---
vault_clearance: EUCLID
halo:
  classification: INTERNAL
  confidence: HIGH
  front: "Vault Infrastructure"
  custodian: "The Architect"
  created: 2026-03-19
  updated: 2026-03-31
  wing: UNASSESSED
  containment: "Open research questions and priorities"
---
# BOUNTY BOARD — Vault (cross-project)

**Reviewed by:** GitHub Copilot Agent

> **Order of memory (vault):** **[This board](BOUNTY_BOARD.md)** = what’s on the table (OPEN/SOLVED). **[WORLDLINE.md](WORLDLINE.md)** = narrative of what we did. **[`.event_log.jsonl`](.event_log.jsonl)** = Technomancer chronological tape (what happened, line by line). Read the board first; claim before work; on solve: S-id, date, Where (paths may span projects), tier. Tiers: IMPLEMENTED | DEMONSTRATED | OBSERVATION. Project boards across the numbered-project ring keep their own O/S/R ids; use [`_VAULT_STATE.md`](_VAULT_STATE.md) for the current ring and board pulse. **Hostile audit:** **OPEN — Hostile audit remediation** (between `hostile_audit:fused` markers) is regenerated by `python scripts/export_hostile_audit.py`. **Last updated:** 2026-03-31.

---

## SOLVED

| ID | Bounty | One-line answer | Date | Where | Tier |
|----|--------|-----------------|------|-------|------|
| S1 | Document vault dependency graph | One-page map (flow diagram + summary table + cross-project bounties); linked from README §6. | 2026-03-14 | [README.md](README.md) § Dependency graph (archived: `_archive/lab_protocol_unification_2026-03-19/VAULT_DEPENDENCY_GRAPH.md`), README §6 | IMPLEMENTED |
| S2 | Vault stabilization pass — archive ghosts, fix stale refs, bootstrap 13+14 | Full pass: gitignored 7,453 fused songs, fixed daemon refs in 02/04/05 READMEs, fixed CI/CD (removed START_HERE/AI_INSTRUCTIONS checks), fixed worker `00_DOOR` default, updated .cursorrules, added 13+14 to all route tables, documented songs/ split, cleaned export script, bootstrapped 13_MemoryOfMind board+session, regenerated vault state (15 projects). | 2026-03-25 | [README.md](README.md), [.gitignore](.gitignore), [CLAUDE.md](CLAUDE.md), project READMEs (02/04/05), [.github/workflows/unified-ci.yml](.github/workflows/unified-ci.yml), [.cursorrules](.cursorrules), [08 worker/src/index.js](08_Project_Astronomicon/u_os_dev/worker/src/index.js), [08 export_script.py](08_Project_Astronomicon/u_os_dev/export_script.py), [13_Project_MemoryOfMind/](13_Project_MemoryOfMind/) | IMPLEMENTED |
| S3 | Pipeline path canonicalization (Symphony + root README + 08) | Single story: **canonical code** → `10_Project_DiscordIntoSymphony/methods/`; **legacy portable suitcase** → `10_Project_DiscordIntoSymphony/_archive/Analysis 2026-03-13 15-00/`; **08** warp-only on disk. Root README §3/§6/lab-protocol paths, sixteen-project table, repo tree, testing table, and [08 README](08_Project_Astronomicon/README.md) §2–§7 rewritten (split-brain metaphor, path compass, Docker build from vault root). | 2026-03-27 | [README.md](README.md), [08 README](08_Project_Astronomicon/README.md), [08 Dockerfile](08_Project_Astronomicon/Dockerfile) | IMPLEMENTED |
| S4 | README dependency graph ASCII drift | Added **diagram etiquette** caption + **periphery band (10–16)** ribbon; extended Feeds/Consumes table through **16**; clarified **08** row (genomics bytes in **10**). | 2026-03-27 | [README.md](README.md) § Dependency graph | IMPLEMENTED |
| S5 | Projects 15–16 + lab README drift | **The sixteen projects** section + §6 route/write/index rows; **ShadowSuite** + **Constellation** triads (`BOUNTY_BOARD` + `WORLDLINE_CURRENT`); Current Status rows; Warp **Homonym alert** (Worker Constellation vs project 16). | 2026-03-27 | [15_Project_ShadowsOfSight/](15_Project_ShadowsOfSight/), [16_Project_Constellation/](16_Project_Constellation/), [README.md](README.md) | IMPLEMENTED |
| S6 | Vault-level daemon | Implemented the root operator loop: `scripts/vault_daemon.py` watches the live vault surface, regenerates `_VAULT_STATE.md`, writes a heartbeat file, and can append compact infrastructure events to `.event_log.jsonl` with optional local `public_lab` refresh. Formalized the split between the graph daemon (Project 06) and the vault daemon (root operator loop). | 2026-03-31 | [scripts/vault_daemon.py](scripts/vault_daemon.py), [scripts/test_vault_daemon.py](scripts/test_vault_daemon.py), [README.md](README.md), [DAEMON_PROTOCOL.md](DAEMON_PROTOCOL.md), [WORLDLINE.md](WORLDLINE.md) | IMPLEMENTED |

---

## OPEN

| ID | Bounty | Status | Assigned | Impact |
|----|--------|--------|----------|--------|
| O2 | **Coordinate Gardener–Daemon integration** — 09_Project_Gardener O3 is "triple-based WorldDaemon adapter"; vault-level tracking for cross-project deliverable (or close here when 09 O3 is solved). | OPEN | — | Fusion |
| O3 | **Technomancer event log ↔ README lab protocol** — Tighten append/schema in [README.md § Information norms](README.md#information-norms) + [03/DATA_TYPES.md](03_Project_Technomancer/DATA_TYPES.md) if gaps remain. | OPEN | — | Consistency |
| O4 | **HALO vs `public_lab` export** — EUCLID/KETER prose can reach the edge if allowlists or scans slip. **Fix:** CI + export script gate on mirrored paths (clearance tags per `08_Project_Astronomicon/u_os_dev/THRONE_ONBOARDING.md`); manifest diff before push; operator sign-off on bundle hashes. | OPEN | — | **CRITICAL** |
| O5 | **Capability URLs and log leakage** — Key-first URLs and `Authorization` values surface in Referer, proxy logs, history, screenshots. **Fix:** Short-lived signed aliases ([08 O6](08_Project_Astronomicon/BOUNTY_BOARD.md)); POST-body secrets for mutating routes where possible; token rotation runbook; redact Bearer in Worker/logging; “never share capability URLs” in onboarding. | OPEN | — | **CRITICAL** |
| O6 | **D1 / worldline as soft trust** — Anyone with a write token can append a false narrative; edge history is not cryptographically tied to laptop ground truth. **Deliverables (one bounty, two parts):** **(a) Threat model** — [08_Project_Astronomicon/u_os_dev/WORLDLINE_SOFT_TRUST.md](08_Project_Astronomicon/u_os_dev/WORLDLINE_SOFT_TRUST.md) (adversary capabilities, cost of forgery, comparison to transparency-log / Sigstore-shaped bars). **(b) Minimal signed-chain prototype** — [08_Project_Astronomicon/u_os_dev/worldline_chain_append.py](08_Project_Astronomicon/u_os_dev/worldline_chain_append.py) appends hash-linked JSONL records for **local** worldline exports (step toward HMAC-chained or signed append; not a full D1 migration). **Also:** separate publisher keys; immune/worldline controls (`IMMUNE_BLOCK_APPENDS`, consult checks); periodic verified snapshots (Shadow/Cerberus/Bioship) in a read-only lane. | OPEN | — | Security |
| O7 | **Repository blast radius** — One leaked clone or long-lived CI secret exposes the default branch. **Fix:** Encrypt or isolate Apollyon subtrees (git-crypt / sparse policies); branch protection + required review; secret scanning; OIDC for deploy instead of PATs where Cloudflare/GitHub allow. | OPEN | — | **CRITICAL** |
| O8 | **MCP / IDE host trust** — MCP servers and extensions run with host privileges and can exfiltrate vault paths and tokens. **Fix:** Tool allowlist + least scope; per-agent credentials; no production `WRITE_TOKEN` in local MCP configs; document THRONE read vs write lanes. | OPEN | — | Security |
| O9 | **Integrity stack vs kernel adversary** — Cerberus, Colossus, and Bioship are strong corroboration, not a substitute for EDR or legal process on KETER lanes. **Fix:** Explicit labeling in outputs; tabletop drills; pair with commercial EDR for promotion gates ([17 bounty](17_Project_CerberusLantern/BOUNTY_BOARD.md)). | OPEN | — | Expectations |
| O10 | **Supply chain (R / npm / Python / Wrangler)** — Dependency upgrades can introduce malicious or typosquat packages. **Fix:** Lockfiles ([08 O1](08_Project_Astronomicon/BOUNTY_BOARD.md)); hash-pinned actions; populate [vendor registry](17_Project_CerberusLantern/engine/vendor_registry.json); periodic audit passes in CI. | OPEN | — | Security |
| O11 | **Mirror sync integrity** — Local `local_mirror` / pull sync can be stale or swapped without detection. **Fix:** Post-sync verify hook (Shadow seals + Cerberus bridge); require edge manifest hash in `WORLDLINE.md` after pull ([15 O11](15_Project_ShadowsOfSight/BOUNTY_BOARD.md)). | OPEN | — | Integrity |
| O12 | **Full encryption suite integration** — Orthodox HMAC, Bioship, Shamir shares, DPAPI/HSM paths, and Worker tokens are not one continuous policy. **Fix:** Single matrix doc (classification × asset × algorithm × rotation); wire P11 + P16 + 08 worker README auth table; automate what CI can enforce. See [11 O9](11_Project_WordsOfTomorrow/BOUNTY_BOARD.md) + [15 O12](15_Project_ShadowsOfSight/BOUNTY_BOARD.md). | OPEN | — | **CRITICAL** |
| O13 | **Orthodox apex tooling survey visibility** — Keep [16_Project_Constellation/FORM_ORTHODOX_APEX_TOOLING.md](16_Project_Constellation/FORM_ORTHODOX_APEX_TOOLING.md) registered in [FORM_PROTOCOL.md](FORM_PROTOCOL.md) §6; when **16 O6** closes a refresh cycle, add one bullet to vault `WORLDLINE.md` pointing at the new date-stamped §F snapshot. | OPEN | — | Consistency |

---

<!-- hostile_audit:fused -->
## OPEN — Hostile audit remediation

> **Fused board.** Rows come from `scripts/export_hostile_audit.py` + `scripts/hostile_audit_narratives.json` (gaps + tier). **HA-{NN}-{n}** ids are stable for triage; spawn project **O** ids when work starts. Machine layer: `out/hostile_audit/*.json` (regenerate with exporter).

*Generated (UTC): 2026-03-31T04:14:42Z*

| ID | Bounty | Status | Assigned | Impact |
|----|--------|--------|----------|--------|
| HA-01-1 | `01_Project_World` — **Claims span fundamental information physics; reproducible bundles for…** — Claims span fundamental information physics; reproducible bundles for outsiders are not first-class next to narrative. *Where:* [01_Project_World/BOUNTY_BOARD.md](01_Project_World/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/01_Project_World.json) | OPEN | — | Mixed |
| HA-01-2 | `01_Project_World` — **Heavy cross-linking to other vault projects blurs the boundary of what…** — Heavy cross-linking to other vault projects blurs the boundary of what is uniquely 'proven' here vs elsewhere. *Where:* [01_Project_World/BOUNTY_BOARD.md](01_Project_World/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/01_Project_World.json) | OPEN | — | Mixed |
| HA-02-1 | `02_Project_Triage` — **Primary artifact is creative work, not reproducible code; 'validation'…** — Primary artifact is creative work, not reproducible code; 'validation' is artistic and editorial, not CI. *Where:* [02_Project_Triage/BOUNTY_BOARD.md](02_Project_Triage/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/02_Project_Triage.json) | OPEN | — | Documentation |
| HA-02-2 | `02_Project_Triage` — **Name collision with LENG is documented—still a maintenance tax for…** — Name collision with LENG is documented—still a maintenance tax for every new reader. *Where:* [02_Project_Triage/BOUNTY_BOARD.md](02_Project_Triage/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/02_Project_Triage.json) | OPEN | — | Documentation |
| HA-03-1 | `03_Project_Technomancer` — **Tape at vault root and adapters evolve—docs can lag the live stack.** *Where:* [03_Project_Technomancer/BOUNTY_BOARD.md](03_Project_Technomancer/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/03_Project_Technomancer.json) | OPEN | — | Mixed |
| HA-03-2 | `03_Project_Technomancer` — **Security-sensitive paths (cookies, env) demand discipline; .gitignore…** — Security-sensitive paths (cookies, env) demand discipline; .gitignore rules exist but operator error is always possible. *Where:* [03_Project_Technomancer/BOUNTY_BOARD.md](03_Project_Technomancer/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/03_Project_Technomancer.json) | OPEN | — | Mixed |
| HA-04-1 | `04_Project_Constitution` — **Normative document—'tests' are social and editorial, not pytest.** *Where:* [04_Project_Constitution/BOUNTY_BOARD.md](04_Project_Constitution/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/04_Project_Constitution.json) | OPEN | — | Documentation |
| HA-04-2 | `04_Project_Constitution` — **External legal or policy force is zero unless adopted outside the vault.** *Where:* [04_Project_Constitution/BOUNTY_BOARD.md](04_Project_Constitution/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/04_Project_Constitution.json) | OPEN | — | Documentation |
| HA-05-1 | `05_Project_LENG` — **Physics claims require external independent reproduction—repo richness…** — Physics claims require external independent reproduction—repo richness does not substitute for community replication. *Where:* [05_Project_LENG/BOUNTY_BOARD.md](05_Project_LENG/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/05_Project_LENG.json) | OPEN | — | Reproducibility |
| HA-05-2 | `05_Project_LENG` — **README statistics (predictions/theorems) can drift from build artifacts…** — README statistics (predictions/theorems) can drift from build artifacts if not mechanically synced. *Where:* [05_Project_LENG/BOUNTY_BOARD.md](05_Project_LENG/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/05_Project_LENG.json) | OPEN | — | Reproducibility |
| HA-06-1 | `06_Project_Daemon` — **External release is explicitly disclaimed—value is for vault operators,…** — External release is explicitly disclaimed—value is for vault operators, not npm. *Where:* [06_Project_Daemon/BOUNTY_BOARD.md](06_Project_Daemon/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/06_Project_Daemon.json) | OPEN | — | Scope / ops |
| HA-06-2 | `06_Project_Daemon` — **Graph size and import topology can intimidate new contributors without…** — Graph size and import topology can intimidate new contributors without guided tours. *Where:* [06_Project_Daemon/BOUNTY_BOARD.md](06_Project_Daemon/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/06_Project_Daemon.json) | OPEN | — | Scope / ops |
| HA-07-1 | `07_Project_Command` — **Epistemic status is experiential—cannot be falsified like code.** *Where:* [07_Project_Command/BOUNTY_BOARD.md](07_Project_Command/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/07_Project_Command.json) | OPEN | — | Documentation |
| HA-07-2 | `07_Project_Command` — **Heavy reliance on long master docs risks stale vs lived practice.** *Where:* [07_Project_Command/BOUNTY_BOARD.md](07_Project_Command/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/07_Project_Command.json) | OPEN | — | Documentation |
| HA-08-1 | `08_Project_Astronomicon` — **Distributed system plus secrets—failure modes are operational, not just…** — Distributed system plus secrets—failure modes are operational, not just logical. *Where:* [08_Project_Astronomicon/BOUNTY_BOARD.md](08_Project_Astronomicon/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/08_Project_Astronomicon.json) | OPEN | — | Mixed |
| HA-08-2 | `08_Project_Astronomicon` — **Historical path confusion (08 vs 10 data) is acknowledged but still a…** — Historical path confusion (08 vs 10 data) is acknowledged but still a footgun for agents skimming old notes. *Where:* [08_Project_Astronomicon/BOUNTY_BOARD.md](08_Project_Astronomicon/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/08_Project_Astronomicon.json) | OPEN | — | Mixed |
| HA-09-1 | `09_Project_Gardener` — **Mathematical and philosophical claims without formal proof artifacts…** — Mathematical and philosophical claims without formal proof artifacts in-repo at parity with prose. *Where:* [09_Project_Gardener/BOUNTY_BOARD.md](09_Project_Gardener/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/09_Project_Gardener.json) | OPEN | — | Documentation |
| HA-09-2 | `09_Project_Gardener` — **Risk of sounding like category-flavored metaphysics unless tied to…** — Risk of sounding like category-flavored metaphysics unless tied to operational predictions. *Where:* [09_Project_Gardener/BOUNTY_BOARD.md](09_Project_Gardener/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/09_Project_Gardener.json) | OPEN | — | Documentation |
| HA-10-1 | `10_Project_DiscordIntoSymphony` — **Scientific credibility hinges on frozen pipelines, hashes, and…** — Scientific credibility hinges on frozen pipelines, hashes, and independent re-runs—not README bravado. *Where:* [10_Project_DiscordIntoSymphony/BOUNTY_BOARD.md](10_Project_DiscordIntoSymphony/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/10_Project_DiscordIntoSymphony.json) | OPEN | — | Reproducibility |
| HA-10-2 | `10_Project_DiscordIntoSymphony` — **Parameter audit honesty (WORLDLINE) must stay synchronized with…** — Parameter audit honesty (WORLDLINE) must stay synchronized with marketing adjectives. *Where:* [10_Project_DiscordIntoSymphony/BOUNTY_BOARD.md](10_Project_DiscordIntoSymphony/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/10_Project_DiscordIntoSymphony.json) | OPEN | — | Reproducibility |
| HA-11-1 | `11_Project_WordsOfTomorrow` — **Policy must be enforced by human process—files cannot enforce OneDrive…** — Policy must be enforced by human process—files cannot enforce OneDrive posture. *Where:* [11_Project_WordsOfTomorrow/BOUNTY_BOARD.md](11_Project_WordsOfTomorrow/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/11_Project_WordsOfTomorrow.json) | OPEN | — | Scope / ops |
| HA-11-2 | `11_Project_WordsOfTomorrow` — **Cross-links to HALO and warp mean drift if those systems change.** *Where:* [11_Project_WordsOfTomorrow/BOUNTY_BOARD.md](11_Project_WordsOfTomorrow/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/11_Project_WordsOfTomorrow.json) | OPEN | — | Scope / ops |
| HA-12-1 | `12_Project_BloodyEchoes` — **Heavy dependence on 10 for quantitative backbone—alone this folder is…** — Heavy dependence on 10 for quantitative backbone—alone this folder is mostly interpretation. *Where:* [12_Project_BloodyEchoes/BOUNTY_BOARD.md](12_Project_BloodyEchoes/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/12_Project_BloodyEchoes.json) | OPEN | — | Documentation |
| HA-12-2 | `12_Project_BloodyEchoes` — **Pre-publication containment—external review not yet the gate.** *Where:* [12_Project_BloodyEchoes/BOUNTY_BOARD.md](12_Project_BloodyEchoes/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/12_Project_BloodyEchoes.json) | OPEN | — | Documentation |
| HA-13-1 | `13_Project_MemoryOfMind` — **Speculative confidence tagged in HALO—appropriate, but easy for…** — Speculative confidence tagged in HALO—appropriate, but easy for skimmers to miss. *Where:* [13_Project_MemoryOfMind/BOUNTY_BOARD.md](13_Project_MemoryOfMind/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/13_Project_MemoryOfMind.json) | OPEN | — | Documentation |
| HA-13-2 | `13_Project_MemoryOfMind` — **Wide synthesis invites unfalsifiable metaphor unless pinned to…** — Wide synthesis invites unfalsifiable metaphor unless pinned to measurable predictions. *Where:* [13_Project_MemoryOfMind/BOUNTY_BOARD.md](13_Project_MemoryOfMind/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/13_Project_MemoryOfMind.json) | OPEN | — | Documentation |
| HA-14-1 | `14_Project_ListeningCathedral` — **Liveness and abuse scenarios (mailbox spam, token leakage) are…** — Liveness and abuse scenarios (mailbox spam, token leakage) are engineering, not markdown. *Where:* [14_Project_ListeningCathedral/BOUNTY_BOARD.md](14_Project_ListeningCathedral/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/14_Project_ListeningCathedral.json) | OPEN | — | Delivery |
| HA-14-2 | `14_Project_ListeningCathedral` — **Until automated integration tests exist, this is a design spec.** *Where:* [14_Project_ListeningCathedral/BOUNTY_BOARD.md](14_Project_ListeningCathedral/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/14_Project_ListeningCathedral.json) | OPEN | — | Delivery |
| HA-15-1 | `15_Project_ShadowsOfSight` — **Security tools require adversarial test suites; README architecture ≠…** — Security tools require adversarial test suites; README architecture ≠ red-team history. *Where:* [15_Project_ShadowsOfSight/BOUNTY_BOARD.md](15_Project_ShadowsOfSight/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/15_Project_ShadowsOfSight.json) | OPEN | — | Mixed |
| HA-15-2 | `15_Project_ShadowsOfSight` — **Key material workflows must stay out of git—operator discipline assumed.** *Where:* [15_Project_ShadowsOfSight/BOUNTY_BOARD.md](15_Project_ShadowsOfSight/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/15_Project_ShadowsOfSight.json) | OPEN | — | Mixed |
| HA-16-1 | `16_Project_Constellation` — **Status tables go stale the moment a credential rotates or a service…** — Status tables go stale the moment a credential rotates or a service deprecates an API. *Where:* [16_Project_Constellation/BOUNTY_BOARD.md](16_Project_Constellation/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/16_Project_Constellation.json) | OPEN | — | Delivery |
| HA-16-2 | `16_Project_Constellation` — **No automation visible in-folder to verify each 'ACTIVE' row.** *Where:* [16_Project_Constellation/BOUNTY_BOARD.md](16_Project_Constellation/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/16_Project_Constellation.json) | OPEN | — | Delivery |
| HA-17-1 | `17_Project_CerberusLantern` — **Security claims need continuous regression against fresh malware…** — Security claims need continuous regression against fresh malware tactics—snapshot tools rot. *Where:* [17_Project_CerberusLantern/BOUNTY_BOARD.md](17_Project_CerberusLantern/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/17_Project_CerberusLantern.json) | OPEN | — | Mixed |
| HA-17-2 | `17_Project_CerberusLantern` — **VM/GCE paths imply cost and operational risk.** *Where:* [17_Project_CerberusLantern/BOUNTY_BOARD.md](17_Project_CerberusLantern/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/17_Project_CerberusLantern.json) | OPEN | — | Mixed |
| HA-18-1 | `18_Project_LifeSong` — **Highly cross-dependent—standalone falsifiability is weak.** *Where:* [18_Project_LifeSong/BOUNTY_BOARD.md](18_Project_LifeSong/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/18_Project_LifeSong.json) | OPEN | — | Delivery |
| HA-18-2 | `18_Project_LifeSong` — **Clinical or wet-lab claims, if any creep in, need firewalls vs this doc…** — Clinical or wet-lab claims, if any creep in, need firewalls vs this doc layer. *Where:* [18_Project_LifeSong/BOUNTY_BOARD.md](18_Project_LifeSong/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/18_Project_LifeSong.json) | OPEN | — | Delivery |
| HA-19-1 | `19_Project_CorpseOfTheColossus` — **By design, not the implementation home—easy to forget when grepping for…** — By design, not the implementation home—easy to forget when grepping for Colossus. *Where:* [19_Project_CorpseOfTheColossus/BOUNTY_BOARD.md](19_Project_CorpseOfTheColossus/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/19_Project_CorpseOfTheColossus.json) | OPEN | — | Delivery |
| HA-19-2 | `19_Project_CorpseOfTheColossus` — **Stealth writing is inherently hard to verify—resists hostile audit by…** — Stealth writing is inherently hard to verify—resists hostile audit by nature. *Where:* [19_Project_CorpseOfTheColossus/BOUNTY_BOARD.md](19_Project_CorpseOfTheColossus/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/19_Project_CorpseOfTheColossus.json) | OPEN | — | Delivery |
| HA-20-1 | `20_Project_MarathonLament` — **Needs paired computational notebooks or pipelines tied to public BAM…** — Needs paired computational notebooks or pipelines tied to public BAM examples to graduate from manifesto. *Where:* [20_Project_MarathonLament/BOUNTY_BOARD.md](20_Project_MarathonLament/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/20_Project_MarathonLament.json) | OPEN | — | Mixed |
| HA-20-2 | `20_Project_MarathonLament` — **Depends on Symphony operator language—reader must already accept…** — Depends on Symphony operator language—reader must already accept upstream framing. *Where:* [20_Project_MarathonLament/BOUNTY_BOARD.md](20_Project_MarathonLament/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/20_Project_MarathonLament.json) | OPEN | — | Mixed |
| HA-21-1 | `21_Project_LuaOversoul` — **APOLLYON containment signals high stakes—external peer review and data…** — APOLLYON containment signals high stakes—external peer review and data provenance must be squeaky clean. *Where:* [21_Project_LuaOversoul/BOUNTY_BOARD.md](21_Project_LuaOversoul/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/21_Project_LuaOversoul.json) | OPEN | — | Mixed |
| HA-21-2 | `21_Project_LuaOversoul` — **Cross-links to LENG gravity framing invite skepticism unless…** — Cross-links to LENG gravity framing invite skepticism unless predictions are numerically pinned and falsifiable. *Where:* [21_Project_LuaOversoul/BOUNTY_BOARD.md](21_Project_LuaOversoul/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/21_Project_LuaOversoul.json) | OPEN | — | Mixed |
| HA-22-1 | `22_Project_StarSight` — **External GUI tools (Fiji, QuPath) are acknowledged as not…** — External GUI tools (Fiji, QuPath) are acknowledged as not subprocess-wrapped—report honesty is good, reproducibility is still partial. *Where:* [22_Project_StarSight/BOUNTY_BOARD.md](22_Project_StarSight/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/22_Project_StarSight.json) | OPEN | — | Scope / ops |
| HA-22-2 | `22_Project_StarSight` — **Depends on user-supplied image paths; no fixed public regression set…** — Depends on user-supplied image paths; no fixed public regression set in-folder. *Where:* [22_Project_StarSight/BOUNTY_BOARD.md](22_Project_StarSight/BOUNTY_BOARD.md) · [audit JSON](out/hostile_audit/22_Project_StarSight.json) | OPEN | — | Scope / ops |
| HA-99-1 | `99_Archive` — **Lacks unified entry narrative—new readers have no single spine.** *Where:* [99_Archive/BOOK.md](99_Archive/BOOK.md) · [audit JSON](out/hostile_audit/99_Archive.json) | OPEN | — | Mixed |
| HA-99-2 | `99_Archive` — **Binary blobs and zips defeat text search and complicate git hygiene.** *Where:* [99_Archive/BOOK.md](99_Archive/BOOK.md) · [audit JSON](out/hostile_audit/99_Archive.json) | OPEN | — | Mixed |

### Hostile audit — verdicts by project

- **`01_Project_World`:** As creative IP and systems thinking, this is coherent and well-routed. As falsifiable engineering, it leans on documentation and local tests more than on an external auditor's one-command replay. Scope it honestly: world-model lab notes, not a shipped runtime product.
- **`02_Project_Triage`:** Judge it as what it is: a writer's room in markdown. The vault structure is stronger than most personal drafts folders. Do not ask it to behave like a biology or physics repo.
- **`03_Project_Technomancer`:** One of the more material engineering projects in the vault: real scripts, real tests, real integration surface. Hostile read: success is measured by whether a fresh clone can follow README and run the recorder path without tribal knowledge.
- **`04_Project_Constitution`:** Clear, earnest governance fiction for the lab. Valuable as shared vocabulary; not enforceable law. Treat README containment (PUBLIC) as intent, not a guarantee about every fork.
- **`05_Project_LENG`:** If any project in this vault deserves the 'show us the reproducible bundle' standard, it is this one. Internally it is the most developed quantitative island; externally it still owes the world a boring, adversarial replication package. Until then: impressive, not settled.
- **`06_Project_Daemon`:** Rare case of documentation that matches a real executable model. The hostile question is operational: can someone run the daemon entrypoints and get stable outputs on a clean machine? If yes, it earns credibility inside its stated containment.
- **`07_Project_Command`:** A private operations manual dressed as a project. Useful to the author; outsiders get philosophy and procedure, not benchmarks. That is fine if labeled as memoir-plus-protocol.
- **`08_Project_Astronomicon`:** Real deployment surface with real contracts. The adult stance in README (ground truth = git+disk+vault) is correct. Hostile audit passes if STATUS matches production and secrets never appear in static exports.
- **`09_Project_Gardener`:** Interesting memo collection; not yet a mathematical package. Credible if scoped as conceptual research with optional code sketches.
- **`10_Project_DiscordIntoSymphony`:** Either a serious preprint-grade program or an unusually detailed fanfic of systems biology—the difference is reproducible artifacts and external replication. Internal structure is closer to the former than most vault projects; the hostile bar is still external.
- **`11_Project_WordsOfTomorrow`:** Does what a project-11 should: compress rules so other projects do not each invent their own. Credible at the scope of lab governance text, not cryptographic proofs.
- **`12_Project_BloodyEchoes`:** Good as a structured hypothesis essay that points at where the numbers live. Bad if read as standalone empirical proof. Keep the parent pointer explicit in every summary.
- **`13_Project_MemoryOfMind`:** Philosophy sprint with impressive internal consistency and explicit NOT_READY posture. Credible only as a research program sketch, not as established science.
- **`14_Project_ListeningCathedral`:** Clear narrative of desired multi-agent choreography. Hostile read: prove it with one end-to-end scripted flow (post job → worker → result) checked into CI or a runbook with logs.
- **`15_Project_ShadowsOfSight`:** Ambitious integrity story. Credibility requires falsifiable tamper tests and versioned baselines, not slogans about immortality. Treat as early-stage engineering with heavy narrative packaging.
- **`16_Project_Constellation`:** Useful orientation doc for operators; thin as a 'project' in the software sense. Hostile ask: add a quarterly-checked script or checklist with dates in WORLDLINE.
- **`17_Project_CerberusLantern`:** Substantive compared to most side projects: actual modules and tests. Still, 'Cerberus' branding outruns what any single repo can guarantee; verify outcomes, not mythology.
- **`18_Project_LifeSong`:** Elegant scheduling metaphor for interventions; still mostly synthesis pointing at heavier projects. Fine as long as it does not pretend to be the primary data repo.
- **`19_Project_CorpseOfTheColossus`:** Refreshingly explicit about what it is not. Value is conceptual separation; do not expect executable proofs here.
- **`20_Project_MarathonLament`:** Promising unification narrative; currently closer to theoretical program than to a frozen methods paper. Next step is always data + code paths, not more preambles.
- **`21_Project_LuaOversoul`:** No longer a throwaway folder: bibliography + orbital tooling earn a real project badge. The hostile bar is planetary science: show reproducible numerics, error bars, and explicit null results, not only narrative alignment with other fronts.
- **`22_Project_StarSight`:** Unusually concrete for a young project: a named runner, report schema, and explicit scope limits. Credible if scoped as orchestration + QC reporting, not as replacement for domain expert review.
- **`99_Archive`:** A junk drawer with some curated compilations. Useful as cold storage; terrible as onboarding. If anything important lives only here, promote it to a numbered project or root_reports with context.

<!-- /hostile_audit:fused -->
## OPEN — PROTOCOL DEPLOYMENT (2026-03-25)

> Current explicit deployment rows cover the original foundation ring (`01`–`16`). Treat later numbered projects as expansion-ring follow-up until this board grows a second matrix; [`_VAULT_STATE.md`](_VAULT_STATE.md) is the live inventory.

| ID | Bounty | Project | Status | Impact |
|----|--------|---------|--------|--------|
| P1 | **Deploy HALO to 01_Project_World** — Living docs, classification tiers, containment. World-building docs are SAFE. | 01 | OPEN | Protocol |
| P2 | **Deploy HALO to 02_Project_Triage** — Protocol and movie drafts. Classification: mostly SAFE, some EUCLID (unreleased narrative). | 02 | OPEN | Protocol |
| P3 | **Deploy HALO to 03_Project_Technomancer** — Event log, data types. The Technomancer IS a daemon. Wire DAEMON protocol. | 03 | OPEN | Protocol |
| P4 | **Deploy HALO to 04_Project_Constitution** — Governance docs. SAFE/THAUMIEL — the constitution should be public. | 04 | OPEN | Protocol |
| P5 | **Deploy HALO to 05_Project_LENG** — 77/77 theorems, LOTUS. Classification: papers SAFE, unreleased supplements EUCLID, novel predictions KETER until published. Wire WING for each supplement. | 05 | OPEN | **CRITICAL** |
| P6 | **Deploy HALO+DAEMON to 06_Project_Daemon** — The daemon project IS the daemon. Meta-recursive. Formalize v3 architecture as HALO. | 06 | OPEN | **CRITICAL** |
| P7 | **Deploy HALO to 07_Project_Command** — Orem framework, master documents. Classification: V11 is EUCLID (published theory), intervention specifics are KETER. | 07 | OPEN | Protocol |
| P8 | **Deploy HALO+DAEMON+EYE to 08_Project_Astronomicon** — The shared workspace. Already has worldline + immune system. Formalize as HALO with DAEMON running the worker. EYE = the public lab lens. | 08 | OPEN | **CRITICAL** |
| P9 | **Deploy HALO to 09_Project_Gardener** — Knowledge graph. SAFE infrastructure. | 09 | OPEN | Protocol |
| P10 | **HALO already deployed to 10_Project_DiscordIntoSymphony** — Update classifications per new tier system. Tag all WORLDLINE entries. | 10 | IN PROGRESS | Protocol |
| P11 | **Deploy HALO+WING to 11_Project_WordsOfTomorrow** — Write standard, encryption, mimetic shield. Classification: the standard is THAUMIEL, the shield protocol is KETER. Design EYE as the perception layer for the write standard. | 11 | OPEN | **CRITICAL** |
| P12 | **Deploy HALO to 12_Project_BloodyEchoes** — Genomic archaeology. Classification: README is EUCLID, UHRF1 coordinates are APOLLYON, hormesis is THAUMIEL. | 12 | OPEN | Protocol |
| P14 | **WING assessment for all projects** — Which projects have entities ready for THAUMIEL release? Check W-I-N-G for: LOTUS papers, method paper, hormesis protocol, pipeline code. | ALL | OPEN | Release |
| P15 | **EYE protocol design** — The observation layer. How we look at data. Standardize across projects: what tools, what metrics, what visualization. The EYE is the CNN + the pipeline + the daemon's perception. | ALL | OPEN | Protocol |
| P16 | **Deploy HALO to 15_Project_ShadowsOfSight** — Integrity manifests, canary factory, sealed logs. Classification: tooling is SAFE; deployment notes EUCLID if they describe live tripwires. | 15 | OPEN | Protocol |
| P17 | **Deploy HALO to 16_Project_Constellation** — Fleet map + thrones. Classification: platform list SAFE; live credentials KETER (never in vault). | 16 | OPEN | Protocol |

### Priority Order
1. P6, P8 (daemon architecture — the nervous system)
2. P5, P10, P12 (active research projects with sensitive data)
3. P11, **O12** (encryption / shield — unify policy across tools)
4. **O4, O5, O7** (export, capability URLs, repo blast radius)
5. P14 (WING assessment — what can we release?)
6. P16, P17, **O6, O8, O10, O11** (worldline trust, MCP, supply chain, mirrors)
7. Everything else (including O9 expectations)

---

## RETRACTED / WONTFIX

| ID | What | Why |
|----|------|-----|
| *(none)* | | |