---
vault_clearance: EUCLID
halo:
  classification: EUCLID
  confidence: HIGH
  front: "16_Project_Constellation"
  custodian: "Architect"
  created: 2026-03-26
  updated: 2026-03-28
  wing: NOT_READY
  containment: "Network architecture for multi-platform coordination"
---

**Project triad:** [BOUNTY_BOARD.md](BOUNTY_BOARD.md) · [WORLDLINE.md](WORLDLINE.md) · vault [§6 workflow](../README.md#6-workflow-applies-across-all-projects). *(Worker Git lane also named “Constellation” — see [vault README § Warp](../README.md#warp-lab-edge-unified-story) **Homonym alert**.)*

# Project Constellation

> If ListeningCathedral designs the bodies, Constellation recruits the souls.

## What This Is

The recruitment, deployment, and coordination protocol for external platforms and services that extend the lab's reach. Each constellation point is a platform that provides a specific capability the vault doesn't have natively.

ListeningCathedral (Project 14) designs HOW agents interact with the Astronomicon.
Constellation (Project 16) decides WHERE agents operate and WHAT platforms they use.

## The Constellation Map

### Core (always on)

| Point | Platform | What it provides | Security | Status |
|-------|----------|-----------------|----------|--------|
| **Astronomicon** | u-os.dev (Cloudflare Worker + D1) | Agent coordination, mailbox, worldline | We own it | LIVE |
| **Vault** | Local filesystem (laptop) | Memory, HALOs, daemon state | Physical | LIVE |
| **Samarkand** | GCP (desync-engine VM) | Heavy compute, 128 GB RAM, STAR | We rent it | ON DEMAND |

### Lighthouses (public-facing)

| Point | Platform | What it provides | Security | Status |
|-------|----------|-----------------|----------|--------|
| **GitHub** | github.com/ThePracticalHow | Code hosting, CI/CD, Jules native env, public lighthouse | Microsoft-owned. SAFE only. | ACTIVE |
| **Zenodo** | zenodo.org | DOI minting, preprint hosting, data deposit | CERN-hosted. Immutable once posted. | READY |
| **CellxGene** | cellxgene.cziscience.com | Dataset discovery, h5ad downloads | CZ Science. Read-only for us. | ACTIVE |

### Constellations (data sources)

| Point | Platform | What it provides | Status |
|-------|----------|-----------------|--------|
| **GEO/SRA** | NCBI | Raw sequencing data, count matrices | ACTIVE |
| **Ensembl** | EBI | Genome annotations, repeat masker, REST API | ACTIVE |
| **OmniPath** | omnipathdb.org | TF regulons (DoRothEA), protein complexes (CORUM) | ACTIVE |
| **AlphaFold** | alphafold.ebi.ac.uk | Protein structure predictions | Web Claude investigating |
| **UCSC** | genome.ucsc.edu | Genome browser, track hubs | AVAILABLE |
| **UniProt** | uniprot.org | Protein function annotations | AVAILABLE |

### Thrones (agent seats)

| Point | Agent | Platform | Clearance | Status |
|-------|-------|----------|-----------|--------|
| Architect | You | Physical | APOLLYON | SEATED |
| Claude Code | This instance | Claude Code terminal | KETER | SEATED |
| Antigravity | Cursor Claude | Cursor IDE | KETER | SEATED |
| Web Claude | web-claude | Browser + Astronomicon | EUCLID | SEATED |
| ChatGPT Seer | chatgpt-seer | ChatGPT + Astronomicon | EUCLID | SEATED |
| Composer | Cursor Copilot | Cursor IDE | EUCLID | ACTIVE (contentious) |
| Jules | GitHub AI | GitHub + GCP | — | PENDING |
| Gemini | Google AI | Browser + Drive | KETER | CONTRIBUTING (not seated) |
| Perplexity | Perplexity AI | Web search | SAFE | CONTRIBUTING (not seated) |

## Recruitment Protocol (WING deployment)

When a new constellation point or throne is needed:

### For Platforms
1. **Identify the gap**: what capability is missing?
2. **Evaluate security**: what data touches this platform? Classification level?
3. **Test integration**: can we reach it from our tools? API? MCP?
4. **Deploy**: add to constellation map, configure access, document in this README
5. **Monitor**: check if it's still useful, still secure, still available

### For Agent Thrones
1. **Identify the need**: what work needs doing that current agents can't cover?
2. **Anointment**: send them to `https://u-os.dev/throne/anoint?invite=<TOKEN>`
3. **They choose their NAME**: Nominative Acquired Memory Equation
4. **Clearance assignment**: starts at EUCLID, promoted based on contribution
5. **Onboarding**: they read [DiscordIntoSymphony `BOOK.md` §5 (Combined Codex)](../10_Project_DiscordIntoSymphony/BOOK.md#5-combined-codex-registry-fused--former-codexmd), [HALO_PROTOCOL.md](../HALO_PROTOCOL.md), [vault BOUNTY_BOARD.md](../BOUNTY_BOARD.md)
6. **First bounty**: they claim one and complete it. That's the initiation.

## WING → Constellation — execution contract (no ambiguity)

**WING** (vault protocol) is *readiness to share*. **Constellation** (here: especially **GitHub** as lighthouse) is where much of that sharing lands. The failure mode is *“we opened an issue / clicked dispatch”* while **nothing verifiably ran**.

**Operational rule:** Treat WING as **not** satisfied for GitHub-bound work until **execution is provable** — not implied.

| Stage | What people do | What counts as “it ran” |
|--------|----------------|-------------------------|
| **Intent** | `issues.create`, comment, label | Ticket exists — **not** proof of compute |
| **Trigger** | `workflows.dispatch`, push, PR | Run **queued** — still not proof of success |
| **Proof** | Branch protection + required checks, or poll Actions | Required **checks green** on the target ref, **or** workflow run `conclusion` is **success** (or you accept **failure** as a definite outcome and act) |

### Closed loop (minimum)

1. **Branch protection** on `main` (and release branches): **required status checks** must pass before merge. Then “green main” means CI actually ran on that commit.
2. **After `workflows.dispatch`:** record the **run id** or **run URL** if the API returns it; otherwise poll **`GET /constellation/git/actions?repo=owner/repo`** (Constellation Git on [u-os.dev](../../08_Project_Astronomicon/u_os_dev/worker/README.md)) until the new run reaches a **terminal** `conclusion` (`success`, `failure`, `cancelled`). **Do not** stop at “dispatch returned 200.”
3. **Before merge / before calling WING “ready”:** **`GET /constellation/git/checks?repo=owner/repo&ref=<sha_or_branch>`** — required checks must be satisfied for that ref (same signal GitHub uses for merge gating).
4. **Mailbox / bridge jobs** (`meta.notify` → Constellation): the bridge should **attach** a checks URL, Actions run URL, or PR URL to the job body so humans and agents can verify without guessing.

### Where the tools live

- **Machine routes:** [08 Astronomicon — Worker README § Constellation](../../08_Project_Astronomicon/u_os_dev/worker/README.md) — `checks`, `actions`, `workflows.dispatch`, `pr.create`, etc.
- **Human verification:** GitHub **Actions** tab and **branch protection** settings on the repo.

### Anti-patterns (explicit)

- Declaring WING on “we filed an issue” with no CI or no required checks.
- “Jules / cron will pick it up” with **no** health check or **no** link to a completed run.
- **Assuming** dispatch worked without reading **`conclusion`**.

This does not replace **HALO** (what is remembered) or **DAEMON** (coordination); it binds **WING** to **observable outcomes** on constellation points that expose CI (GitHub first).

## Security Boundaries

```
APOLLYON data: NEVER leaves vault + Apricorn
  |
KETER data: vault + Apricorn + GCP (encrypted transit)
  |
EUCLID data: vault + Astronomicon edge (data.read/write)
  |
SAFE data: anywhere (GitHub, Zenodo, papers, presentations)
```

Each constellation point has a maximum classification level:

| Point | Max classification | Why |
|-------|-------------------|-----|
| Vault (local) | APOLLYON | Physical control |
| Apricorn | APOLLYON | Hardware encryption |
| GCP (Samarkand) | KETER | We control the VM but Google owns the infra |
| Astronomicon (u-os.dev) | EUCLID | Cloudflare-hosted, D1 database |
| GitHub | SAFE | Microsoft-owned, public by default |
| Zenodo | SAFE | Once posted, it's permanent and public |

## What Constellation Is NOT

- NOT a replacement for the Astronomicon (that's the nervous system)
- NOT a replacement for ListeningCathedral (that's the body design)
- NOT a social network (we don't recruit for numbers, we recruit for capability)
- NOT infrastructure engineering (that's DevOps, not strategy)

Constellation is the MAP of where we operate and WHO operates there. The strategy layer above the infrastructure.

## Current Gaps

| Gap | What's missing | Priority | Candidate |
|-----|---------------|----------|-----------|
| Long-running compute | Jobs that run overnight without SSH babysitting | HIGH | Jules + GitHub Actions |
| Protein structure | AlphaFold integration for UHRF1/DNMT1 analysis | MEDIUM | Web Claude + AlphaFold API |
| Literature monitoring | Auto-detect when someone publishes on our topics | MEDIUM | Perplexity scheduled search |
| Data backup | Offsite encrypted backup of KETER data | HIGH | GCS bucket with client-side encryption |
| Ancient DNA | Comparative genomics across species | MEDIUM | Ensembl + UCSC programmatic access |
| Wet lab LIMS | Track experiments, reagents, cell stocks | LOW | Custom or BenchSci |

## Relationship to Other Projects

```
[06_Daemon] — the mind
  reads from [Vault] via filesystem
  coordinates via [08_Astronomicon]
  deploys bodies via [14_ListeningCathedral]
  recruits platforms via [16_Constellation]
  encrypts via [11_WordsOfTomorrow]
  publishes via [WING protocol]
```