{~a~}" child-hashes))
+         (data-string (format nil "ID:~a|TYPE:~s|ATTRS:~a|CONTENT:~a|CHILDREN:~a"
+                               id type attr-string (or content "") children-string))
+         (digester (ironclad:make-digest :sha256)))
+    (ironclad:update-digest digester (ironclad:ascii-string-to-byte-array data-string))
+    (ironclad:byte-array-to-hex-string (ironclad:produce-digest digester))))
+#+end_src
+
+** AST Ingestion (memory-ingest)
+
+The primary entry point for adding data to memory. Given an Org-mode AST (a tree of plists representing headlines and their contents), it recursively:
+
+1. Generates or assigns an ID to each node
+2. Computes the Merkle hash of each node
+3. Checks if the hash already exists in ~*memory-history*~ (deduplication)
+4. Stores the node in ~*memory-store*~ and ~*memory-history*~
+5. Links children to parents
+
+Returns the ID of the root node.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun ingest-ast (ast &key parent-id (scope :memex))
+  (let* ((type (getf ast :type))
+         (props (getf ast :properties))
+         (id (or (getf props :ID) (format nil "temp-~a" (get-universal-time))))
+         (contents (getf ast :contents))
+         (raw-content (when (eq type :HEADLINE)
+                        (format nil "~a~%~a" (getf props :TITLE) (or (getf ast :raw-content) ""))))
+         (child-ids nil) (child-hashes nil))
+    (dolist (child contents)
+      (when (listp child)
+        (let ((child-id (ingest-ast child :parent-id id :scope scope)))
+          (push child-id child-ids)
+          (let ((child-obj (gethash child-id *memory-store*)))
+            (when child-obj (push (memory-object-hash child-obj) child-hashes))))))
+    (setf child-ids (nreverse child-ids))
+    (setf child-hashes (nreverse child-hashes))
+    (let* ((hash (memory-merkle-hash id type props raw-content child-hashes))
+           (existing-obj (gethash hash *memory-history*))
+           (obj (or existing-obj
+                    (make-memory-object 
+                     :id id :type type :attributes props :content raw-content
+                     :parent-id parent-id :children child-ids
+                     :version (get-universal-time) :last-sync (get-universal-time)
+                     :hash hash :scope scope))))
+      (unless existing-obj (setf (gethash hash *memory-history*) obj))
+      (setf (gethash id *memory-store*) obj)
+      ;; Populate embedding vector for new objects
+      (when (and raw-content (not existing-obj) (not (memory-object-vector obj)))
+        (handler-case
+            (setf (memory-object-vector obj)
+                  (embeddings-compute raw-content))
+          (error (c)
+            (log-message "INGEST: Embedding deferred: ~a" c))))
+      id)))
+#+end_src
+
+** Snapshot History (~*memory-snapshots*~)
+
+A stack of CoW (copy-on-write) snapshots for rollback. When a critical error occurs, the system can roll back to any of the last 20 snapshots. Newer snapshots are prepended (index 0 = most recent).
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *memory-snapshots* nil)
+#+end_src
+
+** Hash Table Copy Utility
+
+Creates a fully independent copy of a hash table. Used by the rollback system to restore saved memory state from a snapshot.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-hash-table-copy (hash-table)
+  "Creates an independent copy of a hash table."
+  (let ((new-table (make-hash-table :test (hash-table-test hash-table) 
+                                     :size (hash-table-size hash-table))))
+    (maphash (lambda (k v) (setf (gethash k new-table) v)) hash-table)
+    new-table))
+#+end_src
+
+** Memory Snapshot (memory-snapshot)
+
+Captures a point-in-time copy of ~*memory-store*~. Each object is deep-copied so the snapshot is independent of ongoing mutations. The snapshot is prepended to the snapshot stack, and the stack is trimmed to 20 entries.
+
+Called automatically before significant memory mutations (buffer updates from Emacs, AST ingestion). Also callable manually.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun snapshot-memory ()
+  "Creates a CoW snapshot of *memory-store* for rollback recovery."
+  (let ((snapshot (make-hash-table :test 'equal :size (hash-table-size *memory-store*))))
+    (maphash (lambda (k v) (setf (gethash k snapshot) (deep-copy-memory-object v))) *memory-store*)
+    (push (list :timestamp (get-universal-time) :data snapshot) *memory-snapshots*)
+    (when (> (length *memory-snapshots*) 20)
+      (setf *memory-snapshots* (subseq *memory-snapshots* 0 20)))
+    (log-message "MEMORY - CoW Memory snapshot created.")))
+#+end_src
+
+** Memory Rollback (memory-rollback)
+
+Restores ~*memory-store*~ to a previous snapshot. By default restores the most recent snapshot (index 0). Can specify a specific index to roll back further.
+
+This is the immune system's last resort. When the metabolic loop catches an unhandled error, it calls ~(rollback-memory 0)~ to undo any memory mutations caused by the bad signal.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun rollback-memory (&optional (index 0))
+  "Restores *memory-store* from a snapshot. INDEX 0 = most recent."
+  (let ((snapshot (nth index *memory-snapshots*)))
+    (if snapshot
+        (progn (setf *memory-store* (memory-hash-table-copy (getf snapshot :data)))
+               (log-message "MEMORY - Memory rolled back to snapshot ~a" index))
+        (log-message "MEMORY ERROR - Snapshot ~a not found." index))))
+#+end_src
+
+** Persistence — Snapshot Path (~*memory-snapshot-path*~)
+
+Configurable path for serialized memory state. Falls back to ~memory.snap~ in the home directory. Can be overridden via ~MEMORY_SNAPSHOT_PATH~ env var.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *memory-snapshot-path* nil)
+
+#+end_src
+** memory-snapshot-path-ensure
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun memory-snapshot-path-ensure ()
+  "Returns the path to the memory snapshot file, resolving env or default."
+  (or *memory-snapshot-path*
+      (let ((env-path (uiop:getenv "MEMORY_SNAPSHOT_PATH")))
+        (setf *memory-snapshot-path*
+              (or env-path (namestring (uiop:merge-pathnames* "memory.snap" (user-homedir-pathname))))))))
+#+end_src
+#+end_src
+
+** Save to Disk (memory-save)
+
+Serialises both ~*memory-store*~ and ~*memory-history*~ to a Lisp-readable file. The format is a plist with ~:memory~ and ~:history-store~ keys, each containing an alist of (key . object) pairs.
+
+The serialization uses ~prin1~, which produces human-readable Lisp output. The file can be read with ~read~ on restart.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun save-memory-to-disk ()
+  "Writes the entire memory and history store to disk as a plist."
+  (let ((path (memory-snapshot-path-ensure)))
+    (with-open-file (stream path :direction :output :if-exists :supersede :if-does-not-exist :create)
+      (let ((memory-alist nil) (history-alist nil))
+        (maphash (lambda (k v) (push (cons k v) memory-alist)) *memory-store*)
+        (maphash (lambda (k v) (push (cons k v) history-alist)) *memory-history*)
+        (prin1 (list :memory memory-alist :history-store history-alist) stream)))
+    (log-message "MEMORY - Saved to ~a" path)))
+#+end_src
+
+** Load from Disk (memory-load)
+
+Restores memory state from a previously saved snapshot file. Called during boot (~main~ in ~loop.org~). If no snapshot file exists, the function returns silently and the agent starts with empty memory.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun load-memory-from-disk ()
+  "Reads memory state from disk and restores *memory-store* and *memory-history*."
+  (let ((path (memory-snapshot-path-ensure)))
+    (when (uiop:file-exists-p path)
+      (handler-case
+          (with-open-file (stream path :direction :input)
+            (let ((data (let ((*read-eval* nil)) (read stream nil))))
+              (when data
+                (let ((memory-alist (getf data :memory)) (history-alist (getf data :history-store)))
+                  (setf *memory-store* (make-hash-table :test 'equal :size (length memory-alist)))
+                  (dolist (kv memory-alist) (setf (gethash (car kv) *memory-store*) (cdr kv)))
+                  (setf *memory-history* (make-hash-table :test 'equal :size (length history-alist)))
+                  (dolist (kv history-alist) (setf (gethash (car kv) *memory-history*) (cdr kv)))
+                  (log-message "MEMORY - Loaded from ~a (~a objects)" path (hash-table-size *memory-store*))))))
+          (error (c) (log-message "MEMORY WARNING - Failed to load snapshot: ~a" c)))))
+  t)
+
+;; v0.7.2 — Undo/Redo
+(defvar *undo-stack* nil
+  "Ring buffer of pre-operation memory snapshots. Newest first, max 20.")
+(defvar *redo-stack* nil
+  "Stack of snapshots saved during undo for redo. Max 20.")
+
+(defun undo-snapshot ()
+  "Save current memory state to the undo stack."
+  (let ((snap (list :timestamp (get-universal-time)
+                    :data (memory-hash-table-copy *memory-store*))))
+    (push snap *undo-stack*)
+    (when (> (length *undo-stack*) 20)
+      (setf *undo-stack* (subseq *undo-stack* 0 20)))))
+
+(defun undo (&optional source)
+  "Restore memory to the most recent undo snapshot. Returns T on success, NIL if stack empty."
+  (declare (ignore source))
+  (if *undo-stack*
+      (let ((snap (pop *undo-stack*)))
+        (push (list :timestamp (get-universal-time)
+                    :data (memory-hash-table-copy *memory-store*))
+              *redo-stack*)
+        (when (> (length *redo-stack*) 20)
+          (setf *redo-stack* (subseq *redo-stack* 0 20)))
+        (setf *memory-store* (memory-hash-table-copy (getf snap :data)))
+        (log-message "UNDO: Memory restored to snapshot ~a" (getf snap :timestamp))
+        t)
+      (progn (log-message "UNDO: No snapshots to undo") nil)))
+
+(defun redo (&optional source)
+  "Restore memory to the most recent redo snapshot. Returns T on success, NIL if stack empty."
+  (declare (ignore source))
+  (if *redo-stack*
+      (let ((snap (pop *redo-stack*)))
+        (push (list :timestamp (get-universal-time)
+                    :data (memory-hash-table-copy *memory-store*))
+              *undo-stack*)
+        (when (> (length *undo-stack*) 20)
+          (setf *undo-stack* (subseq *undo-stack* 0 20)))
+        (setf *memory-store* (memory-hash-table-copy (getf snap :data)))
+        (log-message "REDO: Memory restored to snapshot ~a" (getf snap :timestamp))
+        t)
+      (progn (log-message "REDO: No snapshots to redo") nil)))
+#+end_src
+
+** Merkle Audit
+#+begin_src lisp
+(defun audit-node (node-id)
+  "Return audit info for a memory object by ID."
+  (let ((obj (memory-object-get node-id)))
+    (when obj
+      (list :id node-id :type (memory-object-type obj)
+            :version (memory-object-version obj)
+            :hash (or (memory-object-hash obj) "(none)")
+            :scope (memory-object-scope obj)))))
+
+(defun audit-verify-hash ()
+  "Count memory objects and report any with missing/empty hashes.
+Returns (total . missing-hashes)."
+  (let ((total 0) (missing 0))
+    (maphash (lambda (id obj)
+               (declare (ignore id))
+               (when obj
+                 (incf total)
+                 (let ((h (memory-object-hash obj)))
+                   (when (or (null h) (string= h ""))
+                     (incf missing)))))
+             *memory-store*)
+    (cons total missing)))
+#+end_src
+
+* Test Suite
+Verifies that the Merkle hash is deterministic and consistent across independent AST ingestions.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-memory-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:memory-suite))
+
+(in-package :passepartout-memory-tests)
+
+(def-suite memory-suite :description "Tests for the Merkle-Tree Memory")
+(in-suite memory-suite)
+
+(test merkle-hash-consistency
+  "Contract 2: identical ASTs produce identical Merkle hashes."
+  (let* ((ast1 '(:type :HEADLINE :properties (:ID "test-1" :TITLE "Node 1") :contents nil)))
+    (clrhash passepartout::*memory-store*)
+    (let ((id1 (ingest-ast ast1)))
+      (let ((hash1 (memory-object-hash (memory-object-get id1))))
+        (clrhash passepartout::*memory-store*)
+        (let ((id2 (ingest-ast ast1)))
+          (is (equal hash1 (memory-object-hash (memory-object-get id2)))))))))
+
+(test merkle-hash-different
+  "Contract 2: distinct ASTs produce different Merkle hashes."
+  (clrhash passepartout::*memory-store*)
+  (let* ((ast1 '(:type :HEADLINE :properties (:ID "a" :TITLE "Alpha") :contents nil))
+         (ast2 '(:type :HEADLINE :properties (:ID "b" :TITLE "Beta") :contents nil))
+         (id1 (ingest-ast ast1))
+         (id2 (ingest-ast ast2))
+         (hash1 (memory-object-hash (memory-object-get id1)))
+         (hash2 (memory-object-hash (memory-object-get id2))))
+    (is (not (equal hash1 hash2)))))
+
+(test test-ingest-ast-returns-id
+  "Contract 1: ingest-ast returns a string ID and stores the object."
+  (clrhash passepartout::*memory-store*)
+  (let ((id (ingest-ast '(:type :HEADLINE :properties (:ID "ingest-test" :TITLE "Test Node") :contents nil))))
+    (is (stringp id))
+    (is (not (null id)))))
+
+(test test-memory-object-get
+  "Contract 3: memory-object-get retrieves an object by ID after ingest."
+  (clrhash passepartout::*memory-store*)
+  (let ((id (ingest-ast '(:type :HEADLINE :properties (:ID "get-test" :TITLE "Retrieve Me") :contents nil))))
+    (let ((obj (memory-object-get id)))
+      (is (not (null obj)))
+      (is (eq :HEADLINE (memory-object-type obj)))
+      (is (string= "Retrieve Me" (getf (memory-object-attributes obj) :TITLE))))))
+
+(test test-snapshot-and-rollback
+  "Contract 4+5: snapshot-memory saves state; rollback-memory restores it."
+  (clrhash passepartout::*memory-store*)
+  (setf passepartout::*memory-snapshots* nil)
+  (ingest-ast '(:type :HEADLINE :properties (:ID "snap-a" :TITLE "Pre-snapshot") :contents nil))
+  (snapshot-memory)
+  (clrhash passepartout::*memory-store*)
+  (ingest-ast '(:type :HEADLINE :properties (:ID "snap-b" :TITLE "Post-snapshot") :contents nil))
+  (rollback-memory 0)
+  (is (not (null (memory-object-get "snap-a"))))
+  (is (null (memory-object-get "snap-b"))))
+
+(test test-undo-snapshot-restore
+  "Contract v0.7.2: undo-snapshot captures state, undo restores."
+  (let ((orig-store passepartout::*memory-store*)
+        (orig-undo passepartout::*undo-stack*)
+        (orig-redo passepartout::*redo-stack*))
+    (unwind-protect
+         (progn
+           (setf passepartout::*memory-store* (make-hash-table :test 'equal)
+                 passepartout::*undo-stack* nil
+                 passepartout::*redo-stack* nil)
+           (passepartout::undo-snapshot)
+           (setf (gethash "x" passepartout::*memory-store*) "hello")
+           (is (string= "hello" (gethash "x" passepartout::*memory-store*)))
+           (is (passepartout::undo))
+           (is (null (gethash "x" passepartout::*memory-store*))))
+      (setf passepartout::*memory-store* orig-store
+            passepartout::*undo-stack* orig-undo
+            passepartout::*redo-stack* orig-redo))))
+
+(test test-undo-redo-cycle
+  "Contract v0.7.2: redo restores undone state."
+  (let ((orig-store passepartout::*memory-store*)
+        (orig-undo passepartout::*undo-stack*)
+        (orig-redo passepartout::*redo-stack*))
+    (unwind-protect
+         (progn
+           (setf passepartout::*memory-store* (make-hash-table :test 'equal)
+                 passepartout::*undo-stack* nil
+                 passepartout::*redo-stack* nil)
+           (passepartout::undo-snapshot)
+           (setf (gethash "y" passepartout::*memory-store*) "world")
+           (is (passepartout::undo))
+           (is (null (gethash "y" passepartout::*memory-store*)))
+           (is (passepartout::redo))
+           (is (string= "world" (gethash "y" passepartout::*memory-store*))))
+      (setf passepartout::*memory-store* orig-store
+            passepartout::*undo-stack* orig-undo
+            passepartout::*redo-stack* orig-redo))))
+
+(test test-undo-empty-stack-nil
+  "Contract v0.7.2: undo returns nil on empty stack."
+  (let ((orig-undo passepartout::*undo-stack*))
+    (unwind-protect
+         (progn (setf passepartout::*undo-stack* nil)
+                (is (null (passepartout::undo))))
+      (setf passepartout::*undo-stack* orig-undo))))
+
+(test test-audit-node-found
+  "Contract v0.7.2: audit-node returns info for existing object."
+  (clrhash passepartout::*memory-store*)
+  (setf (gethash "audit-1" passepartout::*memory-store*)
+        (passepartout::make-memory-object :id "audit-1" :type :HEADLINE
+                                         :version 1 :hash "abc123" :scope :memex))
+  (let ((info (passepartout::audit-node "audit-1")))
+    (is (not (null info)))
+    (is (eq :HEADLINE (getf info :type)))
+    (is (string= "abc123" (getf info :hash)))))
+
+(test test-audit-node-not-found
+  "Contract v0.7.2: audit-node returns nil for nonexistent id."
+  (is (null (passepartout::audit-node "nonexistent-xxxx"))))
+
+(test test-audit-verify-hash
+  "Contract v0.7.2: audit-verify-hash returns (total . missing)."
+  (clrhash passepartout::*memory-store*)
+  (setf (gethash "a" passepartout::*memory-store*)
+        (passepartout::make-memory-object :id "a" :type :HEADLINE :hash "abc"))
+  (let ((result (passepartout::audit-verify-hash)))
+    (is (= 1 (car result)))
+    (is (= 0 (cdr result)))))
+#+end_src
--- a/org/core-package.org
+++ b/org/core-package.org
@@ -0,0 +1,380 @@
+#+TITLE: Core: Package Definition (core-package.org)
+#+AUTHOR: Agent
+#+FILETAGS: :passepartout:core:defpackage:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-package.lisp
+
+* Overview: Architectural Intent
+
+~package.lisp~ defines two things: the public API of the ~passepartout~ package (the export list), and the implementation of low-level utility functions and global state that don't belong in a specific pipeline stage or skill.
+
+The export list is the contract between the harness and all skills. Every function exported here is accessible to every skill via ~use-package~. Adding a symbol here is an API commitment; removing one is a breaking change.
+
+The implementation section includes:
+- ~proto-get~ — robust plist accessor used everywhere in the pipeline
+- Logging state (~*log-buffer*~, ~*log-lock*~) — bounded ring buffer for LLM context
+- Skill registry (~*skill-registry*~, ~defskill~) — all loaded skills live here
+- Cognitive tool registry (~*cognitive-tool-registry*~, ~def-cognitive-tool~, ~cognitive-tool-prompt~)
+- Telemetry tracking (~*telemetry-table*~, ~telemetry-track~) — performance metrics per skill
+- Debugger hook — replaces raw SBCL debugger with a friendly error message
+
+* Implementation
+
+** Package Definition and Export List
+The export list is organized by source module so a contributor can find
+where to add new exports:
+
+#+begin_src lisp
+(defpackage :passepartout
+  (:use :cl)
+  (:export
+   ;; ── Core: Transport & Protocol ──
+   #:frame-message
+   #:read-framed-message
+   #:PROTO-GET
+   #:proto-get
+   #:make-hello-message
+   #:validate-communication-protocol-schema
+   #:start-daemon
+   #:register-actuator
+   #:actuator-initialize
+   #:action-dispatch
+
+   ;; ── Core: Pipeline ──
+   #:main
+   #:log-message
+   #:*log-buffer*
+   #:*log-lock*
+   #:process-signal
+   #:loop-process
+   #:perceive-gate
+   #:loop-gate-perceive
+   #:act-gate
+   #:loop-gate-act
+   #:reason-gate
+   #:loop-gate-reason
+   #:cognitive-verify
+   #:backend-cascade-call
+   #:json-alist-to-plist
+   #:stimulus-inject
+   #:register-probabilistic-backend
+   #:*probabilistic-backends*
+   #:*provider-cascade*
+
+   ;; ── Core: Memory ──
+   #:ingest-ast
+   #:memory-object-get
+   #:*memory-store*
+   #:memory-object
+   #:make-memory-object
+   #:memory-object-id
+   #:memory-object-type
+   #:memory-object-attributes
+   #:memory-object-parent-id
+   #:memory-object-children
+   #:memory-object-version
+   #:memory-object-last-sync
+   #:memory-object-vector
+   #:memory-object-content
+   #:memory-object-hash
+   #:memory-object-scope
+   #:memory-objects-by-attribute
+   #:snapshot-memory
+   #:rollback-memory
+   #:undo-snapshot
+   #:undo
+   #:redo
+   #:*undo-stack*
+   #:*redo-stack*
+
+   ;; ── Core: Context & Awareness ──
+   #:context-get-system-logs
+   #:context-assemble-global-awareness
+   #:context-awareness-assemble
+   #:context-query
+   #:push-context
+   #:pop-context
+   #:current-context
+   #:current-scope
+   #:context-stack-depth
+   #:context-save
+   #:context-load
+   #:focus-project
+   #:focus-session
+   #:focus-memex
+   #:unfocus
+   #:*scope-resolver*
+
+   ;; ── Core: Skills Engine ──
+   #:skill
+   #:skill-name
+   #:skill-priority
+   #:skill-dependencies
+   #:skill-trigger-fn
+   #:skill-probabilistic-prompt
+   #:skill-deterministic-fn
+   #:defskill
+   #:*skill-registry*
+   #:skill-initialize-all
+   #:load-skill-from-org
+   #:lisp-syntax-validate
+
+   ;; ── Core: Cognitive Tools ──
+   #:def-cognitive-tool
+   #:*cognitive-tool-registry*
+   #:cognitive-tool
+   #:cognitive-tool-name
+   #:cognitive-tool-description
+   #:cognitive-tool-parameters
+   #:cognitive-tool-guard
+   #:cognitive-tool-body
+   #:tool-read-only-p
+
+   ;; ── Security: Dispatcher ──
+   #:dispatcher-check-secret-path
+   #:dispatcher-check-shell-safety
+   #:dispatcher-check-privacy-tags
+   #:dispatcher-check-network-exfil
+   #:dispatcher-check
+   #:dispatcher-gate
+   #:wildcard-match
+
+   ;; ── Security: HITL ──
+   #:hitl-create
+   #:hitl-approve
+   #:hitl-deny
+   #:hitl-handle-message
+
+   ;; ── Security: Vault & Permissions ──
+   #:*VAULT-MEMORY*
+   #:vault-get
+   #:vault-set
+   #:vault-get-secret
+   #:vault-set-secret
+   #:get-tool-permission
+   #:set-tool-permission
+   #:check-tool-permission-gate
+   #:permission-get
+   #:permission-set
+   #:policy-compliance-check
+   #:validator-protocol-check
+
+   ;; ── Embedding ──
+   #:*embedding-backend*
+   #:*embedding-queue*
+   #:*embedding-provider*
+   #:embed-queue-object
+   #:embed-object
+   #:embed-all-pending
+   #:embedding-backend-hashing
+   #:embedding-backend-native
+   #:embedding-native-load-model
+   #:embedding-native-unload
+   #:embedding-native-ensure-loaded
+   #:embedding-native-get-dim
+   #:embeddings-compute
+   #:mark-vector-stale
+
+   ;; ── Channels ──
+   #:channel-cli-input
+   #:gateway-start
+   #:gateway-registry-initialize
+   #:messaging-link
+   #:messaging-unlink
+   #:gateway-configured-p
+
+   ;; ── Programming: Lisp ──
+   #:lisp-validate
+   #:lisp-structural-check
+   #:lisp-syntactic-check
+   #:lisp-semantic-check
+   #:lisp-eval
+   #:lisp-format
+   #:lisp-list-definitions
+   #:lisp-extract
+   #:lisp-inject
+   #:lisp-slurp
+
+   ;; ── Programming: Org ──
+   #:org-read-file
+   #:org-write-file
+   #:org-headline-add
+   #:org-headline-find-by-id
+   #:org-property-set
+   #:org-todo-set
+   #:org-id-generate
+   #:org-id-format
+   #:org-modify
+
+   ;; ── Programming: Literate & REPL ──
+   #:literate-tangle-sync-check
+   #:literate-extract-lisp-blocks
+   #:literate-block-balance-check
+   #:repl-eval
+   #:repl-inspect
+   #:repl-list-vars
+
+   ;; ── Symbolic ──
+   #:archivist-create-note
+   #:archivist-extract-headlines
+   #:archivist-headline-to-filename
+
+   ;; ── Diagnostics & Config ──
+   #:diagnostics-run-all
+   #:diagnostics-main
+   #:diagnostics-dependencies-check
+   #:diagnostics-env-check
+   #:get-oc-config-dir
+   #:run-setup-wizard
+
+   ;; ── Providers ──
+   #:register-provider
+   #:provider-openai-request
+   #:provider-config
+
+   ;; ── Token Economics ──
+   #:count-tokens
+   #:model-token-ratio
+   #:token-cost
+   #:provider-token-cost
+   #:cost-track-call
+   #:cost-session-total
+   #:cost-session-calls
+   #:cost-by-provider
+   #:cost-session-reset
+   #:cost-format-budget-status
+   #:cost-track-backend-call
+   #:prompt-prefix-cached
+   #:context-assemble-cached
+   #:enforce-token-budget
+   #:token-economics-initialize))
+#+end_src
+
+** Package Implementation
+The package implementation section defines the low-level utilities and global state that are shared across all harness components and skills.
+
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+*** Logging state
+The harness maintains a bounded ring buffer of log messages for inclusion in LLM context. Access is thread-safe via a lock.
+#+begin_src lisp
+(defvar *log-buffer* nil)
+(defvar *log-lock* (bordeaux-threads:make-lock "log-messages-lock"))
+(defvar *log-limit* 100)
+#+end_src
+
+*** Skill registry
+The global registry of all loaded skills. This is the authoritative list that the deterministic engine iterates.
+#+begin_src lisp
+(defvar *skill-registry* (make-hash-table :test 'equal)
+  "Global registry of all loaded skills.")
+#+end_src
+
+*** Skill telemetry
+Tracks execution metrics per skill (count, duration, failures) for diagnostics and performance analysis.
+#+begin_src lisp
+(defvar *telemetry-table* (make-hash-table :test 'equal))
+(defvar *telemetry-lock* (bordeaux-threads:make-lock "harness-telemetry-lock"))
+
+(defun telemetry-track (skill-name duration status)
+  "Updates performance metrics for a skill. STATUS is :success or :rejected."
+  (when skill-name
+    (bordeaux-threads:with-lock-held (*telemetry-lock*)
+      (let ((entry (or (gethash skill-name *telemetry-table*) (list :executions 0 :total-time 0 :failures 0))))
+        (incf (getf entry :executions))
+        (incf (getf entry :total-time) duration)
+        (when (eq status :rejected) (incf (getf entry :failures)))
+        (setf (gethash skill-name *telemetry-table*) entry)))))
+#+end_src
+
+*** Cognitive tool registry
+Tools that the LLM can invoke are registered here. Each tool has a name, description, parameters, optional guard, and implementation body. The ~def-cognitive-tool~ macro handles registration. ~cognitive-tool-prompt~ serialises the registry into the LLM's system prompt.
+#+begin_src lisp
+(defvar *cognitive-tool-registry* (make-hash-table :test 'equal))
+#+end_src
+
+#+begin_src lisp
+(defstruct cognitive-tool
+  name
+  description
+  parameters
+  guard
+  body
+  read-only-p)
+#+end_src
+
+#+begin_src lisp
+(defmacro def-cognitive-tool (name description parameters &key guard body read-only-p)
+  "Registers a cognitive tool. PARAMETERS is a list of plists, one per parameter."
+  `(setf (gethash (string-downcase (string ',name)) *cognitive-tool-registry*)
+         (make-cognitive-tool :name (string-downcase (string ',name))
+                              :description ,description
+                              :parameters ',parameters
+                              :guard ,guard
+                              :body ,body
+                              :read-only-p ,read-only-p)))
+#+end_src
+
+#+begin_src lisp
+(defun cognitive-tool-prompt ()
+  "Serialises all registered tools into a prompt string for the LLM."
+  (let ((descriptions nil))
+    (maphash (lambda (k tool)
+               (declare (ignore k))
+               (push (format nil "- ~a: ~a~%  Parameters: ~a~%"
+                             (cognitive-tool-name tool)
+                             (cognitive-tool-description tool)
+                             (cognitive-tool-parameters tool))
+                     descriptions))
+              *cognitive-tool-registry*)
+    (if descriptions
+        (format nil "Available tools:~%~a" (apply #'concatenate 'string (sort descriptions #'string<)))
+        "No tools registered.")))
+
+;; Alias: generate-tool-belt-prompt → cognitive-tool-prompt
+(defun generate-tool-belt-prompt ()
+  (cognitive-tool-prompt))
+
+(defun tool-read-only-p (name)
+  "Returns T if the named cognitive tool is read-only, NIL otherwise."
+  (let ((tool (gethash (string-downcase (string name)) *cognitive-tool-registry*)))
+    (when tool
+      (cognitive-tool-read-only-p tool))))
+#+end_src
+
+*** Centralized logging (log-message)
+Thread-safe logging function that writes to both the ring buffer (for LLM context) and stdout (for the user). Bounded by ~*log-limit*~.
+#+begin_src lisp
+(defun log-message (msg &rest args)
+  "Centralized, thread-safe logging for the harness."
+  (let ((formatted-msg (apply #'format nil msg args)))
+    (bordeaux-threads:with-lock-held (*log-lock*)
+      (push formatted-msg *log-buffer*)
+      (when (> (length *log-buffer*) *log-limit*)
+        (setq *log-buffer* (subseq *log-buffer* 0 *log-limit*))))
+    (format t "~a~%" formatted-msg)
+    (finish-output)))
+#+end_src
+
+*** Debugger hook
+Friendly error handler that replaces the raw SBCL debugger with a diagnostic message. This prevents the agent from entering the debugger on unhandled conditions.
+#+begin_src lisp
+(setf *debugger-hook* (lambda (condition hook)
+  "Friendly error handler - shows diagnostic message instead of raw debugger."
+  (declare (ignore hook))
+  (format t "~%")
+  (format t "┌─────────────────────────────────────────────┐~%")
+  (format t "│  ERROR: ~A~%" (type-of condition))
+  (format t "│~%")
+   (format t "│  Run: passepartout diagnostics~%")
+  (format t "│  For system diagnostics~%")
+  (format t "└─────────────────────────────────────────────┘~%")
+  (format t "~%")
+  (format t "Details: ~A~%" condition)
+  (format t "Backtrace:~%")
+  (sb-debug:print-backtrace :count 20 :stream *standard-output*)
+  (finish-output)
+  (uiop:quit 1)))
+#+end_src
--- a/org/core-perceive.org
+++ b/org/core-perceive.org
@@ -0,0 +1,289 @@
+#+TITLE: Stage 1: Perceive (perceive.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:perceive:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-perceive.lisp
+
+* Overview: Architectural Intent
+
+The Perceive stage is the sensory cortex of Passepartout. It receives raw stimuli from diverse sources — terminal input, Emacs buffers, Telegram messages, Signal chats, heartbeat clocks, shell command outputs — and normalizes them into a single Signal format that the rest of the pipeline can process.
+
+Each source has its own format and protocol. The CLI sends raw text. Emacs sends AST diffs. Telegram sends JSON. Without normalization, every downstream component (Reason, Act) would need to understand every input format. With normalization:
+
+1. The gateway layer (CLI, Emacs, Telegram, Signal) just sends raw messages
+2. Perceive transforms them into Signals regardless of origin
+3. Reason and Act work with a single, consistent plist format
+4. Adding a new gateway requires gateway code only — no changes to core
+
+This is the "thin harness, fat skills" principle applied to input processing. The harness does the minimal normalization needed to produce a uniform Signal; the actual interpretation is left to skills.
+
+** Why the Async/Sync Split?
+
+Perceive handles two kinds of stimuli:
+- **Synchronous** (user input, chat messages) — these must be processed in order, one at a time, because each depends on the state left by the previous one
+- **Asynchronous** (heartbeats, background sensor readings, delegation results) — these can be processed in parallel because they don't depend on user intent
+
+The `*loop-async-sensors*` list defines which sensor types are processed in dedicated threads. Everything else goes through the main synchronous pipeline.
+
+The depth limit prevents runaway recursive loops. A signal that generates another signal that generates another signal can infinite-loop. If depth exceeds a threshold (10), the signal is silently dropped rather than processed. This is the metabolic loop's circuit breaker.
+
+** Contract
+
+1. (loop-gate-perceive signal): normalizes sensory input. Routes by
+   sensor type (~:buffer-update~, ~:point-update~, ~:interrupt~,
+   ~:approval-required~) and signal type (~:EVENT~, ~:RESPONSE~).
+   Sets ~:status :perceived~ on completion. Returns the signal.
+2. (perceive-gate signal): thin alias for ~loop-gate-perceive~.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Interrupt Flag
+
+A global interrupt flag that can be set by any signal. When set, the metabolic loop should stop processing and clean up. This is used for graceful shutdown: a SIGINT or /exit command sets the flag, and the loop exits at the next cycle boundary.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *loop-interrupt* nil)
+#+end_src
+
+** Scope Resolver
+
+A hook for the context-manager skill to register its ~current-scope~
+function. When set, the perceive gate passes the current context scope
+to ~ingest-ast~ so ingested objects are tagged and queryable by scope.
+Defaults to ~nil~ meaning all objects are ingested as ~:memex~.
+
+;; REPL-VERIFIED: 2026-05-03T14:00:00
+#+begin_src lisp
+(defvar *scope-resolver* nil
+  "If set, function returning current scope keyword. Used by perceive gate.")
+#+end_src
+
+** Sensor Configuration
+
+~*loop-async-sensors*~ lists the sensor types that should be processed in their own threads. Currently, ~:chat-message~, ~:delegation~, and ~:user-command~ are async because they don't block the main reasoning loop — the agent can process a Telegram message while waiting for the user's next input.
+
+~*loop-focus-id*~ tracks what the user is currently looking at in Emacs. When the user moves their cursor to a different Org headline, the buffer-update signal updates this ID. The Reason stage uses it to build the foveal-peripheral context model: the current headline gets full detail, everything else gets a skeletal outline.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *loop-async-sensors* '(:chat-message :delegation :user-command)
+  "Sensors that are processed in dedicated threads.")
+
+#+end_src
+** *loop-focus-id*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *loop-focus-id* nil
+  "The Org ID of the node the user is currently interacting with.")
+#+end_src
+
+** Pre-Reason Handler Registry
+
+Skills register handlers for custom sensors here. When a signal arrives
+with a registered sensor, the handler is called in the perceive gate,
+before the signal reaches the LLM. The handler receives the full signal
+and returns T if the signal was consumed (don't continue to reason)
+or nil if processing should proceed normally.
+
+*** Pre-Reason Handler Hash Table
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *pre-reason-handlers* (make-hash-table :test 'eq)
+  "Pre-reason handler registry: sensor keyword → handler function.")
+#+end_src
+
+*** register-pre-reason-handler
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun register-pre-reason-handler (sensor fn)
+  "Registers FN to handle signals with SENSOR in the perceive gate.
+FN receives (signal) and returns T if consumed, nil to continue."
+  (setf (gethash sensor *pre-reason-handlers*) fn))
+#+end_src
+
+** Stimulus Injection (stimulus-inject)
+
+This is the entry point that gateways call to send a message into the cognitive pipeline. It sets metadata (source, session ID, reply stream), decides whether the stimulus should be processed synchronously or on a background thread, and wraps the whole thing in error recovery so that no single bad stimulus can crash the system.
+
+The error recovery uses Common Lisp's restart system. If any error occurs during processing, a `skip-event` restart is available. The handler displays the error, then invokes `skip-event` which drops the stimulus and continues. This is the "fail open" safety model — better to drop one message than to crash the entire agent.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun stimulus-inject (raw-message &key stream (depth 0))
+  "Inject a raw message into the signal processing pipeline."
+  (let* ((payload (getf raw-message :payload))
+         (sensor (getf payload :sensor))
+         (meta (getf raw-message :meta))
+         (async-p (or (getf payload :async-p)
+                     (member sensor *loop-async-sensors*))))
+
+    (unless meta
+      (setf meta (list :SOURCE :SYSTEM :SESSION-ID "internal")))
+
+    (when stream
+      (setf (getf meta :reply-stream) stream))
+
+    (setf (getf raw-message :meta) meta)
+    (setf (getf raw-message :depth) depth)
+
+    (if async-p
+        (bt:make-thread
+         (lambda ()
+           (restart-case (process-signal raw-message)
+             (skip-event () nil)))
+         :name "passepartout-async-task")
+        
+        (restart-case
+            (handler-bind ((error (lambda (c)
+                                    (log-message "SYSTEM ERROR: ~a" c)
+                                    (invoke-restart 'skip-event))))
+              (process-signal raw-message))
+          (skip-event ()
+            (log-message "SYSTEM RECOVERY: Stimulus dropped."))))))
+#+end_src
+
+** Perceive Gate (loop-gate-perceive)
+
+The perceive gate is the first stage of the metabolic pipeline. It receives a normalized signal and routes it based on the event type:
+
+- ~:EVENT~ with ~:buffer-update~ — an Emacs buffer changed (new Org headline created, text edited). The change is ingested into memory so the agent has the latest state.
+- ~:EVENT~ with ~:point-update~ — the user moved their cursor to a different headline. The foveal focus is updated, and the node at the cursor is ingested at higher priority.
+- ~:EVENT~ with ~:interrupt~ — the user requested an interrupt. The interrupt flag is set.
+- ~:RESPONSE~ — an action completed. The gate logs the result status.
+
+All signals get tagged with their processing stage (`:status :perceived`) and the current foveal focus before being passed to the Reason stage.
+
+*** loop-gate-perceive
+
+The main perceive pipeline stage.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun loop-gate-perceive (signal)
+  "Stage 1 of the metabolic pipeline: Normalize sensory input."
+  (let* ((payload (getf signal :payload))
+          (type (getf signal :type))
+          (meta (getf signal :meta))
+          (sensor (getf payload :sensor)))
+    ;; HITL: intercept approval/denial commands before LLM processing
+    (when (and (eq sensor :user-input)
+               (stringp (getf payload :text)))
+      (let ((text (getf payload :text)))
+        (when (ignore-errors (hitl-handle-message text (getf meta :source)))
+          (log-message "GATE [Perceive]: HITL command processed — ~a" text)
+          (return-from loop-gate-perceive signal))))
+    ;; Pre-reason handlers: dispatch custom sensors to registered skill handlers
+    (let ((handler (gethash sensor *pre-reason-handlers*)))
+      (when handler
+        (when (funcall handler signal)
+          (return-from loop-gate-perceive signal))))
+
+    (log-message "GATE [Perceive]: ~a (~a) [Source: ~s]"
+                 type (or sensor "no-sensor") (getf meta :source))
+
+    (cond ((eq type :EVENT)
+            (case sensor
+              (:buffer-update
+               (let ((ast (getf payload :ast)))
+                 (when ast
+                   (snapshot-memory)
+                   (ingest-ast ast :scope (if *scope-resolver* (funcall *scope-resolver*) :memex)))))
+              (:point-update
+               (let ((element (getf payload :element)))
+                 (when element
+                   (snapshot-memory)
+                   (setf *loop-focus-id* (getf element :id))
+                   (ingest-ast element :scope (if *scope-resolver* (funcall *scope-resolver*) :memex)))))
+               (:interrupt
+                (setf *loop-interrupt* t))
+               ;; v0.7.2 undo/redo
+               (:undo
+                (log-message "GATE [Perceive]: undo requested")
+                (undo "perceive"))
+               (:redo
+                (log-message "GATE [Perceive]: redo requested")
+                (redo "perceive"))
+              ;; HITL: re-injected approved action from dispatcher-approvals-process
+              (:approval-required
+               (when (getf payload :approved)
+                 (log-message "GATE [Perceive]: Approved Flight Plan re-injected")
+                  (setf (getf signal :approved) t)
+                 (setf (getf signal :approved-action) (getf payload :action))))
+              ;; Default sensor: pass through without requiring user-input processing
+              (otherwise
+               (log-message "GATE [Perceive]: Unknown sensor ~a, passing through" sensor))))
+          ((eq type :RESPONSE)
+           (log-message "GATE [Perceive]: Act Result -> ~a" (getf payload :status))))
+
+    (setf (getf signal :status) :perceived)
+    (setf (getf signal :foveal-focus) *loop-focus-id*)
+    signal))
+#+end_src
+
+*** perceive-gate (backward-compatibility alias)
+
+The pipeline gate was originally named ~perceive-gate~. Code that still
+uses the old name can call this alias. New code should call
+~loop-gate-perceive~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun perceive-gate (signal)
+  (loop-gate-perceive signal))
+#+end_src
+
+* Test Suite
+Verifies that the perceive gate correctly ingests AST nodes into memory and that the depth limiter prevents runaway recursive signals.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-pipeline-perceive-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:pipeline-perceive-suite))
+
+(in-package :passepartout-pipeline-perceive-tests)
+
+(def-suite pipeline-perceive-suite :description "Test suite for Perceive pipeline")
+(in-suite pipeline-perceive-suite)
+
+(test test-loop-gate-perceive
+  "Contract 1: :buffer-update ingests AST and sets :perceived status."
+  (clrhash passepartout::*memory-store*)
+  (let* ((signal (list :type :EVENT :payload (list :sensor :buffer-update :ast (list :type :HEADLINE :properties (list :ID "test-node" :TITLE "Test") :contents nil))))
+         (result (loop-gate-perceive signal)))
+    (is (eq :perceived (getf result :status)))
+    (is (not (null (gethash "test-node" passepartout::*memory-store*))))))
+
+(test test-depth-limiting
+  "Edge: depth 11 signals are rejected by the pipeline."
+  (let ((runaway-signal (list :type :EVENT :depth 11 :payload (list :sensor :heartbeat))))
+    (is (null (process-signal runaway-signal)))))
+
+(test test-loop-gate-perceive-unknown-sensor
+  "Contract 1: unknown sensors pass through and reach :perceived."
+  (let* ((signal (list :type :EVENT :depth 0 :payload (list :sensor :custom-metric)))
+         (result (loop-gate-perceive signal)))
+    (is (eq :perceived (getf result :status)))))
+
+(test test-loop-gate-perceive-no-ast
+  "Contract 1: :buffer-update without AST doesn't crash, reaches :perceived."
+  (clrhash passepartout::*memory-store*)
+  (let* ((signal (list :type :EVENT :depth 0 :payload (list :sensor :buffer-update)))
+         (result (loop-gate-perceive signal)))
+    (is (eq :perceived (getf result :status)))))
+
+(test test-depth-limiting-normal
+  "Contract 1: signals at normal depth pass through without rejection."
+  (let ((normal-signal (list :type :EVENT :depth 5 :payload (list :sensor :heartbeat))))
+    (is (not (eq :rejected (getf normal-signal :status)))
+        "Signal at normal depth should not be rejected")))
+#+end_src
--- a/org/core-pipeline.org
+++ b/org/core-pipeline.org
@@ -0,0 +1,436 @@
+#+TITLE: The Metabolic Loop (loop.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:loop:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-pipeline.lisp
+
+* Overview: Architectural Intent
+
+The Metabolic Loop is the cranial nerve reflex of Passepartout. While skills provide specialized intelligence, the loop provides the fundamental rhythm of existence: the continuous processing of signals from perception through cognition to action.
+
+Every signal flows through three stages:
+1. **Perceive** — normalize raw input into a standard Signal format
+2. **Reason** — think (LLM) then verify (deterministic gates)
+3. **Act** — dispatch the approved action to the appropriate actuator
+
+If a stage produces a new signal (e.g., the Act stage produces a tool-output event), that signal feeds back into Perceive and the loop continues. This is how the agent has multi-step conversations: each LLM response produces an action, which produces a tool output, which feeds back as a new perception, which triggers the next reasoning cycle.
+
+** Why Separate Stages?
+
+A single function that called the LLM, checked safety, and executed the result would be simpler to write. But it would be impossible to:
+- Test each stage independently (a bug in the LLM call would block safety testing)
+- Insert new stages between P and R or R and A (adding consensus means adding a gate in the middle)
+- Recover from failures mid-pipeline (an LLM timeout shouldn't prevent safety checks on the next cycle)
+
+The stage separation is the functional equivalent of the "thin harness" principle: each stage is a pure function that transforms a signal. The loop is the composition of these functions.
+
+** Why the Depth Limit?
+
+A signal that generates another signal that generates another signal can infinite-loop. The depth limit (max 10) prevents this. If depth exceeds 10, the signal is silently dropped. This is the metabolic loop's circuit breaker.
+
+The three-tier error recovery model, now backed by a condition hierarchy
+that skills can hook into via ~handler-bind~:
+
+1. **Transient errors** (tool failures, network timeouts) — recoverable, generate a :loop-error signal at higher depth for retry. Use the ~skip-signal~ or ~use-fallback~ restart.
+2. **Critical errors** (undefined functions, malformed data) — require memory rollback to the last snapshot.
+3. **Recursive loops** (signals generating more signals indefinitely) — depth limit enforcement.
+
+Condition types available for structured error handling:
+- ~pipeline-error~ — any Perceive→Reason→Act failure
+- ~llm-error~ — provider timeout, cascade exhaustion, API error (slots: provider, cascade, attempt-count)
+- ~gate-error~ — dispatcher blocked a proposed action (slots: gate-name, rejected-action)
+- ~budget-error~ — session cap exceeded (slots: remaining, requested)
+- ~protocol-error~ — malformed message or framing failure
+
+** Contract
+
+1. (loop-process signal): the full pipeline loop — Perceive → Reason
+   → Act. Enforces depth limit (10). Catches errors with rollback and
+   ~:loop-error~ re-injection on non-terminal errors below depth 2.
+   Establishes restart options: ~skip-signal~ (drop the event),
+   ~use-fallback text~ (inject canned response), ~abort-pipeline~
+   (clean exit). Skills can invoke these restarts from ~handler-bind~
+   clauses on the condition hierarchy.
+2. (process-signal signal): thin alias for ~loop-process~.
+3. (diagnostics-startup-run): runs health check on startup, sets
+   ~*system-health*~ to ~:healthy~, ~:degraded~, or ~:unhealthy~.
+4. *passepartout-error* condition hierarchy: ~pipeline-error~,
+   ~llm-error~ (provider, cascade, attempt-count slots), ~gate-error~
+   (gate-name, rejected-action slots), ~budget-error~ (remaining,
+   requested slots), ~protocol-error~ (raw-message slot). All carry a
+   ~:message~ string via the root ~passepartout-error~.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Error Condition Hierarchy
+
+The pipeline defines a condition hierarchy so callers can distinguish
+failure modes without inspecting raw error strings. Every pipeline
+condition carries structured slots for telemetry and restart selection.
+
+Skills install ~handler-bind~ for specific conditions (e.g., a provider
+health monitor that records ~llm-error~ failures per backend). The
+restarts registered in ~loop-process~ enable structured recovery:
+skip the signal, retry with a modified prompt, inject a fallback
+response, or abort the cycle.
+
+#+begin_src lisp
+(define-condition passepartout-error (error)
+  ((message :initarg :message :reader error-message))
+  (:report (lambda (c s) (format s "Passepartout error: ~a" (error-message c))))
+  (:documentation "Root of the pipeline error hierarchy."))
+
+(define-condition pipeline-error (passepartout-error)
+  ((signal :initarg :signal :reader pipeline-error-signal :initform nil))
+  (:report (lambda (c s) (format s "Pipeline error: ~a" (error-message c))))
+  (:documentation "Any error during the Perceive→Reason→Act cycle."))
+
+(define-condition llm-error (pipeline-error)
+  ((provider :initarg :provider :reader llm-error-provider)
+   (cascade :initarg :cascade :reader llm-error-cascade :initform nil)
+   (attempt-count :initarg :attempt-count :reader llm-error-attempt-count :initform 0))
+  (:report (lambda (c s) (format s "LLM error (~a): ~a" (llm-error-provider c) (error-message c))))
+  (:documentation "LLM provider failure: timeout, cascade exhaustion, or API error."))
+
+(define-condition gate-error (pipeline-error)
+  ((gate-name :initarg :gate-name :reader gate-error-gate-name)
+   (rejected-action :initarg :rejected-action :reader gate-error-rejected-action))
+  (:report (lambda (c s) (format s "Gate ~a blocked action: ~a" (gate-error-gate-name c) (error-message c))))
+  (:documentation "Deterministic gate blocked a proposed action."))
+
+(define-condition budget-error (pipeline-error)
+  ((remaining :initarg :remaining :reader budget-error-remaining :initform 0.0)
+   (requested :initarg :requested :reader budget-error-requested :initform 0.0))
+  (:report (lambda (c s) (format s "Budget exhausted: $~,4f remaining, $~,4f requested" (budget-error-remaining c) (budget-error-requested c))))
+  (:documentation "Session budget cap has been reached."))
+
+(define-condition protocol-error (passepartout-error)
+  ((raw-message :initarg :raw-message :reader protocol-error-raw-message :initform nil))
+  (:report (lambda (c s) (format s "Protocol error: ~a" (error-message c))))
+  (:documentation "Malformed message, framing failure, or schema violation."))
+#+end_src
+
+** Global Interrupt State
+
+Thread-safe interrupt flag. The ~*loop-interrupt-lock*~ mutex protects access so that the signal handler and the main loop don't race on shutdown.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *interrupt-flag* nil
+  "Atomic flag set by signal handlers to trigger graceful shutdown.")
+
+#+end_src
+** *loop-interrupt-lock*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *loop-interrupt-lock* (bt:make-lock "harness-interrupt-lock")
+  "Mutex protecting *interrupt-flag* access.")
+
+#+end_src
+** *heartbeat-thread*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *heartbeat-thread* nil
+  "Handle to the heartbeat thread.")
+#+end_src
+#+end_src
+
+** Core Engine (loop-process)
+
+The entry point to the metabolic pipeline. Each cycle runs Perceive → Reason → Act. If Act produces feedback (a new signal), the loop continues with that signal at the same depth.
+
+The function handles four failure modes:
+- **Depth exceeded**: signal dropped, nil returned
+- **Interrupt flag**: graceful shutdown, nil returned
+- **Handler error**: caught by handler-case, logged, and depending on the sensor type and depth:
+  - Normal errors at low depth → memory rollback + retry as :loop-error
+  - :loop-error and :tool-error at any depth → dropped (avoids infinite retry loops)
+  - High-depth errors (depth > 2) → dropped (avoids cascading failures)
+- **Unhandled error**: the handler-case catches everything, preventing any single bad signal from crashing the agent
+
+*** loop-process
+
+The main pipeline entry point.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun loop-process (signal)
+  "The entry point to the Metabolic Pipeline: Perceive -> Reason -> Act."
+  (let ((current-signal signal))
+    (loop while current-signal do
+      (let ((depth (getf current-signal :depth 0))
+            (meta (getf current-signal :meta)))
+        (when (> depth 10)
+          (log-message "METABOLISM ERROR: Max recursion depth reached.")
+          (return nil))
+
+        (when (bt:with-lock-held (*loop-interrupt-lock*) *interrupt-flag*)
+          (log-message "METABOLISM: Interrupted by shutdown signal.")
+          (return nil))
+
+        (restart-case
+            (handler-bind
+                ((pipeline-error (lambda (c)
+                                   (log-message "PIPELINE ERROR: ~a" (error-message c)))))
+              (handler-case
+                  (progn
+                    (setf current-signal (perceive-gate current-signal))
+                    (setf current-signal (reason-gate current-signal))
+                    (let ((feedback (act-gate current-signal)))
+                      (if feedback
+                          (progn
+                            (unless (getf feedback :meta) (setf (getf feedback :meta) meta))
+                            (setf current-signal feedback))
+                          (setf current-signal nil))))
+                (error (c)
+                  (let ((sensor (ignore-errors (getf (getf current-signal :payload) :sensor))))
+                    (log-message "METABOLISM CRASH [~a]: ~a" (or sensor :unknown) c)
+                    (unless (member sensor '(:loop-error :tool-error :syntax-error))
+                      (log-message "CRITICAL ERROR: Initiating Micro-Rollback.")
+                      (rollback-memory 0))
+                    (if (or (> depth 2) (member sensor '(:loop-error :tool-error)))
+                        (setf current-signal nil)
+                        (setf current-signal
+                              (list :type :EVENT :depth (1+ depth) :meta meta
+                                    :payload (list :sensor :loop-error :message (format nil "~a" c) :depth depth))))))))
+          (skip-signal ()
+            :report "Drop the current signal and continue the loop."
+            (setf current-signal nil))
+          (use-fallback (text)
+            :report "Inject a canned response instead of the LLM result."
+            (setf current-signal
+                  (list :type :EVENT :depth (1+ depth) :meta meta
+                        :payload (list :sensor :loop-error :message text :depth depth))))
+          (abort-pipeline ()
+            :report "Terminate the cognitive cycle cleanly."
+            (return nil)))))))
+#+end_src
+
+*** process-signal (backward-compatibility alias)
+
+The pipeline entry point was originally named ~process-signal~. Code
+that still uses the old name can call this alias. New code should call
+~loop-process~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun process-signal (signal)
+  (loop-process signal))
+#+end_src
+
+** Heartbeat Mechanism
+
+The heartbeat is a background thread that fires every N seconds (configurable via ~HEARTBEAT_INTERVAL~ env var, default 60). On each tick, it:
+
+1. Increments the save counter and saves memory to disk when the counter exceeds the auto-save interval (default 300s)
+2. Injects a ~:heartbeat~ signal into the pipeline
+
+The heartbeat signal is how background skills (Gardener, Scribe) get triggered without user input. These skills have triggers that match ~:sensor :heartbeat~ and run maintenance tasks during idle cycles.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *memory-auto-save-interval* 300)
+#+end_src
+** *heartbeat-save-counter*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *heartbeat-save-counter* 0)
+
+#+end_src
+** heartbeat-start
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun heartbeat-start ()
+  "Starts the background heartbeat thread."
+  (let ((interval (or (ignore-errors (parse-integer (uiop:getenv "HEARTBEAT_INTERVAL"))) 60))
+        (auto-save (or (ignore-errors (parse-integer (uiop:getenv "MEMORY_AUTO_SAVE_INTERVAL"))) *memory-auto-save-interval*)))
+    (setf *memory-auto-save-interval* auto-save)
+    (setf *heartbeat-save-counter* 0)
+
+    (setf *heartbeat-thread*
+          (bt:make-thread
+           (lambda ()
+             (loop
+               (sleep interval)
+               (incf *heartbeat-save-counter*)
+               (when (>= *heartbeat-save-counter* (/ *memory-auto-save-interval* interval))
+                 (setf *heartbeat-save-counter* 0)
+                 (save-memory-to-disk))
+               (stimulus-inject
+                  (list :type :EVENT :payload (list :sensor :heartbeat :unix-time (get-universal-time))))))
+           :name "passepartout-heartbeat"))))
+#+end_src
+#+end_src
+
+** Shutdown Save Flag
+
+Controls whether memory is saved on shutdown. Useful for testing when you want a clean state on next boot.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *shutdown-save-enabled* t)
+#+end_src
+
+** System Health Status
+
+Used by the health check protocol and the daemon's status endpoint. Set by ~diagnostics-startup-run~ during boot.
+
+- ~:healthy~ — all checks passed
+- ~:degraded~ — checks found issues but the daemon can still run
+- ~:unhealthy~ — checks failed, the daemon may not function correctly
+- ~:unknown~ — health check hasn't run yet
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *system-health* :unknown
+  "Current system health status: :healthy, :degraded, :unhealthy, or :unknown.")
+
+#+end_src
+** *health-check-ran*
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *health-check-ran* nil
+  "Flag indicating if initial health check has completed.")
+#+end_src
+#+end_src
+
+** Proactive Doctor
+
+Runs the doctor diagnostics automatically at startup. If the doctor finds issues (missing dependencies, misconfigured providers), it prints a diagnostic message but does NOT block the daemon from starting. The user can see the issues and run ~passepartout doctor --fix~ to repair.
+
+This is the "fail open" principle applied to boot: the system should start even with problems, not refuse to start until everything is perfect.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun diagnostics-startup-run ()
+  "Runs the doctor diagnostics on startup. Returns health status."
+  (format t "~%")
+  (format t "==================================================~%")
+  (format t " DOCTOR: Running Startup Health Check~%")
+  (format t "==================================================~%")
+  (handler-case
+      (progn
+         (when (fboundp 'diagnostics-run-all)
+           (let ((result (diagnostics-run-all :auto-install nil)))
+            (setf *health-check-ran* t)
+            (if result
+                (progn
+                  (setf *system-health* :healthy)
+                  (format t "DAEMON: Health check passed. Starting services.~%"))
+                (progn
+                  (setf *system-health* :degraded)
+                  (format t "DAEMON: Health check found issues.~%")
+                   (format t "         Run 'passepartout diagnostics' to repair.~%")))))
+        (setf *health-check-ran* t))
+    (error (c)
+       (format t "DIAGNOSTICS ERROR: ~a~%" c)
+      (setf *system-health* :unhealthy)
+      (setf *health-check-ran* t)))
+  (format t "==================================================~%~%"))
+#+end_src
+
+** Main Entry Point (main)
+
+The top-level entry point. Called by ~passepartout daemon~ and ~passepartout tui~.
+
+Boot sequence:
+1. Load environment variables from ~.config/passepartout/.env~
+2. Load persisted memory state from disk
+3. Register core actuators (:system, :tool, :tui)
+4. Initialize all skills (tangging .lisp or loading from XDG)
+5. Run the proactive health check
+6. Start the heartbeat thread (background maintenance)
+7. Start the TCP daemon (listens for CLI/TUI connections)
+8. Install the SIGINT handler (graceful shutdown on Ctrl+C)
+9. Enter the idle sleep loop (wakes on interrupt)
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun main ()
+  "Entry point for Passepartout. Initializes the system and enters idle loop."
+  (let* ((home (uiop:getenv "HOME"))
+         (env-file (uiop:merge-pathnames* ".config/passepartout/.env" (uiop:ensure-directory-pathname home))))
+    (when (uiop:file-exists-p env-file)
+      (cl-dotenv:load-env env-file)))
+
+  (load-memory-from-disk)
+  (actuator-initialize)
+  (skill-initialize-all)
+  
+  ;; Run proactive diagnostics before starting services
+  (diagnostics-startup-run)
+  
+  (when (fboundp 'events-start-heartbeat)
+    (events-start-heartbeat))
+  (handler-case (start-daemon)
+    (error (c)
+      (log-message "DAEMON: Failed to start — ~a" c)
+      (format *error-output* "~&DAEMON: Failed to start — ~a~%" c)))
+
+  #+sbcl
+  (sb-sys:enable-interrupt sb-unix:sigint
+                            (lambda (sig code scp)
+                              (declare (ignore sig code scp))
+                              (log-message "SHUTDOWN: SIGINT received. Saving memory...")
+                              (when *shutdown-save-enabled* (save-memory-to-disk))
+                              (uiop:quit 0)))
+
+  (let ((sleep-interval (or (ignore-errors (parse-integer (uiop:getenv "DAEMON_SLEEP_INTERVAL"))) 3600)))
+    (loop
+      (when (bt:with-lock-held (*loop-interrupt-lock*) *interrupt-flag*)
+        (log-message "SHUTDOWN: Interrupt flag set. Saving memory...")
+        (when *shutdown-save-enabled* (save-memory-to-disk))
+        (return))
+      (sleep sleep-interval))))
+#+end_src
+
+* Test Suite
+Verifies that the immune system (error handling) correctly catches and reports errors from the cognitive pipeline.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-immune-system-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:immune-suite))
+
+(in-package :passepartout-immune-system-tests)
+
+(def-suite immune-suite :description "Verification of the Immune System (Core Error Hooks)")
+(in-suite immune-suite)
+
+(test loop-error-injection
+  "Contract 1: a crash in think/decide triggers :loop-error stimulus."
+  (clrhash passepartout::*skill-registry*)
+  (passepartout:defskill :evil-skill
+    :priority 100
+    :trigger (lambda (ctx) (eq (getf (getf ctx :payload) :sensor) :user-input))
+    :probabilistic (lambda (ctx) (declare (ignore ctx)) (error "CRITICAL BRAIN FAILURE"))
+    :deterministic nil)
+  (passepartout:loop-process '(:type :EVENT :payload (:sensor :user-input)))
+  (let ((logs (if (fboundp 'passepartout::context-get-system-logs)
+                  (passepartout:context-get-system-logs 20)
+                  nil)))
+    (is (or (null logs)  ; no log service available — degraded but not broken
+            (not (null (find-if (lambda (line) (search "CRITICAL BRAIN FAILURE" line)) logs)))))))
+
+(test test-process-signal-normal-path
+  "Contract 1: a valid signal passes through the pipeline without crash."
+  (clrhash passepartout::*skill-registry*)
+  (handler-case
+      (let ((signal (list :type :EVENT :depth 0 :payload (list :sensor :heartbeat))))
+        (process-signal signal)
+        (pass))
+    (error (c)
+      (fail "Pipeline crashed on normal signal: ~a" c))))
+
+(test test-loop-process-returns-nil-on-deep
+  "Contract 1: depth > 10 returns nil from loop-process."
+  (let ((result (loop-process '(:type :EVENT :depth 11 :payload (:sensor :heartbeat)))))
+    (is (null result))))
+#+end_src
--- a/org/core-reason.org
+++ b/org/core-reason.org
@@ -0,0 +1,737 @@
+#+TITLE: Stage 2: Reason (reason.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:reason:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-reason.lisp
+
+* Overview: Architectural Intent
+
+The Reason stage is the cognitive heart of Passepartout. It takes a normalized signal from Perceive and produces an approved action for Act. This is where the two engines — probabilistic (LLM) and deterministic (Lisp logic) — collaborate.
+
+The design is shaped by one non-negotiable constraint: **the LLM must never touch the actuators directly.** Every action the LLM proposes must pass through a deterministic verification gate that has the final say. This is what separates Passepartout from every other AI agent: the creative brain suggests, but the logical brain decides.
+
+** The Probabilistic-Deterministic Split
+
+An LLM is a statistical engine. Given enough context, it is remarkably good at translation, generation, and pattern matching. But it cannot be trusted with authority because hallucination is a *fundamental property* of probabilistic inference — the model generates the most likely continuation, not the correct one.
+
+The deterministic engine addresses this by being what the probabilistic engine is not: mathematically rigorous, formally verifiable, and incapable of hallucination by design. It operates on explicit symbolic representations — lists, property lists, knowledge graphs — not on floating-point activations. When it evaluates a path confinement check, it returns true or false, not a probability distribution.
+
+The division of labor is architectural:
+- The LLM handles the fuzzy interface between human language and structured representation
+- The deterministic engine receives those structured representations and evaluates them against formal invariants
+- The LLM never reads a file, never executes a command, never modifies memory — it generates proposals
+
+This separation is the source of Passepartout's safety guarantee. Other agents add "guardrails" as an afterthought — a layer of filtering around a dangerous core. Passepartout makes the division explicit.
+
+** Why Plists for Communication?
+
+Every message in the Reason pipeline is a property list (plist):
+
+  (TYPE :REQUEST TARGET :CLI PAYLOAD (ACTION :MESSAGE TEXT "Hello"))
+
+A plist is simultaneously:
+- Human-readable text
+- Machine-parseable data structure
+- Executable Lisp code
+
+This is not a cosmetic choice. It means the reasoning pipeline can generate, modify, and execute its own communication protocol without external parsing libraries. There is no JSON encoder, no schema validator, no serialization layer between the two engines. They speak the same language because they *are* the same language.
+
+** Contract
+
+1. (cognitive-verify proposed-action context): runs all registered
+   deterministic gates sorted by priority. Returns a rejection plist
+   (~:LOG~ or ~:EVENT~) if any gate blocks the action, an
+   ~:approval-required~ event if a gate requires HITL, or the action
+   (potentially modified) if it passes.
+2. (loop-gate-reason signal): the full reason pipeline — only processes
+   ~:user-input~ and ~:chat-message~ sensors. Runs ~think~ to generate
+   a candidate, then ~cognitive-verify~ to gate it. Retries up to 3
+   times on rejection. Sets ~:status :reasoned~ on completion.
+3. (reason-gate signal): thin alias for ~loop-gate-reason~.
+4. (backend-cascade-call prompt): iterates ~*provider-cascade*~ calling
+   each backend's handler until one succeeds. Returns the LLM content
+   string, or a ~:LOG~ failure if all backends are exhausted.
+5. (json-alist-to-plist alist): converts a JSON alist (from
+   ~cl-json:decode-json-from-string~) to a keyword-prefixed plist.
+   String keys → upcased keywords. Nested alists recurse into plists.
+   JSON arrays (lists whose first element is not a cons) pass through.
+   Scalars and nil pass through.
+6. (think-assemble-prompt context): returns three values —
+   ~system-prompt~ (the full prompt string), ~raw-prompt~ (user text or
+   skill-generated), and ~reply-stream~ (for streaming responses).
+   Handles all conditional assembly paths: TIME section, CONFIG section,
+   IDENTITY (assistant name + identity file + standing mandates +
+   reflection feedback), TOOLS, CONTEXT, LOGS. Gracefully degrades when
+   awareness or token-economics skills are not loaded.
+7. (think-call-llm raw-prompt system-prompt reply-stream context): calls
+   the LLM. Checks session budget exhaustion before dispatching
+   (v0.5.0 deferred, ~fboundp~-guarded). Uses streaming
+   (~cascade-stream~) when reply-stream is non-nil and the streaming
+   module is loaded; falls back to ~backend-cascade-call~ otherwise.
+   Returns the raw thought (string or plist with ~:tool-calls~) or
+   a budget-exhaustion message.
+8. (think-parse-response thought): parses the LLM response into an action
+   plist. Handles three paths: structured ~:tool-calls~ (convert JSON args
+   to plist via ~json-alist-to-plist~), raw S-expression text (parse with
+   ~*read-eval* nil~, normalize keywords), and plain text (wrap as
+   ~:MESSAGE~ action). Tracks cost via ~cost-track-backend-call~ when
+   available. Guarantees a valid plist for any input.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Probabilistic Backend Registry
+
+~*probabilistic-backends*~ is a hash table mapping provider keywords to
+their handler functions. Populated by ~register-probabilistic-backend~.
+Skills like system-model-provider register into this table at boot time.
+
+;; REPL-VERIFIED: 2026-05-03T14:00:00
+#+begin_src lisp
+(defvar *probabilistic-backends* (make-hash-table :test 'equal)
+  "Maps provider keyword → handler function (prompt system-prompt &key model).")
+
+(defun register-probabilistic-backend (name fn)
+  "Register FN as the handler for provider NAME."
+  (setf (gethash name *probabilistic-backends*) fn))
+#+end_src
+
+The probabilistic engine maintains three pieces of global state that control how LLM requests are dispatched:
+
+~*provider-cascade*~ is the ordered list of providers to try — if the first one fails, the cascade falls through to the next. ~*model-selector*~ is an optional function that examines the context and picks a model per request (useful for routing simple questions to a small fast model and complex reasoning to a large expensive one). ~*consensus-enabled*~ toggles multi-provider agreement, where multiple LLMs run the same prompt and the system waits for consensus.
+
+Providers register into ~*probabilistic-backends*~ (declared above) via ~register-probabilistic-backend~. The cascade can be changed without restart: (setf *provider-cascade* (quote (:ollama :openrouter))).
+
+** Provider Cascade
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *provider-cascade* nil)
+#+end_src
+
+** Model Selector
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *model-selector* nil)
+#+end_src
+
+** Consensus Toggle
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defvar *consensus-enabled* nil)
+#+end_src
+
+** Cascade Dispatch (backend-cascade-call)
+
+Given a prompt, this function iterates through the provider cascade and calls each backend in order until one succeeds. A provider "succeeds" when it returns ~:status :success~ with content, or when it returns a plain string (the LLM's raw output).
+
+The function has a fallback for every failure mode:
+- If a backend returns ~:status :error~, the cascade moves to the next provider
+- If a backend throws an exception, it is caught and logged, and the cascade moves on
+- If ALL backends are exhausted, a structured LOG message is returned saying "Neural Cascade Failure"
+
+This is deliberately resilient. The system should never crash because an LLM provider is down. It should log the failure, try the next provider, and if all fail, return a diagnostic message that the deterministic engine can present to the user.
+
+;; REPL-VERIFIED: 2026-05-03T14:00:00
+#+begin_src lisp
+(defun backend-cascade-call (prompt &key
+                                (system-prompt "You are the Probabilistic engine.")
+                                (cascade nil)
+                                (context nil)
+                                tools)
+  (let ((backends (or cascade *provider-cascade*))
+        (result nil))
+    (dolist (backend backends (or result
+                                   (list :type :LOG
+                                         :payload (list :text "Neural Cascade Failure: All providers exhausted."))))
+      (let ((backend-fn (gethash backend *probabilistic-backends*)))
+        (when backend-fn
+          (log-message "PROBABILISTIC: Attempting backend ~a..." backend)
+          (let* ((model (and *model-selector*
+                             (funcall *model-selector* backend context)))
+                 (skip (eq model :skip))
+                 (r (unless skip
+                      (apply backend-fn
+                             (append (list prompt system-prompt :model model)
+                                     (when tools (list :tools tools)))))))
+            (when skip
+              (log-message "PROBABILISTIC: Skipping ~a (filtered)" backend))
+            (cond ((and (listp r) (eq (getf r :status) :success))
+                   (let ((tool-calls (getf r :tool-calls)))
+                     (if tool-calls
+                         (return (list :status :success :tool-calls tool-calls))
+                         (progn
+                           (setf result (getf r :content))
+                           (return result)))))
+                  ((stringp r)
+                   (setf result r)
+                   (return result))
+                   (t
+                    (log-message "PROBABILISTIC: Backend ~a failed: ~a"
+                                backend (getf r :message))))))))))
+#+end_src
+
+** Markdown Strip
+
+The LLM might wrap its output in Markdown code fences (~```~). This function strips them before parsing. It also strips trailing/leading whitespace.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun markdown-strip (text)
+  (if (and text (stringp text))
+      (let ((cleaned text))
+        (setf cleaned (cl-ppcre:regex-replace-all "^```[a-z]*\\n" cleaned ""))
+        (setf cleaned (cl-ppcre:regex-replace-all "\\n```$" cleaned ""))
+        (setf cleaned (cl-ppcre:regex-replace-all "```" cleaned ""))
+        (string-trim '(#\Space #\Newline #\Tab) cleaned))
+      text))
+#+end_src
+
+** Normalize plist keywords
+
+Lisp keywords are case-sensitive. The LLM might produce ~:payload~ or ~:PAYLOAD~ or ~:Payload~ depending on the model. This function normalizes all keyword keys to uppercase to ensure the deterministic engine receives consistent input.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun plist-keywords-normalize (plist)
+  (when (listp plist)
+    (loop for (k v) on plist by #'cddr
+          collect (if (and (symbolp k) (not (keywordp k)))
+                       (intern (string k) :keyword)
+                       k)
+          collect v)))
+#+end_src
+
+** Think: assemble context and call the LLM
+
+This is the main entry point for the probabilistic engine. Every cognitive cycle goes through here.
+
+The function handles several cases:
+- If a triggered skill provides a probabilistic prompt generator, that replaces the raw user input
+- If the previous proposal was rejected, the rejection trace is injected into the LLM's context so it can self-correct
+- Standing mandates from ~*standing-mandates*~ are injected into the IDENTITY section of the system prompt
+
+The system prompt assembly order — identity (including mandates), tools, context, logs — is intentional: standing mandates appear early in IDENTITY so they set the behavioral frame before the model processes tools, context, and logs.
+
+Token economics (v0.5.0): when ~token-economics~ is loaded, ~think()~ uses
+~context-assemble-cached~ (skips context assembly on heartbeat/delegation),
+~prompt-prefix-cached~ (avoids retransmitting IDENTITY+TOOLS), and
+~enforce-token-budget~ (trims over-budget prompts). Cost is tracked after
+each cascade call via ~cost-track-backend-call~. All four calls are
+~fboundp~-guarded — when the module is not loaded, behavior is unchanged.
+
+~think()~ is the orchestrator that composes three sub-functions:
+
+1. *think-assemble-prompt* — builds the full system prompt from context,
+   awareness, logs, identity, standing mandates, and tool belt.
+2. *think-call-llm* — dispatches to the LLM (streaming or batch cascade).
+3. *think-parse-response* — converts the LLM's output to an action plist,
+   handling structured tool-calls, raw S-expressions, and plain text.
+
+The orchestrator snapshots memory, calls the three phases in sequence,
+and returns the action plist that flows into ~cognitive-verify~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+;; v0.7.2: live config section for system prompt
+(defun assemble-config-section ()
+  "Build the CONFIG section of the system prompt from live state."
+  (let ((provider-names "")
+        (context-window (if (and (boundp '*tokenizer-provider*) (fboundp 'tokenizer-context-limit))
+                           (tokenizer-context-limit (symbol-value '*tokenizer-provider*))
+                           8192))
+        (gate-count 10)
+        (rules-count 0))
+    (when (boundp '*provider-cascade*)
+      (setf provider-names
+            (format nil "~{~a~^, ~}"
+                    (mapcar (lambda (p)
+                              (handler-case (or (getf p :model) (getf p :provider) "")
+                                (error () (princ-to-string p))))
+                            (symbol-value '*provider-cascade*)))))
+    (when (boundp '*hitl-pending*)
+      (setf rules-count (hash-table-count (symbol-value '*hitl-pending*))))
+    (format nil "CONFIG: You are Passepartout v0.7.2. Provider: ~a. Context: ~d tokens. Security gates: ~d active. Rules learned: ~d. Documentation: USER_MANUAL.org."
+            (if (string= provider-names "") "default" provider-names)
+            context-window gate-count rules-count)))
+
+(defun think-assemble-prompt (context)
+  "Phase 2-3 of the metabolic cycle: context + system prompt assembly.
+Returns three values: system-prompt, raw-prompt, reply-stream."
+  (let* ((sensor (proto-get (proto-get context :payload) :sensor))
+         (active-skill (find-triggered-skill context))
+         (tool-belt (generate-tool-belt-prompt))
+         (reply-stream (proto-get context :reply-stream))
+         (global-context (if (fboundp 'context-assemble-cached)
+                             (context-assemble-cached context sensor)
+                             (if (fboundp 'context-assemble-global-awareness)
+                                 (context-assemble-global-awareness)
+                                 "[Awareness skill not loaded]")))
+         (system-logs (if (fboundp 'context-get-system-logs)
+                          (context-get-system-logs)
+                          "[No system logs available]"))
+         (assistant-name (or (uiop:getenv "MEMEX_ASSISTANT") "Agent"))
+         (rejection-trace (proto-get (proto-get context :payload) :rejection-trace))
+         (prompt-generator (when active-skill (skill-probabilistic-prompt active-skill)))
+         (raw-prompt (if prompt-generator
+                         (funcall prompt-generator context)
+                         (let ((p (proto-get (proto-get context :payload) :text)))
+                           (if (and p (stringp p)) p "Maintain metabolic stasis."))))
+         (reflection-feedback (if rejection-trace
+                                  (format nil "~%~%PREVIOUS PROPOSAL REJECTED: ~a" rejection-trace)
+                                  ""))
+         (standing-mandates-text (let ((out ""))
+                                   (dolist (fn *standing-mandates*)
+                                     (let ((text (ignore-errors (funcall fn context))))
+                                       (when (and text (stringp text) (> (length text) 0))
+                                         (setf out (concatenate 'string out text (string #\Newline))))))
+                                   (when (> (length out) 0) out)))
+         (identity-content (if (fboundp 'agent-identity)
+                               (agent-identity)
+                               ""))
+         (config-section (if (fboundp 'assemble-config-section)
+                             (assemble-config-section)
+                             ""))
+         (time-section (if (fboundp 'sensor-time-duration)
+                           (format-time-for-llm
+                            :session-duration-seconds (funcall (symbol-function 'session-duration)))
+                           (if (fboundp 'format-time-for-llm)
+                               (format-time-for-llm)
+                               "")))
+         (system-prompt (if (fboundp 'prompt-prefix-cached)
+                            (let* ((prefix (prompt-prefix-cached assistant-name identity-content
+                                                                  reflection-feedback
+                                                                  standing-mandates-text tool-belt)))
+                              (if (fboundp 'enforce-token-budget)
+                                  (multiple-value-bind (pfx ctxt logs _ mandates)
+                                      (enforce-token-budget prefix global-context system-logs
+                                                            raw-prompt standing-mandates-text)
+                                    (declare (ignore _))
+                                    (setf standing-mandates-text mandates)
+                                    (format nil "~a~%~%~a~%~%~a~%~%CONTEXT:~%~a~%~%LOGS:~%~a"
+                                            time-section config-section pfx (or ctxt "") logs))
+                                  (format nil "~a~%~%~a~%~%~a~%~%CONTEXT:~%~a~%~%LOGS:~%~a"
+                                          time-section config-section prefix (or global-context "") system-logs)))
+                            (format nil "~a~%~%~a~%~%IDENTITY: ~a~a~a~a~%~%TOOLS:~%~a~%~%CONTEXT:~%~a~%~%LOGS:~%~a"
+                                    time-section config-section
+                                    assistant-name identity-content reflection-feedback
+                                    (if standing-mandates-text
+                                        (concatenate 'string (string #\Newline) standing-mandates-text)
+                                        "")
+                                    tool-belt (or global-context "") system-logs))))
+    (values system-prompt raw-prompt reply-stream)))
+
+(defun think-call-llm (raw-prompt system-prompt reply-stream context)
+  "Phase 4 of the metabolic cycle: call the LLM via streaming or batch cascade.
+Returns the raw LLM response (string or plist with :tool-calls)."
+  ;; v0.5.0 deferred: budget enforcement — refuse calls when cap is exhausted
+  (when (and (fboundp 'budget-exhausted-p) (budget-exhausted-p))
+    (return-from think-call-llm (budget-exhaustion-message)))
+  (if (and reply-stream (fboundp 'cascade-stream))
+      (let ((acc (make-string-output-stream)))
+        (funcall 'cascade-stream raw-prompt system-prompt
+                 (lambda (delta)
+                   (when reply-stream
+                     (format reply-stream "~a"
+                             (frame-message (list :type :stream-chunk
+                                                  :payload (list :text delta))))
+                     (finish-output reply-stream))
+                   (write-string delta acc)))
+        (get-output-stream-string acc))
+      (backend-cascade-call raw-prompt
+                            :system-prompt system-prompt
+                            :context context)))
+
+(defun think-parse-response (thought)
+  "Phases 5-7 of the metabolic cycle: cost tracking + response parsing.
+Returns an action plist ready for cognitive-verify."
+  (let ((tool-calls (and (listp thought) (getf thought :tool-calls))))
+    (when (and (fboundp 'cost-track-backend-call)
+               (stringp thought)
+               (or (null tool-calls)))
+      (ignore-errors
+        (cost-track-backend-call (first *provider-cascade*)
+                                 thought)))
+    (if tool-calls
+        (let* ((first-call (car tool-calls))
+               (tool-name (getf first-call :name))
+               (args (getf first-call :arguments))
+               (args-plist (json-alist-to-plist args)))
+          (list :TYPE :REQUEST
+                :PAYLOAD (list* :TOOL tool-name
+                                :ARGS args-plist
+                                :EXPLANATION "Generated by function-calling engine.")))
+        (let* ((cleaned (if (and (listp thought) (getf thought :type))
+                           (format nil "~a" (getf (getf thought :payload) :text))
+                           (markdown-strip thought))))
+          (if (and cleaned (stringp cleaned) (> (length cleaned) 0)
+                   (or (char= (char cleaned 0) #\() (char= (char cleaned 0) #\[)))
+              (handler-case
+                  (let ((parsed (let ((*read-eval* nil)) (read-from-string cleaned))))
+                    (if (listp parsed)
+                        (let ((normalized (plist-keywords-normalize parsed)))
+                          (let ((payload (proto-get normalized :payload)))
+                            (if (and payload (proto-get payload :explanation))
+                                normalized
+                                (let ((new-payload (list* :EXPLANATION "Generated by the Probabilistic engine."
+                                                          (if (listp payload) payload nil))))
+                                  (list* :PAYLOAD new-payload
+                                         (loop for (k v) on normalized by #'cddr
+                                               unless (eq k :PAYLOAD)
+                                               collect k collect v))))))
+                        (list :TYPE :REQUEST :PAYLOAD
+                              (list :ACTION :MESSAGE :TEXT cleaned
+                                    :EXPLANATION "Generated by the Probabilistic engine."))))
+                (error ()
+                  (list :TYPE :REQUEST :PAYLOAD
+                        (list :ACTION :MESSAGE :TEXT cleaned
+                              :EXPLANATION "Generated by the Probabilistic engine."))))
+              (list :TYPE :REQUEST :PAYLOAD
+                    (list :ACTION :MESSAGE
+                          :TEXT (if (stringp cleaned) cleaned "No response")
+                          :EXPLANATION "Generated by the Probabilistic engine.")))))))
+
+(defun think (context)
+  "The probabilistic reasoning engine — orchestrates prompt assembly, LLM call,
+and response parsing into an action plist for cognitive-verify."
+  (when (fboundp 'snapshot-memory)
+    (snapshot-memory))
+  (multiple-value-bind (system-prompt raw-prompt reply-stream)
+      (think-assemble-prompt context)
+    (let ((thought (think-call-llm raw-prompt system-prompt reply-stream context)))
+      (think-parse-response thought))))
+#+end_src
+
+** JSON-to-Plist Conversion (json-alist-to-plist)
+
+Converts a JSON alist as returned by ~cl-json:decode-json-from-string~ to a keyword-prefixed plist — the internal data format that ~cognitive-verify~ and the actuator layer expect. This is the boundary where the probabilistic layer's output format (JSON) meets the deterministic layer's input format (plists).
+
+String keys are interned as upcased keywords (~"action" → :ACTION~). Nested alists recurse. JSON arrays (lists whose first element is an atom) pass through unchanged since the actuator layer handles list arguments natively.
+
+#+begin_src lisp
+(defun json-alist-to-plist (alist)
+  "Convert a JSON alist to a keyword-prefixed plist."
+  (when (listp alist)
+    (loop for (key . value) in alist
+          append (list (intern (string-upcase (string key)) :keyword)
+                       (if (listp value)
+                           (if (consp (car value))
+                               (json-alist-to-plist value)
+                               value)
+                           value)))))
+#+end_src
+
+** Deterministic Engine (cognitive-verify)
+
+The deterministic engine is the strict guard. It receives a proposed action from the probabilistic engine and runs it through every registered deterministic gate, sorted by priority.
+
+**Gate Trace (v0.4.0)**
+
+As part of v0.4.0's TUI differentiator visualizations, ~cognitive-verify~ now accumulates a ~:gate-trace~ — a list of ~(:gate <name> :result <:passed|:blocked|:approval>)~ entries — as each deterministic gate processes the action. The trace is prepended to the result plist via ~list*~ and flows through the pipeline to the TUI actuator, which transmits it to the client.
+
+This is Passepartout's permanent UX advantage: no competitor can ship a gate trace because none has deterministic gates to trace. Claude Code, OpenClaw, and Hermes Agent all use prompt-based guardrails where the safety decision is invisible. In Passepartout, the user sees exactly which nine safety gates ran, what each decided, and why — all at 0 LLM tokens.
+
+Skills register deterministic gates via ~defskill~ with the ~:deterministic~ keyword. Each gate is a function that receives (action context) and returns either:
+- A modified action (the gate approves or adjusts the proposal)
+- A LOG or EVENT plist (the gate rejects the proposal with a reason)
+
+Gates run in priority order, highest first. If any gate returns a LOG or EVENT, the proposal is rejected immediately and the rejection reason flows back to the probabilistic engine via the rejection trace. If all gates pass, the proposal is approved.
+
+This architecture makes safety compositional: each skill adds one constraint. The dispatcher checks secrets. The policy checks explanations. The shell actuator checks destructive commands. No single skill needs to understand the full security model.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun cognitive-verify (proposed-action context)
+  "Runs all registered deterministic gates against the proposed action,
+sorted by priority (highest first). Returns a rejection plist or the action."
+  (let ((current-action (copy-tree proposed-action))
+        (approval-needed nil)
+        (approval-action nil)
+        (gates nil)
+        (gate-trace nil))
+    ;; Collect gates sorted by priority (highest first)
+    (maphash (lambda (name skill)
+               (declare (ignore name))
+               (when (skill-deterministic-fn skill)
+                 (push (cons (skill-priority skill) (cons (skill-name skill) (skill-deterministic-fn skill))) gates)))
+             *skill-registry*)
+    (setf gates (sort gates #'> :key #'car))
+    (dolist (gate-entry gates)
+      (let* ((gate-name (cadr gate-entry))
+             (result (funcall (cddr gate-entry) current-action context)))
+        (cond
+          ((eq (getf result :level) :approval-required)
+           (push (list :gate (or gate-name (car gate-entry)) :result :approval) gate-trace)
+           (setf approval-needed t
+                 approval-action (getf (getf result :payload) :action)))
+           ((member (getf result :type) '(:LOG :EVENT))
+            (push (list :gate (or gate-name (car gate-entry)) :result :blocked) gate-trace)
+            (let ((blocked-result (copy-list result)))
+              (setf (getf blocked-result :gate-trace) (nreverse gate-trace))
+              (return-from cognitive-verify blocked-result)))
+          ((and (listp result) result)
+           (push (list :gate (or gate-name (car gate-entry)) :result :passed) gate-trace)
+           (setf current-action result)))))
+    (if approval-needed
+        (list :type :EVENT :level :approval-required
+              :gate-trace (nreverse gate-trace)
+              :payload (list :sensor :approval-required
+                             :action approval-action))
+        (let ((passed-result (copy-tree current-action)))
+          (setf (getf passed-result :gate-trace) (nreverse gate-trace))
+          passed-result))))
+#+end_src
+
+** Reason Gate (Stage 2)
+
+The reason gate is the pipeline stage that orchestrates Think + Determine. It receives a signal, checks if it requires reasoning (only ~:user-input~ and ~:chat-message~ events do), and runs through the cognitive + verification loop.
+
+The loop has retry logic: up to 3 attempts. If the deterministic engine rejects a proposal, the rejection reason is fed back into the next think call so the LLM can self-correct. This loop — propose, reject, correct, re-propose — is the core mechanism by which the agent improves its own output without human intervention.
+
+The retry limit prevents infinite loops. If the LLM cannot produce a passable proposal within 3 attempts, the last rejection reason is attached to the signal and the acted pipeline sees a failed reasoning cycle.
+
+*** loop-gate-reason
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun loop-gate-reason (signal)
+  (let* ((type (proto-get signal :type))
+         (payload (proto-get signal :payload))
+         (sensor (proto-get payload :sensor)))
+    (unless (and (eq type :EVENT) (member sensor '(:user-input :chat-message)))
+      (return-from loop-gate-reason signal))
+    (let ((retries 3)
+          (current-signal (copy-tree signal))
+          (last-rejection nil))
+      (loop
+        (when (<= retries 0)
+          (setf (getf signal :approved-action) last-rejection)
+          (setf (getf signal :status) :reasoned)
+          (return signal))
+        (when last-rejection
+          (setf (getf (getf current-signal :payload) :rejection-trace) last-rejection))
+        (let ((candidate (think current-signal)))
+           (if (and candidate (listp candidate))
+               (let ((verified (cognitive-verify candidate current-signal)))
+                 ;; Approval-required is not a rejection — pass to act for Flight Plan
+                 (if (eq (getf verified :level) :approval-required)
+                     (progn
+                       (setf (getf signal :approved-action) verified)
+                       (setf (getf signal :status) :requires-approval)
+                       (return signal))
+                     ;; Hard rejection: retry with feedback
+                     (if (member (getf verified :type) '(:LOG :EVENT))
+                         (progn (decf retries) (setf last-rejection verified))
+                         (progn
+                           (setf (getf signal :approved-action) verified)
+                           (setf (getf signal :status) :reasoned)
+                           (return signal)))))
+              (progn
+                (setf (getf signal :approved-action) nil)
+                (setf (getf signal :status) :reasoned)
+                (return signal))))))))
+#+end_src
+
+*** reason-gate (backward-compatibility alias)
+
+The pipeline gate was originally named ~reason-gate~. Code that still
+uses the old name can call this alias. New code should call
+~loop-gate-reason~.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun reason-gate (signal)
+  (loop-gate-reason signal))
+#+end_src
+
+* Test Suite
+Verifies that the deterministic engine correctly rejects unsafe actions (like ~rm -rf /~) while allowing safe ones.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-pipeline-reason-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:pipeline-reason-suite))
+
+(in-package :passepartout-pipeline-reason-tests)
+
+(def-suite pipeline-reason-suite :description "Test suite for Reason pipeline")
+(in-suite pipeline-reason-suite)
+
+(test test-decide-gate-safety
+  "Contract 1: cognitive-verify blocks unsafe actions with :LOG rejection."
+  (clrhash passepartout::*skill-registry*)
+  (passepartout::defskill :mock-safety
+    :priority 50
+    :trigger (lambda (ctx) (declare (ignore ctx)) t)
+    :deterministic (lambda (action ctx)
+                    (declare (ignore ctx))
+                    (if (search "rm -rf" (format nil "~s" action))
+                        (list :type :LOG :payload (list :text "Rejected"))
+                        action)))
+  (let* ((candidate '(:type :REQUEST :payload (:action :shell :cmd "rm -rf /")))
+         (signal '(:type :EVENT :payload (:sensor :user-input)))
+         (result (cognitive-verify candidate signal)))
+    (is (eq :LOG (getf result :type)))))
+
+(test test-cognitive-verify-pass-through
+  "Contract 1: safe actions pass through cognitive-verify unchanged."
+  (clrhash passepartout::*skill-registry*)
+  (passepartout::defskill :mock-passthrough
+    :priority 50
+    :trigger (lambda (ctx) (declare (ignore ctx)) t)
+    :deterministic (lambda (action ctx)
+                    (declare (ignore ctx))
+                    action))
+  (let* ((candidate '(:type :REQUEST :payload (:action :shell :cmd "echo hello")))
+         (signal '(:type :EVENT :payload (:sensor :user-input)))
+         (result (cognitive-verify candidate signal)))
+    (is (eq :REQUEST (getf result :type)))
+    (is (equal (getf candidate :payload) (getf result :payload)))
+    (is (getf result :gate-trace))))
+
+(test test-cognitive-verify-empty-registry
+  "Contract 1: with no gates registered, action passes through unchanged."
+  (clrhash passepartout::*skill-registry*)
+  (let* ((candidate '(:type :REQUEST :payload (:action :shell :cmd "ls")))
+         (signal '(:type :EVENT :payload (:sensor :user-input)))
+         (result (cognitive-verify candidate signal)))
+    (is (eq :REQUEST (getf result :type)))
+    (is (equal (getf candidate :payload) (getf result :payload)))))
+
+(test test-cognitive-verify-approval-required
+  "Contract 1: gate returning :approval-required produces an approval event."
+  (clrhash passepartout::*skill-registry*)
+  (passepartout::defskill :mock-approval
+    :priority 50
+    :trigger (lambda (ctx) (declare (ignore ctx)) t)
+    :deterministic (lambda (action ctx)
+                    (declare (ignore ctx))
+                    (list :type :EVENT :level :approval-required
+                          :payload (list :action action))))
+  (let* ((candidate '(:type :REQUEST :payload (:action :shell :cmd "sudo reboot")))
+         (signal '(:type :EVENT :payload (:sensor :user-input)))
+         (result (cognitive-verify candidate signal)))
+    (is (eq :approval-required (getf result :level)))
+    (is (eq :EVENT (getf result :type)))))
+
+(test test-loop-gate-reason-passthrough
+  "Contract 2: non-user-input sensors pass through loop-gate-reason unchanged."
+  (let* ((signal '(:type :EVENT :payload (:sensor :heartbeat) :meta (:source :system)))
+         (result (loop-gate-reason signal)))
+    (is (not (null result)))))
+
+(test test-loop-gate-reason-sets-status
+  "Contract 2: loop-gate-reason sets :status on :user-input signals."
+  (clrhash passepartout::*skill-registry*)
+  (let* ((passepartout::*provider-cascade* nil)
+         (signal (list :type :EVENT :payload (list :sensor :user-input :text "test")))
+         (result (loop-gate-reason signal)))
+    (is (member (getf result :status) '(:reasoned :requires-approval)))))
+
+(test test-backend-cascade-no-backends
+  "Contract 4: empty cascade returns :LOG failure."
+  (let* ((passepartout::*provider-cascade* nil)
+         (passepartout::*probabilistic-backends* (make-hash-table :test 'equal))
+         (result (backend-cascade-call "test" :cascade '())))
+    (is (eq :LOG (getf result :type)))
+    (is (search "exhausted" (getf (getf result :payload) :text) :test #'char-equal))))
+
+(test test-backend-cascade-with-mock
+  "Contract 4: backend-cascade-call returns content from first successful backend."
+  (let ((passepartout::*probabilistic-backends* (make-hash-table :test 'equal)))
+    (setf (gethash :mock-backend passepartout::*probabilistic-backends*)
+          (lambda (prompt sp &key model)
+            (declare (ignore prompt sp model))
+            (list :status :success :content "mock-response")))
+    (let ((result (backend-cascade-call "hello" :cascade '(:mock-backend))))
+      (is (string= "mock-response" result)))))
+
+(test test-read-eval-rce-blocked
+  "Contract 1/v0.3.1: #. reader macro in LLM output must not execute arbitrary code."
+  (let ((passepartout::*probabilistic-backends* (make-hash-table :test 'equal))
+        (passepartout::*provider-cascade* '(:mock-evil)))
+    (setf (gethash :mock-evil passepartout::*probabilistic-backends*)
+          (lambda (prompt sp &key model)
+            (declare (ignore prompt sp model))
+            (list :status :success :content "(#.(setf passepartout::*v031-rce-test* :PWNED))")))
+    (setf passepartout::*v031-rce-test* nil)
+    (setf *read-eval* t)
+    (let* ((ctx (list :type :EVENT :payload (list :sensor :user-input :text "test") :depth 0))
+           (result (passepartout::think ctx)))
+      (is (not (eq passepartout::*v031-rce-test* :PWNED)))
+      (is (eq :REQUEST (getf result :TYPE)))
+       (setf *read-eval* nil))))
+
+(test test-json-alist-to-plist-simple
+  "Contract 5: converts simple alist to keyword plist."
+  (let ((alist (list (cons "action" "shell") (cons "cmd" "echo hello"))))
+    (let ((result (json-alist-to-plist alist)))
+      (is (eq :ACTION (first result)))
+      (is (string= "shell" (second result)))
+      (is (eq :CMD (third result)))
+      (is (string= "echo hello" (fourth result))))))
+
+(test test-json-alist-to-plist-nested
+  "Contract 5: nested alists recurse into nested plists."
+  (let ((alist (list (cons "tool" "write-file")
+                     (cons "args" (list (cons "filepath" "/tmp/x")
+                                        (cons "content" "hi"))))))
+    (let ((result (json-alist-to-plist alist)))
+      (is (eq :TOOL (first result)))
+      (is (eq :ARGS (third result)))
+      (let ((inner (fourth result)))
+        (is (eq :FILEPATH (first inner)))
+        (is (string= "/tmp/x" (second inner)))
+        (is (eq :CONTENT (third inner)))))))
+
+(test test-json-alist-to-plist-array-passthrough
+  "Contract 5: JSON arrays pass through unchanged."
+  (let ((alist (list (cons "names" (list "alice" "bob")))))
+    (let ((result (json-alist-to-plist alist)))
+      (is (eq :NAMES (first result)))
+      (is (equal (list "alice" "bob") (second result))))))
+
+(test test-json-alist-to-plist-null
+  "Contract 5: nil passes through unchanged."
+  (let ((result (json-alist-to-plist nil)))
+    (is (null result))))
+
+(test test-json-alist-to-plist-scalar
+  "Contract 5: scalar values pass through."
+  (let ((alist (list (cons "count" 42) (cons "active" :true))))
+    (let ((result (json-alist-to-plist alist)))
+      (is (eq :COUNT (first result)))
+      (is (= 42 (second result)))
+      (is (eq :ACTIVE (third result)))
+      (is (eq :true (fourth result))))))
+
+(test test-assemble-config-section
+  "Contract v0.7.2: config section contains Passepartout and version."
+  (let ((section (passepartout::assemble-config-section)))
+    (is (stringp section))
+    (is (search "Passepartout" section))
+    (is (search "v0.7.2" section))
+    (is (search "Security gates" section))))
+
+(test test-think-snapshots-before-llm
+  "Contract v0.7.2: think() snapshots memory before LLM call."
+  (let ((passepartout::*memory-snapshots* nil)
+        (passepartout::*memory-store* (make-hash-table :test 'equal)))
+    (setf (gethash "pre" passepartout::*memory-store*) "value")
+    (let ((passepartout::*probabilistic-backends* (make-hash-table :test 'equal))
+          (passepartout::*provider-cascade* nil))
+      (handler-case
+          (let* ((ctx (list :type :EVENT :payload (list :sensor :user-input :text "hi") :depth 0))
+                 (result (passepartout::think ctx)))
+            (declare (ignore result)))
+        (error (c) (format nil "Expected: ~a" c)))
+      (is (>= (length passepartout::*memory-snapshots*) 0)))))
+#+end_src
--- a/org/core-skills.org
+++ b/org/core-skills.org
@@ -0,0 +1,527 @@
+#+TITLE: The Skill Engine (skills.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :org:skills:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-skills.lisp
+
+* Overview: Architectural Intent
+
+The Skill Engine is the dynamic loading and lifecycle manager for all Passepartout skills. It discovers skill files in the skills directory, resolves their dependency order, loads them into jailed packages, and exports their public symbols into the ~passepartout~ package.
+
+** Late-Binding Intelligence
+
+Hardcoding logic into a compiled binary creates a brittle kernel. Every time you add a capability, you must recompile, restart, and re-deploy. Skills solve this by being:
+
+1. **Discovered at boot** — the engine scans a directory for skill files and loads whatever it finds. No registration step needed.
+2. **Dependency-ordered** — skills declare dependencies via ~#+DEPENDS_ON:~ headers. The topological sort ensures they load in the right order.
+3. **Hot-reloadable** — a skill can be replaced at runtime without restarting the daemon. The new version is compiled into a fresh jail package and swapped in.
+4. **Self-documenting** — each skill is a single Org file containing prose, code, metadata, and tests. The "Why" and the "How" are unified.
+
+** The Jailed Package Model
+
+Every skill loads into its own package (e.g., ~PASSEPARTOUT.SKILLS.SECURITY-DISPATCHER~). This prevents name conflicts between skills — two skills can define a function called ~process~ without collision, because each lives in its own namespace.
+
+After loading, the engine exports the skill's public symbols into the ~passepartout~ package, making them available to other skills and the org. The export filter uses the skill's short name as a prefix — for example, the Security Dispatcher exports only symbols starting with ~DISPATCHER-~.
+
+This is how the "thin org, fat skills" principle works in practice: the org provides the loading infrastructure; the skills provide all the intelligence.
+
+** Contract
+
+1. (lisp-syntax-validate code-string): returns T if the Lisp code is
+   structurally valid, nil if reader errors are detected.
+2. (skill-topological-sort dir): reads org files in a directory, parses
+   ~#+DEPENDS_ON:~ declarations, returns files sorted such that
+   dependencies come before dependents.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+
+(defvar *VAULT-MEMORY* (make-hash-table :test 'equal))
+#+end_src
+
+** Utility functions
+
+Helper functions used by the skill loader and other components.
+
+*** Cosine similarity
+
+Computes the cosine similarity between two numeric vectors. Used by the peripheral vision system for semantic relevance scoring — if the agent's current focus has a vector embedding, objects with similar embeddings get promoted to foveal detail.
+
+#+begin_src lisp
+(defun vector-cosine-similarity (v1 v2)
+  "Computes cosine similarity between two vectors."
+  (let* ((len1 (length v1)) (len2 (length v2)))
+    (if (or (zerop len1) (zerop len2))
+        0.0
+        (let* ((dot 0.0d0) (n1 0.0d0) (n2 0.0d0))
+          (dotimes (i (min len1 len2))
+            (let* ((x (coerce (elt v1 i) 'double-float)) (y (coerce (elt v2 i) 'double-float)))
+              (incf dot (* x y)) (incf n1 (* x x)) (incf n2 (* y y))))
+          (if (or (zerop n1) (zerop n2)) 0.0 (/ dot (sqrt (* n1 n2))))))))
+#+end_src
+
+** Skill data structures
+
+The ~skill~ struct holds all metadata about a loaded skill: its name, priority, dependencies, trigger function, probabilistic prompt generator, and deterministic gate. The ~skill-entry~ struct tracks the loading state of each discovered skill file.
+
+#+begin_src lisp
+(defstruct skill name priority dependencies trigger-fn probabilistic-prompt deterministic-fn)
+#+end_src
+
+#+begin_src lisp
+(defvar *skill-catalog* (make-hash-table :test 'equal)
+  "Tracks all discovered skill files and their loading state.")
+#+end_src
+
+#+begin_src lisp
+(defvar *standing-mandates* nil
+  "List of functions (context) → string-or-nil. Each is called on every think() cycle.
+When non-nil, the returned string is injected into the IDENTITY section of the system prompt.
+Unlike skills (which activate on triggers), standing mandates are always consulted.")
+#+end_src
+
+#+begin_src lisp
+(defstruct skill-entry filename (status :discovered) error-log (load-time 0))
+#+end_src
+
+** Skill discovery (skill-triggered-find)
+
+Iterates the registry and returns the highest-priority skill whose trigger function matches the current context. Only skills with a probabilistic prompt are considered (purely deterministic skills don't need LLM attention).
+
+This is how the system determines which skill "owns" the current user input. For example, if the REPL skill's trigger matches the input, the REPL skill provides the prompt template that shapes how the LLM responds.
+
+#+begin_src lisp
+;; Alias: find-triggered-skill → skill-triggered-find
+(defun find-triggered-skill (context)
+  (skill-triggered-find context))
+
+(defun skill-triggered-find (context)
+  "Returns the highest priority skill whose trigger matches context."
+  (let ((triggered nil))
+    (maphash (lambda (name skill) 
+               (declare (ignore name)) 
+               (when (and (skill-probabilistic-prompt skill)
+                          (ignore-errors (funcall (skill-trigger-fn skill) context)))
+                 (push skill triggered))) 
+               *skill-registry*)
+    (first (sort triggered #'> :key #'skill-priority))))
+#+end_src
+
+** Standing Mandates
+
+Standing mandates are cross-cutting instructions injected into every LLM system prompt. They live in ~*standing-mandates*~, a list of functions ~(context) → string-or-nil~. Each is called on every reasoning cycle; nil results are skipped.
+
+This is the mechanism for always-on behavioral instructions. Skills call their registered trigger function to determine if they should activate for a given context; standing mandates always run and decide themselves whether to contribute text. Use ~push~ to register:
+
+#+begin_example
+(push #'my-mandate *standing-mandates*)
+#+end_example
+
+** Skill registration macro (defskill)
+
+The primary API for skills. Each skill file calls this once to register itself. The macro creates a ~skill~ struct and stores it in ~*skill-registry*~ keyed by the skill's name.
+
+#+begin_src lisp
+(defmacro defskill (name &key priority dependencies trigger probabilistic deterministic)
+  "Registers a new skill. NAME is a keyword. TRIGGER is a function (context) → bool."
+  `(setf (gethash (string-downcase (string ,name)) *skill-registry*)
+         (make-skill :name (string-downcase (string ,name)) 
+                    :priority (or ,priority 10) 
+                    :dependencies ',dependencies
+                    :trigger-fn ,trigger 
+                    :probabilistic-prompt ,probabilistic 
+                    :deterministic-fn ,deterministic)))
+#+end_src
+
+** Dependency resolution (skill-dependencies-resolve)
+
+Recursively resolves all transitive dependencies for a given skill, returning an ordered list. Uses a standard graph traversal with a ~seen~ set to prevent infinite recursion from circular dependencies.
+
+#+begin_src lisp
+(defun skill-dependencies-resolve (skill-name)
+  "Resolves transitive dependencies. Returns list of skill names in dependency order."
+  (let ((resolved nil) (seen nil))
+    (labels ((visit (name) 
+               (unless (member name seen :test #'equal) 
+                 (push name seen)
+                 (let ((skill (gethash (string-downcase (string name)) *skill-registry*)))
+                   (when skill 
+                     (dolist (dep (skill-dependencies skill)) (visit dep))))
+                 (push name resolved))))
+      (visit skill-name) 
+      (nreverse resolved))))
+#+end_src
+
+** Skill File Analysis (skill-metadata-parse)
+
+Extracts the ~:ID~ and ~#+DEPENDS_ON:~ declarations from a skill's Org file. Used by the topological sorter to order skills correctly.
+
+#+begin_src lisp
+(defun skill-metadata-parse (filepath)
+  "Extracts ID and DEPENDS_ON tags from org file."
+  (let ((dependencies nil) (id nil) (content (uiop:read-file-string filepath)))
+    (let ((id-start (search ":ID:" content)))
+      (when id-start
+        (let ((id-end (position #\Newline content :start id-start)))
+          (when id-end (setf id (string-trim " " (subseq content (+ id-start 4) id-end)))))))
+    (let ((pos 0))
+      (loop while (setf pos (search "#+DEPENDS_ON:" content :start2 pos))
+            do (let ((end (position #\Newline content :start pos)))
+              (when end
+                (let ((line (string-trim " " (subseq content (+ pos 13) end))))
+                  (dolist (d (uiop:split-string line :separator '(#\Space #\Tab)))
+                    (unless (string= d "") (push d dependencies))))
+                (setf pos end)))))
+    (values id (reverse dependencies))))
+#+end_src
+
+** Dependency Resolution (skill-topological-sort)
+
+Returns a list of skill filepaths sorted by dependency order. Uses Kahn's algorithm: collect all files, build an adjacency graph from ~#+DEPENDS_ON:~ declarations, and topologically sort them. Skills with no dependencies are sorted alphabetically.
+
+Both ~.org~ and ~.lisp~ files are included. For each skill, the ~.org~ file supplies the dependency metadata; if a ~.lisp~ file exists, it's loaded instead of tangling from the ~.org~ at load time.
+
+#+begin_src lisp
+(defun skill-topological-sort (skills-dir)
+  "Returns a list of skill filepaths sorted by dependency."
+  (let* ((org-files (uiop:directory-files skills-dir "*.org"))
+         (lisp-files (uiop:directory-files skills-dir "*.lisp"))
+         (all-files (append org-files lisp-files))
+         (files (remove-if (lambda (f)
+                             (let ((n (pathname-name f)))
+                                (or (string= n "core-package")
+                                    (string= n "core-skills")
+                                    (string= n "core-transport")
+                                    (string= n "core-memory")
+                                    (string= n "core-perceive")
+                                    (string= n "core-reason")
+                                    (string= n "core-act")
+                                    (string= n "core-pipeline")
+                                    (string= n "core-manifest")
+                                    (string= n "neuro-router")
+                                    (string= n "neuro-explorer")
+                                    (string= n "channel-tui"))))
+                           all-files))
+        (adj (make-hash-table :test 'equal))
+        (name-to-file (make-hash-table :test 'equal))
+        (id-to-file (make-hash-table :test 'equal))
+        (result nil)
+        (visited (make-hash-table :test 'equal))
+        (stack (make-hash-table :test 'equal)))
+    (dolist (file files)
+      (let ((filename (pathname-name file)))
+        (if (uiop:string-suffix-p (namestring file) ".lisp")
+            (progn
+              (setf (gethash (string-downcase filename) name-to-file) file)
+              (unless (gethash (string-downcase filename) adj)
+                (setf (gethash (string-downcase filename) adj) nil)))
+            (multiple-value-bind (id deps) (skill-metadata-parse file)
+              (setf (gethash (string-downcase filename) name-to-file) file)
+              (when id (setf (gethash (string-downcase id) id-to-file) file))
+              (setf (gethash (string-downcase filename) adj) deps)))))
+    (labels ((visit (file)
+               (let* ((filename (pathname-name file))
+                      (node-key (string-downcase filename)))
+                 (unless (gethash node-key visited)
+                   (setf (gethash node-key stack) t)
+                   (dolist (dep (gethash node-key adj))
+                     (let* ((is-id-p (uiop:string-prefix-p "id:" (string-downcase dep)))
+                            (dep-key (string-downcase (if is-id-p (subseq dep 3) dep)))
+                            (dep-file (if is-id-p 
+                                          (gethash dep-key id-to-file)
+                                          (or (gethash dep-key id-to-file)
+                                              (gethash dep-key name-to-file)))))
+                       (when dep-file
+                         (let ((dep-filename (pathname-name dep-file)))
+                           (if (gethash (string-downcase dep-filename) stack)
+                               (error "Circular dependency detected")
+                               (visit dep-file))))))
+                   (setf (gethash node-key stack) nil)
+                   (setf (gethash node-key visited) t)
+                   (push file result)))))
+      (let ((filenames (sort (mapcar #'pathname-name files) #'string<)))
+        (dolist (name filenames)
+          (let ((file (gethash (string-downcase name) name-to-file)))
+            (when file (visit file)))))
+      (nreverse result))))
+#+end_src
+
+** Jailed Loading (skill-load-from-org)
+
+The primary skill loader. Given a path to an ~.org~ file:
+
+1. Reads the Org file and collects all ~#+begin_src lisp~ blocks (excluding test blocks and blocks with ~:tangle no~)
+2. Validates the Lisp syntax before loading
+3. Creates a jailed package named after the skill (e.g., ~PASSEPARTOUT.SKILLS.SECURITY-DISPATCHER~) with ~:use :passepartout~
+4. Evaluates the collected Lisp forms in that package
+5. Scans the package for symbols matching the skill's name prefix and exports them to the ~passepartout~ package
+
+The validation step is critical: invalid Lisp in an org block would crash the loader. The validator uses ~read~ with ~*read-eval*~ bound to nil to safely detect syntax errors without evaluating.
+
+#+begin_src lisp
+(defun lisp-syntax-validate (code-string)
+  "Checks if a string contains valid Common Lisp forms."
+  (handler-case
+      (let ((*read-eval* nil))
+        (with-input-from-string (s (format nil "(progn ~a)" code-string))
+          (loop for form = (read s nil :eof) until (eq form :eof)))
+        (values t nil))
+    (error (c) (values nil (format nil "~a" c)))))
+
+(defun skill-package-forms-strip (code-string)
+  "Removes (in-package :passepartout) forms only — preserves test-package
+declarations so embedded test code evaluates in the correct package."
+  (let ((lines (uiop:split-string code-string :separator '(#\Newline)))
+        (result ""))
+    (dolist (line lines)
+      (let ((trimmed (string-trim '(#\Space #\Tab) line)))
+        (if (uiop:string-prefix-p "(in-package :passepartout)" trimmed)
+            (setf result (concatenate 'string result (string #\Newline)))
+            (setf result (concatenate 'string result line (string #\Newline))))))
+    result))
+
+(defun tangle-target-extract (line)
+  "Extracts the value of the :tangle header."
+  (let ((pos (search ":tangle" line)))
+    (when pos
+      (let ((rest (string-tirm '(#\Space #\Tab) (subseq line (+ pos 7)))))
+        (let ((end (position #\Space rest)))
+          (if end (subseq rest 0 end) rest))))))
+
+(defun load-skill-from-org (filepath)
+  "Parses and evaluates Lisp blocks from an Org file."
+  (let* ((skill-base-name (pathname-name filepath))
+         (entry (or (gethash skill-base-name *skill-catalog*) (setf (gethash skill-base-name *skill-catalog*) (make-skill-entry :filename skill-base-name)))))
+    (setf (skill-entry-status entry) :loading)
+    (handler-case
+        (let* ((content (uiop:read-file-string filepath))
+               (lines (uiop:split-string content :separator '(#\Newline)))
+               (in-lisp-block nil) (collect-this-block nil) (lisp-code "")
+               (pkg-name (intern (string-upcase (format nil "PASSEPARTOUT.SKILLS.~a" skill-base-name)) :keyword)))
+          (dolist (line lines)
+            (let ((clean-line (string-trim '(#\Space #\Tab #\Return) line)))
+              (cond
+                ((uiop:string-prefix-p "#+begin_src lisp" clean-line)
+                 (setf in-lisp-block t)
+                 (let ((target (tangle-target-extract clean-line)))
+                   (setf collect-this-block (or (null target)
+                                                (and (not (search "no" target))
+                                                     (not (search "/tests" target)))))))
+                ((uiop:string-prefix-p "#+end_src" clean-line)
+                 (setf in-lisp-block nil) (setf collect-this-block nil))
+                ((and in-lisp-block collect-this-block)
+                 (unless (or (uiop:string-prefix-p ":PROPERTIES:" (string-upcase clean-line))
+                              (uiop:string-prefix-p ":END:" (string-upcase clean-line))
+                              (uiop:string-prefix-p ":ID:" (string-upcase clean-line)))
+                   (setf lisp-code (concatenate 'string lisp-code line (string #\Newline))))))))
+          (if (= (length lisp-code) 0)
+              (setf (skill-entry-status entry) :ready)
+              (progn
+                (multiple-value-bind (valid-p err) (lisp-syntax-validate lisp-code)
+                  (unless valid-p (error err)))
+                ;; Pre-eval sandbox scan: block before any code executes
+                (multiple-value-bind (blocked-p blocked-syms)
+                    (skill-source-scan lisp-code)
+                  (when blocked-p
+                    (log-message "LOADER SANDBOX: Skill '~a' blocked before eval — references restricted symbol(s): ~{~a~^, ~}"
+                                 skill-base-name blocked-syms)
+                    (setf (skill-entry-status entry) :sandbox-blocked)
+                    (return-from load-skill-from-org nil)))
+                (unless (find-package pkg-name)
+                  (let ((new-pkg (make-package pkg-name :use '(:cl)))) (use-package :passepartout new-pkg)))
+                (let ((*read-eval* nil) (*package* (find-package pkg-name)))
+                  (log-message "LOADER: Evaluating code for '~a' in package ~a" skill-base-name (package-name *package*))
+                  (eval (read-from-string (format nil "(progn ~a)" lisp-code))))
+
+                (let ((target-pkg (find-package :passepartout))
+                      (exported 0)
+                      (seen (make-hash-table :test 'equal)))
+                  (do-symbols (sym (find-package pkg-name))
+                    (when (and (eq (symbol-package sym) (find-package pkg-name))
+                               (or (fboundp sym) (boundp sym))
+                               (not (gethash (symbol-name sym) seen)))
+                      (setf (gethash (symbol-name sym) seen) t)
+                      (incf exported)
+                      (let ((existing (find-symbol (symbol-name sym) target-pkg)))
+                        (when existing (unintern existing target-pkg)))
+                      (import sym target-pkg)
+                      (export sym target-pkg)))
+                  (log-message "LOADER: Exported ~a symbols from ~a to :PASSEPARTOUT"
+                               exported (package-name (find-package pkg-name))))
+
+                (setf (skill-entry-status entry) :ready)))
+          t)
+      (error (c)
+        (log-message "LOADER ERROR in skill '~a': ~a" skill-base-name c)
+        (setf (skill-entry-status entry) :failed) nil))))
+#+end_src
+
+** Sandbox Source Scan (skill-source-scan)
+
+Scans Lisp source text for references to restricted symbols before any
+code is evaluated. This prevents malicious skills from executing even a
+single form. The restricted symbols cover process spawning
+(~uiop:run-program~, ~uiop:shell~, ~uiop:run-shell-command~), thread
+creation (~bt:make-thread~), and
+socket operations (~usocket:socket-connect~, ~hunchentoot:start~).
+
+Returns two values: T/NIL (blocked-p) and a list of matched symbol names.
+The scan is a text-level regex check — it catches direct references but
+not obfuscated ones. The post-eval ~symbol-function~ comparison in
+~load-skill-from-lisp~ catches those.
+
+#+begin_src lisp
+(defvar *skill-restricted-symbols*
+  '("uiop:run-program" "uiop:shell" "uiop:run-shell-command"
+    "bt:make-thread" "bordeaux-threads:make-thread"
+    "usocket:socket-connect" "usocket:socket-listen"
+    "hunchentoot:start" "hunchentoot:accept-connections")
+  "Symbol patterns blocked from skill source code at load time.")
+
+(defun skill-source-scan (code-string)
+  "Scans CODE-STRING for restricted symbol references.
+Returns (values blocked-p matched-symbols)."
+  (let ((lower (string-downcase code-string))
+        (matches nil))
+    (dolist (pattern *skill-restricted-symbols*)
+      (when (search pattern lower)
+        (push pattern matches)))
+    (values (and matches t) (nreverse matches))))
+#+end_src
+
+** Loading from Pre-Tangled Lisp (skill-load-from-lisp)
+
+Loads a pre-tangled ~.lisp~ file directly, without parsing the Org source. This is faster than ~load-skill-from-org~ because it skips the block extraction and syntax validation (the Lisp was already validated when tangled).
+
+The same jailed package and symbol export process applies.
+
+The sandbox check runs *before* evaluation: the source text is scanned for references to restricted symbols (~uiop:run-program~, ~uiop:shell~, ~uiop:run-shell-command~, ~bt:make-thread~, ~usocket:socket-connect~, ~hunchentoot:start~). If the source references any restricted symbol, the skill is blocked immediately without executing any code. A post-eval secondary check catches indirect references (via ~symbol-function~ comparison).
+
+#+begin_src lisp
+(defun load-skill-from-lisp (filepath)
+  "Loads a .lisp skill file directly, filtering out in-package forms."
+  (let* ((skill-base-name (pathname-name filepath))
+         (entry (or (gethash skill-base-name *skill-catalog*) (setf (gethash skill-base-name *skill-catalog*) (make-skill-entry :filename skill-base-name)))))
+    (setf (skill-entry-status entry) :loading)
+    (handler-case
+        (let* ((content (skill-package-forms-strip (uiop:read-file-string filepath)))
+               (pkg-name (intern (string-upcase (format nil "PASSEPARTOUT.SKILLS.~a" skill-base-name)) :keyword)))
+          (multiple-value-bind (valid-p err) (lisp-syntax-validate content)
+            (unless valid-p (error err)))
+          ;; Pre-eval sandbox scan: block before any code executes
+          (multiple-value-bind (blocked-p blocked-syms)
+              (skill-source-scan content)
+            (when blocked-p
+              (log-message "LOADER SANDBOX: Skill '~a' blocked before eval — references restricted symbol(s): ~{~a~^, ~}"
+                           skill-base-name blocked-syms)
+              (setf (skill-entry-status entry) :sandbox-blocked)
+              (return-from load-skill-from-lisp nil)))
+          (unless (find-package pkg-name)
+            (let ((new-pkg (make-package pkg-name :use '(:cl)))) (use-package :passepartout new-pkg)))
+          (let ((*read-eval* nil) (*package* (find-package pkg-name)))
+            (log-message "LOADER: Loading .lisp skill '~a' in package ~a" skill-base-name (package-name *package*))
+            (with-input-from-string (s content)
+              (loop for form = (read s nil :eof) until (eq form :eof)
+                     do (handler-case (eval form)
+                          (error (c) (log-message "LOADER WARNING in '~a': ~a" skill-base-name c))))))
+           (let* ((jailed-pkg (find-package pkg-name))
+                  (restricted '("RUN-PROGRAM" "SHELL" "RUN-SHELL-COMMAND"))
+                  (violation (loop for r in restricted
+                                   for sym = (find-symbol r :uiop)
+                                   when (and sym (fboundp sym)
+                                             (loop for skill-sym being the symbols of jailed-pkg
+                                                   when (and (fboundp skill-sym)
+                                                             (eq (symbol-function skill-sym)
+                                                                 (symbol-function sym)))
+                                                   return skill-sym))
+                                   collect (format nil "~a" sym))))
+             (when violation
+               (log-message "LOADER SANDBOX: Skill '~a' blocked — references restricted symbol(s): ~{~a~^, ~}"
+                            skill-base-name violation)
+               (setf (skill-entry-status entry) :sandbox-blocked)
+               (return-from load-skill-from-lisp nil))
+             (log-message "LOADER SANDBOX: Skill '~a' passed sandbox check" skill-base-name))
+           (let ((target-pkg (find-package :passepartout))
+                 (exported 0)
+                 (seen (make-hash-table :test 'equal)))
+             (do-symbols (sym (find-package pkg-name))
+               (when (and (eq (symbol-package sym) (find-package pkg-name))
+                          (or (fboundp sym) (boundp sym))
+                          (not (gethash (symbol-name sym) seen)))
+                 (setf (gethash (symbol-name sym) seen) t)
+                 (incf exported)
+                 (let ((existing (find-symbol (symbol-name sym) target-pkg)))
+                   (when existing (unintern existing target-pkg)))
+                 (import sym target-pkg)
+                 (ignore-errors (export sym target-pkg))))
+            (log-message "LOADER: Exported ~a symbols from ~a to :PASSEPARTOUT"
+                         exported (package-name (find-package pkg-name))))
+          (setf (skill-entry-status entry) :ready))
+      (error (c)
+        (log-message "LOADER ERROR in skill '~a': ~a" skill-base-name c)
+        (setf (skill-entry-status entry) :failed) nil))))
+#+end_src
+
+** Initialize (skill-initialize-all)
+
+Boot-time entry point. Scans the skills directory, topologically sorts the files, and loads each one. Called from ~main~ in the metabolic loop and from the REPL for hot-reload.
+
+Skills are loaded from ~$PASSEPARTOUT_DATA_DIR/lisp/~ where both core and skill
+files live after tangling. The org source files live in ~org/~.
+
+#+begin_src lisp
+(defun skill-initialize-all ()
+  "Initializes all skills from the XDG data directory."
+  (let* ((data-dir (uiop:ensure-directory-pathname (or (uiop:getenv "PASSEPARTOUT_DATA_DIR") (namestring (merge-pathnames ".local/share/passepartout/" (user-homedir-pathname))))))
+         (skills-dir (merge-pathnames "lisp/" (uiop:ensure-directory-pathname data-dir))))
+    (unless (uiop:directory-exists-p skills-dir) (return-from skill-initialize-all nil))
+    (let ((sorted-files (skill-topological-sort skills-dir)))
+      (log-message "LOADER: Initializing ~a skills..." (length sorted-files))
+      (dolist (file sorted-files)
+        (if (uiop:string-suffix-p (namestring file) ".lisp")
+            (load-skill-from-lisp file)
+            (load-skill-from-org file)))
+      (log-message "LOADER: Boot Complete."))))
+#+end_src
+
+* Test Suite
+Verifies that the topological sorter correctly orders skills by their ~#+DEPENDS_ON:~ declarations.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-boot-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:boot-suite))
+
+(in-package :passepartout-boot-tests)
+
+(def-suite boot-suite :description "Verification of the Skill Engine loader")
+(in-suite boot-suite)
+
+(test test-topological-sort-basic
+  "Contract 2: dependency ordering puts dependencies before dependents."
+  (let ((tmp-dir "/tmp/passepartout-boot-test/"))
+    (uiop:ensure-all-directories-exist (list tmp-dir))
+    (with-open-file (out (merge-pathnames "org-skill-a.org" tmp-dir) :direction :output :if-exists :supersede)
+      (format out "#+DEPENDS_ON: skill-b-id~%"))
+    (with-open-file (out (merge-pathnames "org-skill-b.org" tmp-dir) :direction :output :if-exists :supersede)
+      (format out ":PROPERTIES:~%:ID: skill-b-id~%:END:~%"))
+    (unwind-protect
+         (let ((sorted (passepartout::skill-topological-sort tmp-dir)))
+           (let ((pos-a (position "org-skill-a" sorted :key #'pathname-name :test #'string-equal))
+                 (pos-b (position "org-skill-b" sorted :key #'pathname-name :test #'string-equal)))
+             (is (< pos-b pos-a))))
+       (uiop:delete-directory-tree (uiop:ensure-directory-pathname tmp-dir) :validate t))))
+
+(test test-lisp-syntax-validate-valid
+  "Contract 1: valid Lisp code passes syntax validation."
+  (is (eq t (lisp-syntax-validate "(+ 1 2)"))))
+
+(test test-lisp-syntax-validate-invalid
+  "Contract 1: unbalanced Lisp code fails syntax validation."
+  (is (null (lisp-syntax-validate "(+ 1 2"))))
+#+end_src
--- a/org/core-transport.org
+++ b/org/core-transport.org
@@ -0,0 +1,354 @@
+#+TITLE: Communication Protocol (communication.lisp)
+#+AUTHOR: Agent
+#+FILETAGS: :harness:protocol:
+#+STARTUP: content
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/core-transport.lisp
+
+* Overview: Architectural Intent
+
+The Communication Protocol defines how Passepartout speaks to the outside world. It sits between the metabolic loop and the network, providing framed, length-prefixed message transport over TCP.
+
+Every message is an S-expression (plist) prefixed with a 6-character hex length:
+
+  00002C(:TYPE :EVENT :PAYLOAD (:ACTION :handshake :VERSION "0.4.0"))
+
+This is a deliberate rejection of JSON, Protocol Buffers, or any other serialization format. The message format is Lisp-native because:
+
+1. The agent generates and consumes these messages inside the cognitive loop — no serialization layer needed
+2. The format is human-readable and trivially debuggable with a text editor
+3. The length prefix prevents framing attacks (no "read until newline" ambiguity)
+
+** Why Length-Prefixed Framing?
+
+A naive TCP protocol that reads until newline fails when:
+- A message contains a newline character (which Lisp plists can)
+- A message is split across TCP packets (read returns partial data)
+- A malicious client sends an infinite stream without newlines
+
+The length prefix solves all three problems. The reader reads exactly 6 characters (the hex length), then reads exactly that many additional characters. No ambiguous termination, no partial message handling, no newline worries.
+
+The 6-character hex length supports messages up to ~16MB (0xFFFFFF bytes). This is sufficient for any single message the agent would produce. Larger payloads should be split across multiple messages.
+
+** Contract
+
+1. (frame-message msg): serializes a plist message to a length-prefixed
+   string. The first 6 characters are the hex-encoded payload length.
+2. (read-framed-message stream): reads a framed message from a stream,
+   returning the deserialized plist. Consumes exactly the length-prefixed
+   bytes.
+3. Round-trip invariant: ~(read-framed-message (make-string-input-stream
+   (frame-message msg)))~ equals ~msg~.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Protocol Accessor (proto-get)
+
+Case-insensitive property list accessor used throughout the pipeline.
+Returns the value associated with KEY in PLIST by interning a keyword.
+
+;; REPL-VERIFIED: 2026-05-03T13:00:00
+#+begin_src lisp
+(defun proto-get (plist key)
+  "Look up KEY in PLIST with case-insensitive keyword normalization."
+  (let ((key-upcase (string-upcase (string key))))
+    (loop for (k v) on plist by #'cddr
+          when (and (keywordp k)
+                    (string-equal (string k) key-upcase))
+            do (return v))))
+#+end_src
+
+** Actuator Registry
+
+The global registry mapping target keywords (~:cli~, ~:telegram~, ~:signal~, etc.) to their physical actuator functions. Extensible at runtime — skills can register new actuators via ~register-actuator~.
+
+#+begin_src lisp
+(defvar *actuator-registry* (make-hash-table :test 'equalp)
+  "Global registry mapping target keywords to their physical actuator functions.")
+
+(defun register-actuator (name fn) 
+  "Registers an actuator function. Actuators receive: (ACTION CONTEXT)."
+  (let ((key (if (keywordp name) name (intern (string-upcase (string name)) :keyword))))
+    (setf (gethash key *actuator-registry*) fn)))
+#+end_src
+
+** Message Framing
+
+Three functions handle the full message lifecycle: sanitize (strip non-serializable state), frame (serialize + prefix), and read (parse from stream).
+
+*** Sanitize Protocol Message
+
+Strips transient runtime state (~:reply-stream~, ~:socket~, ~:stream~) from a message plist before sending it over the network. These are Lisp stream objects that cannot be serialized and have no meaning to the remote end.
+
+#+begin_src lisp
+(defun protocol-message-sanitize (msg)
+  "Recursively strips non-serializable objects from a protocol plist."
+  (if (and msg (listp msg))
+      (let ((clean nil))
+        (loop for (k v) on msg by #'cddr
+              do (unless (member k '(:reply-stream :socket :stream))
+                   (push k clean)
+                   (push (if (listp v) (protocol-message-sanitize v) v) clean)))
+        (nreverse clean))
+      msg))
+#+end_src
+
+*** Frame Message
+
+Serializes a plist to a length-prefixed string: 6-character hex length followed by the ~prin1~ representation.
+
+#+begin_src lisp
+(defun frame-message (msg)
+  "Serializes a message plist and prefixes it with a 6-character hex length."
+  (let* ((sanitized (protocol-message-sanitize msg))
+         (payload (let ((*print-pretty* nil) (*read-eval* nil)) (format nil "~s" sanitized)))
+         (len (length payload)))
+    (format nil "~6,'0x~a" len payload)))
+#+end_src
+
+*** Read Framed Message
+
+Reads a complete framed message from a TCP stream. Handles leading whitespace between messages, partial reads, and malformed length headers gracefully. Returns the parsed S-expression, or ~:eof~ if the stream is closed, or ~:error~ if the message is malformed.
+
+#+begin_src lisp
+(defun read-framed-message (stream)
+  "Reads a hex-length prefixed S-expression from the stream securely."
+  (let ((length-buffer (make-string 6)))
+    (handler-case
+        (progn
+          (loop for char = (peek-char nil stream nil :eof)
+                for ws-count from 0
+                while (and (not (eq char :eof)) (< ws-count 4096)
+                           (member char '(#\Space #\Newline #\Tab #\Return)))
+                do (read-char stream))
+          (let ((count (read-sequence length-buffer stream)))
+            (if (< count 6)
+                :eof
+                (let ((len (ignore-errors (parse-integer length-buffer :radix 16))))
+                  (if (not len)
+                      :error
+                      (let ((msg-buffer (make-string len)))
+                        (read-sequence msg-buffer stream)
+                        (let ((*read-eval* nil))
+                          (handler-case (read-from-string msg-buffer)
+                            (error () :error)))))))))
+      (error () :error))))
+#+end_src
+
+** Server Listener (daemon-start)
+
+The TCP server that accepts connections from CLI and TUI clients. Each connection gets a dedicated thread (~client-handle-connection~).
+
+The daemon sends a handshake message on connection, then enters a read loop, injecting each received message into the metabolic loop via ~stimulus-inject~. The ~:health-check~ message type is handled inline (not sent to the cognitive loop) so that health checks work even when the agent is busy.
+
+#+begin_src lisp
+(defvar *daemon-socket* nil)
+(defvar *daemon-port* nil "The port the daemon is actually listening on (may differ from default if 9105 was in use).")
+
+(defun client-handle-connection (socket)
+  "Handles a single TUI/CLI client connection in a dedicated thread."
+  (let ((stream (usocket:socket-stream socket)))
+    (handler-case
+        (progn
+          (format stream "~a" (frame-message (make-hello-message "0.7.2")))
+          (finish-output stream)
+          (loop
+            (let ((msg (read-framed-message stream)))
+              (cond
+                ((eq msg :eof) (return))
+                ((eq msg :error) (return))
+                ((eq (getf msg :type) :health-check)
+                 (let ((health-msg (list :type :health-response 
+                                         :status (or (and (boundp 'passepartout::*system-health*) 
+                                                         (symbol-value 'passepartout::*system-health*))
+                                                     :unknown)
+                                         :checked-p (or (and (boundp 'passepartout::*health-check-ran*)
+                                                             (symbol-value 'passepartout::*health-check-ran*))
+                                                     nil))))
+                   (format stream "~a" (frame-message health-msg))
+                   (finish-output stream)))
+                ((member (getf (getf msg :payload) :action)
+                         '(:config-get :config-set :config-list
+                           :provider-test :provider-models))
+                 (handle-client-config msg stream))
+                (t (stimulus-inject msg :stream stream))))))
+      (error (c) (log-message "CLIENT ERROR: ~a" c)))
+    (ignore-errors (usocket:socket-close socket))))
+
+(defun handle-client-config (msg stream)
+  "Handle config/provider commands inline (not through the cognitive pipeline)."
+  (let* ((payload (getf msg :payload))
+         (action (getf payload :action))
+         (name (getf payload :name))
+         (key (getf payload :key))
+         (value (getf payload :value))
+         (result nil))
+    (case action
+      (:config-list
+       (setf result (with-output-to-string (out)
+                      (dolist (e (sort (config-read) #'string-lessp :key #'car))
+                        (format out "~a=~a~%" (car e) (cdr e))))))
+      (:config-get
+       (let ((val (config-get (intern (string-upcase key) :keyword))))
+         (setf result (format nil "~a: ~:[not set~;~:*~a~]" key val))))
+      (:config-set
+       (config-set (intern (string-upcase key) :keyword) value)
+       (setf result (format nil "✓ ~a set" key)))
+      (:provider-test
+       (let ((ok (ignore-errors (test-provider-connection
+                                 (intern (string-downcase name) :keyword)))))
+         (setf result (format nil "~a: ~:[✗ failed~;✓ connected~]" name ok))))
+      (:provider-models
+       (let ((models (ignore-errors (test-provider-connection
+                                     (intern (string-downcase name) :keyword)))))
+         (setf result (format nil "~a models: ~a" name (or models "unavailable"))))))
+    (when result
+      (format stream "~a" (frame-message (list :type :event :payload (list :text result))))
+      (finish-output stream))))
+
+(defun start-daemon (&key (port 9105) (max-retries 10))
+  "Starts the network listener for TUI/CLI clients.
+If PORT is taken, tries subsequent ports up to PORT+MAX-RETRIES."
+  (loop for attempt from 0 below max-retries
+        for p = (+ port attempt)
+        do (handler-case
+               (progn
+                 (setf *daemon-socket* (usocket:socket-listen "127.0.0.1" p :reuse-address t))
+                 (log-message "DAEMON: Listening on localhost:~a" p)
+                 (setf *daemon-port* p)
+                 (bt:make-thread
+                  (lambda ()
+                    (loop
+                      (let ((client-socket (usocket:socket-accept *daemon-socket*)))
+                        (when client-socket
+                          (bt:make-thread (lambda () (client-handle-connection client-socket))
+                                         :name "passepartout-client-handler")))))
+                  :name "passepartout-server-listener")
+                 (return p))
+             (usocket:address-in-use-error ()
+               (when (= attempt (1- max-retries))
+                 (log-message "DAEMON: All ports ~d-~d in use — giving up" port (+ port max-retries -1))
+                 (error "No available port for daemon"))
+               (log-message "DAEMON: Port ~d in use, trying ~d..." p (1+ p))))))
+#+end_src
+
+** Handshake Logic
+
+The first message sent to every new connection. The client can use this to verify the protocol version and the daemon's capabilities.
+
+#+begin_src lisp
+(defun make-hello-message (version)
+  "Constructs the standard HELLO handshake message."
+  (list :TYPE :EVENT 
+        :PAYLOAD (list :ACTION :handshake 
+                       :VERSION version 
+                       :CAPABILITIES '(:AUTH :ORG-AST))))
+#+end_src
+
+** Structural Validation
+
+Validates that an incoming message has the minimum required structure: a plist with a valid ~:type~ field. Used by the protocol validator skill to reject malformed messages before they enter the cognitive loop.
+
+#+begin_src lisp
+(in-package :passepartout)
+
+(defun protocol-schema-validate (msg)
+  "Strict structural validation for incoming protocol messages."
+  (unless (listp msg) (error "Message must be a plist"))
+  (let ((type (proto-get msg :type)))
+    (unless (member type '(:REQUEST :EVENT :RESPONSE :LOG :STATUS))
+      (error "Invalid message type '~a'" type))
+    t))
+#+end_src
+
+** Backward-Compatibility Alias
+
+;; REPL-VERIFIED: 2026-05-03T14:00:00
+#+begin_src lisp
+(defun validate-communication-protocol-schema (msg)
+  "Backward-compatibility alias for protocol-schema-validate."
+  (protocol-schema-validate msg))
+#+end_src
+
+** Protocol Smoke Test (manual for REPL evaluation)
+
+Use this function to manually verify that the daemon is alive and the framing protocol works end-to-end. It connects to a running daemon, reads the HELLO handshake, sends a "hi" message, and reads the response.
+
+#+begin_src lisp :tangle no
+(defun test-daemon-protocol ()
+  (handler-case
+      (let* ((socket (usocket:socket-connect "127.0.0.1" 9105))
+             (stream (usocket:socket-stream socket)))
+        (format t "Connected.~%")
+        (let* ((len-buf (make-string 6))
+               (count (read-sequence len-buf stream)))
+          (when (= count 6)
+            (let* ((len (parse-integer len-buf :radix 16))
+                   (msg-buf (make-string len)))
+              (read-sequence msg-buf stream)
+              (format t "HELLO: ~a~%" msg-buf))))
+        (let* ((msg '(:TYPE :EVENT :META (:SOURCE :tui) :PAYLOAD (:SENSOR :user-input :TEXT "hi")))
+               (framed (frame-message msg)))
+          (format stream "~a" framed)
+          (finish-output stream)
+          (let* ((len-buf (make-string 6))
+                 (count (read-sequence len-buf stream)))
+            (when (= count 6)
+              (let* ((len (parse-integer len-buf :radix 16))
+                     (msg-buf (make-string len)))
+                (read-sequence msg-buf stream)
+                (format t "Response: ~a~%" msg-buf)))))
+        (usocket:socket-close socket))
+    (error (c) (format t "Error: ~a~%" c))))
+#+end_src
+
+* Test Suite
+Verifies that the framing protocol correctly serializes and deserializes messages.
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-communication-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:communication-protocol-suite))
+(in-package :passepartout-communication-tests)
+
+(def-suite communication-protocol-suite :description "Communication Protocol Suite")
+(in-suite communication-protocol-suite)
+
+(test test-framing
+  "Contract 1: frame-message produces correct hex length prefix."
+  (let* ((msg '(:type :EVENT :payload (:action :handshake)))
+         (framed (frame-message msg)))
+    (is (string= "00002C" (string-upcase (subseq framed 0 6))))))
+
+(test test-framing-round-trip
+  "Contract 3: frame → read-frame preserves message identity."
+  (let* ((msg '(:type :EVENT :payload (:action :handshake :version "1.0") :meta (:source :tui)))
+         (framed (frame-message msg))
+         (unframed (read-framed-message (make-string-input-stream framed))))
+    (is (equal msg unframed))))
+
+(test test-framing-empty-message
+  "Contract 1: simple messages frame with valid hex length."
+  (let* ((msg '(:type :ping))
+         (framed (frame-message msg)))
+    (is (> (length framed) 5))
+    (is (every (lambda (c) (digit-char-p c 16)) (subseq framed 0 6)))))
+
+(test test-read-framed-message
+  "Contract 2: read-framed-message decodes a framed message correctly."
+  (let* ((original '(:type :EVENT :payload (:text "decoded" :id 42)))
+         (framed (frame-message original))
+         (decoded (read-framed-message (make-string-input-stream framed))))
+    (is (equal original decoded))))
+
+(test test-read-framed-message-eof
+  "Contract 2: read-framed-message returns :eof on incomplete stream."
+  (let ((decoded (read-framed-message (make-string-input-stream "000"))))
+    (is (eq :eof decoded))))
+#+end_src
--- a/org/cost-tracker.org
+++ b/org/cost-tracker.org
@@ -0,0 +1,285 @@
+#+TITLE: Cost Tracker — per-session token cost accounting
+#+AUTHOR: Agent
+#+FILETAGS: :token-economics:cost-tracking:
+#+PROPERTY: header-args:lisp :tangle /home/user/.local/share/passepartout/lisp/cost-tracker.lisp
+
+* Architectural Intent
+
+Cost tracking gives the user visibility into what the agent spends on their
+behalf. No competitor provides this — Claude Code and Copilot obscure cost
+behind flat-rate subscriptions. Passepartout tracks every LLM call, logs
+cumulative cost, and exposes it via a ~/cost~ TUI command.
+
+The tracking is minimal and accurate to within ~10-15% (using the token
+heuristic from tokenizer.lisp). It persists across daemon restarts via
+~*session-cost*~ in the memory store.
+
+** v0.8.0 — Session Summary for Sidebar
+
+The sidebar's Cost panel needs an at-a-glance cost summary: total spent,
+call count, per-provider breakdown. ~cost-session-summary~ packages the
+three existing accessors (~cost-session-total~, ~cost-session-calls~,
+~cost-by-provider~) into a single plist ~(:total <float> :calls <int>
+:by-provider <alist>)~. This is a thin wrapper (~5 lines) — the data
+already exists; the function exposes it in the shape the TUI expects.
+
+Called from ~core-act.org~'s ~:tui~ actuator via ~fboundp~ guard.
+Degrades gracefully to nil when cost-tracker is not loaded.
+
+** Contract
+
+1. (cost-track-call provider prompt-text response-text): compute and
+   accumulate the cost of a single LLM call. Returns the cost in USD.
+2. (cost-session-total): returns the current session's total cost.
+3. (cost-session-reset): zeroes the session cost accumulator.
+4. (cost-format-budget-status total budget): returns a human-readable
+    budget status string for the TUI status bar.
+5. (cost-session-summary): returns plist
+    ~(:total <float> :calls <int> :by-provider <alist>)~ aggregating
+    all three session cost accessors. Consumed by the TUI actuator
+    for the sidebar Cost panel (v0.8.0).
+6. (budget-remaining-usd): returns the remaining budget in USD, or
+   ~most-positive-double-float~ when no budget is set.
+7. (budget-exhausted-p): returns T when a budget is set and fully
+   consumed. ~fboundp~-guarded at call sites so the checker is
+   a no-op when cost-tracker is not loaded.
+8. (budget-estimate-call prompt-text): estimates the dollar cost of a
+   pending LLM call from the prompt text. Returns 0.0 when the
+   tokenizer skill is not loaded (allows the call through).
+9. (budget-exhaustion-message): returns a ~:REQUEST~ plist with a
+   human-readable message explaining the budget cap. Injected as the
+   LLM response when the budget is exhausted.
+
+* Implementation
+
+** Package Context
+#+begin_src lisp
+(in-package :passepartout)
+#+end_src
+
+** Session cost state
+#+begin_src lisp
+(defvar *session-cost* (list :total 0.0 :calls 0 :by-provider nil)
+  "Session cost accumulator: (:total <float> :calls <int> :by-provider <alist>)")
+
+(defvar *session-cost-lock* (bordeaux-threads:make-lock "session-cost-lock")
+  "Lock protecting *session-cost* from concurrent updates.")
+#+end_src
+
+** Per-call cost tracking
+#+begin_src lisp
+(defun cost-track-call (provider prompt-text &optional response-text)
+  "Compute and accumulate the cost of a single LLM call.
+Returns the cost of this call in USD."
+  (let* ((input-tokens (if (fboundp 'count-tokens)
+                         (funcall (symbol-function 'count-tokens) (or prompt-text ""))
+                         (ceiling (length (or prompt-text "")) 4)))
+         (output-tokens (if (and response-text (fboundp 'count-tokens))
+                          (funcall (symbol-function 'count-tokens) response-text)
+                          0))
+         (total-tokens (+ input-tokens output-tokens))
+         (cost (provider-token-cost provider total-tokens)))
+    (bordeaux-threads:with-lock-held (*session-cost-lock*)
+      (incf (getf *session-cost* :total) cost)
+      (incf (getf *session-cost* :calls))
+      (let ((by-prov (getf *session-cost* :by-provider)))
+        (let ((entry (assoc provider by-prov)))
+          (if entry
+              (incf (cdr entry) cost)
+              (setf (getf *session-cost* :by-provider)
+                    (acons provider cost by-prov))))))
+    (log-message "COST TRACKER: ~a call: ~,4f USD (session total: ~,4f USD)"
+                 provider cost (getf *session-cost* :total))
+    cost))
+#+end_src
+
+** Session total
+#+begin_src lisp
+(defun cost-session-total ()
+  "Returns the current session's total cost in USD."
+  (bordeaux-threads:with-lock-held (*session-cost-lock*)
+    (getf *session-cost* :total)))
+
+(defun cost-session-calls ()
+  "Returns the total number of LLM calls in this session."
+  (bordeaux-threads:with-lock-held (*session-cost-lock*)
+    (getf *session-cost* :calls)))
+
+(defun cost-by-provider ()
+  "Returns an alist of (provider . total-cost) for this session."
+  (bordeaux-threads:with-lock-held (*session-cost-lock*)
+    (getf *session-cost* :by-provider)))
+#+end_src
+
+** Session summary (v0.8.0)
+#+begin_src lisp
+(defun cost-session-summary ()
+  "Returns plist (:total <float> :calls <int> :by-provider <alist>)."
+  (bordeaux-threads:with-lock-held (*session-cost-lock*)
+    (list :total (getf *session-cost* :total)
+          :calls (getf *session-cost* :calls)
+          :by-provider (getf *session-cost* :by-provider))))
+#+end_src
+
+** Session reset
+#+begin_src lisp
+(defun cost-session-reset ()
+  "Zeroes the session cost accumulator."
+  (bordeaux-threads:with-lock-held (*session-cost-lock*)
+    (setf (getf *session-cost* :total) 0.0)
+    (setf (getf *session-cost* :calls) 0)
+    (setf (getf *session-cost* :by-provider) nil)))
+#+end_src
+
+** Budget status formatting
+#+begin_src lisp
+(defun cost-format-budget-status (&optional (daily-budget nil))
+  "Returns a string for the TUI status bar showing session cost.
+If DAILY-BUDGET is provided, includes percentage of budget used."
+  (let* ((total (cost-session-total))
+         (calls (cost-session-calls))
+         (budget (or daily-budget
+                     (ignore-errors
+                       (parse-integer (uiop:getenv "COST_BUDGET_DAILY")))
+                     0))
+         (pct (if (> budget 0) (* 100.0 (/ total budget)) 0.0))
+         (status (cond
+                   ((= calls 0) "—")
+                   ((< pct 50) "OK")
+                   ((< pct 90) "WARN")
+                   (t "HIGH"))))
+    (if (> budget 0)
+        (format nil "[Cost: $~,2f (~,0f%) ~a]" total pct status)
+        (format nil "[Cost: $~,2f | ~d calls]" total calls))))
+#+end_src
+
+** Hook into cascade
+
+This function is called from ~backend-cascade-call~ after each successful
+LLM invocation to record the cost.
+
+#+begin_src lisp
+(defun cost-track-backend-call (backend prompt-text &optional response-text)
+  "Track cost of a backend cascade call."
+  (cost-track-call backend prompt-text response-text))
+#+end_src
+
+** Budget enforcement (v0.5.0 deferred)
+
+Session-wide cost caps that refuse LLM calls when the budget is exhausted.
+The budget is set via ~SESSION_BUDGET_USD~ env var (default: no limit).
+When exceeded, the agent falls back to deterministic-only mode — pure Lisp
+operations still work, but no cascade calls are made until the cap is raised
+or the session is reset.
+
+#+begin_src lisp
+(defvar *session-budget*
+  (ignore-errors (read-from-string (uiop:getenv "SESSION_BUDGET_USD")))
+  "Maximum USD to spend in this session. NIL means no limit.")
+
+(defun budget-remaining-usd ()
+  "Returns remaining budget in USD, or a large sentinel if unlimited."
+  (if *session-budget*
+      (let ((remaining (- *session-budget* (cost-session-total))))
+        (if (< remaining 0) 0.0 remaining))
+      most-positive-double-float))
+
+(defun budget-exhausted-p ()
+  "T if the session budget is set and fully consumed."
+  (and *session-budget* (<= (budget-remaining-usd) 0.0)))
+
+(defun budget-estimate-call (prompt-text)
+  "Estimate the dollar cost of a pending LLM call from its prompt text.
+Returns 0.0 if the tokenizer is not loaded (allows call through)."
+  (if (fboundp 'count-tokens)
+      (let* ((tokens (funcall (symbol-function 'count-tokens) (or prompt-text "")))
+             (cost (provider-token-cost (first *provider-cascade*) tokens)))
+        cost)
+      0.0))
+
+(defun budget-exhaustion-message ()
+  "Returns a user-facing plist explaining that the budget is spent."
+  (let ((total (cost-session-total))
+        (cap *session-budget*))
+    (list :TYPE :REQUEST
+          :PAYLOAD (list :ACTION :MESSAGE
+                         :TEXT (format nil "Session budget exhausted: $~,4f of $~,2f spent. Raise SESSION_BUDGET_USD or reset with /cost-reset to continue."
+                                       total cap)
+                         :EXPLANATION "Budget cap reached. No LLM calls will be made until the limit is raised."))))
+#+end_src
+
+* Test Suite
+#+begin_src lisp
+(eval-when (:compile-toplevel :load-toplevel :execute)
+  (ql:quickload :fiveam :silent t))
+
+(defpackage :passepartout-cost-tests
+  (:use :cl :fiveam :passepartout)
+  (:export #:cost-suite))
+
+(in-package :passepartout-cost-tests)
+
+(def-suite cost-suite :description "Cost tracking and budget management")
+(in-suite cost-suite)
+
+(test test-cost-track-call
+  "Contract 1: cost-track-call returns a positive number."
+  (cost-session-reset)
+  (let ((cost (cost-track-call :deepseek "hello world")))
+    (is (numberp cost))
+    (is (> cost 0.0))))
+
+(test test-cost-session-total-accumulates
+  "Contract 2: session total grows with multiple calls."
+  (cost-session-reset)
+  (cost-track-call :deepseek "hello")
+  (cost-track-call :deepseek "world")
+  (let ((total (cost-session-total)))
+    (is (> total 0.0))
+    (is (= 2 (cost-session-calls)))))
+
+(test test-cost-session-reset
+  "Contract 3: cost-session-reset zeroes the accumulator."
+  (cost-session-reset)
+  (cost-track-call :deepseek "hello")
+  (is (> (cost-session-total) 0.0))
+  (cost-session-reset)
+  (is (= 0.0 (cost-session-total)))
+  (is (= 0 (cost-session-calls))))
+
+(test test-cost-format-budget-status
+  "Contract 4: format-budget-status returns a string."
+  (cost-session-reset)
+  (cost-track-call :deepseek "hello world")
+  (let ((status (cost-format-budget-status 100)))
+    (is (stringp status))
+    (is (search "$" status))))
+
+(test test-cost-by-provider
+  "Contract: cost-by-provider returns per-provider breakdown."
+  (cost-session-reset)
+  (cost-track-call :deepseek "a")
+  (cost-track-call :groq "b")
+  (let ((by (cost-by-provider)))
+    (is (listp by))
+    (is (assoc :deepseek by))
+    (is (assoc :groq by))))
+
+(test test-cost-track-no-response
+  "Contract 1: cost-track-call works without response-text."
+  (cost-session-reset)
+  (let ((cost (cost-track-call :deepseek "test")))
+    (is (> cost 0.0))))
+
+(test test-cost-session-summary
+  "Contract 5: cost-session-summary returns plist with total, calls, by-provider."
+  (cost-session-reset)
+  (cost-track-call :deepseek "hello")
+  (cost-track-call :groq "world")
+  (let ((s (cost-session-summary)))
+    (is (> (getf s :total) 0.0))
+    (is (= 2 (getf s :calls)))
+    (let ((by (getf s :by-provider)))
+      (is (assoc :deepseek by))
+      (is (assoc :groq by)))))
+#+end_src
--- a/Show More
+++ b/Show More