standards/STATUS.md

# Roundup — 2026-06-20

Repos scanned (11): keysat, matrix-bridge, premier-gunner, proof-of-work, recap-relay, recap,
spark-control, standards, ten31-database, ten31-signal-engine, ten31-transcripts

Skipped (not git repos): discount-watcher, expense-organizer, giga, Grand-Cayman-paddleboard,
heart-rate, one-river, "satoshi-sleep (need to add code)", "START9 PACKAGING", ten31-command-center,
timestamp-converter, timestamp-newspaper, website-landing, Workout-log

Failed readers: none.

---

## Per-project snapshot

**keysat** — Self-hosted Bitcoin-native software-licensing service (StartOS 0.4.x s9pk + 4 SDKs + public sites).
Live canonical `0.2.0:62` (buy-page escape fix shipped, installed on `immense-voyage.local`, master at `licensing.keysat.xyz` 200, migrations → 0025); daemon/wrapper tests green, no CI.
In progress: inbox items just triaged into ROADMAP. Next: eval P2 hardening (XFF, dep bumps, admin/public split), split `audit:read` scope, work newly-routed ROADMAP cluster.

**matrix-bridge** — Single-user Matrix bot on the Spark that turns a room message into a live Claude Code session on the Mac, surfaced to phone.
Phases 0–3 + ask mode complete; capture mode (D13) live 2026-06-16, proven on 1 room (N=3 pending). Shipped in Spark Control v0.21.0 tile.
Next: prove capture mode on remaining rooms; optional Docker HEALTHCHECK; optional priority keyword in `capture-note.sh`.

**premier-gunner** — Kid-friendly soccer-training tracker PWA (single player), StartOS 0.4.x s9pk.
Live `v0.1.7:0`, all requested features built/deployed, no in-progress work. Known issue: in-app password change reverts on restart (use the action).
Next: confirm speed unit (mph vs km/h); optionally work the eval backlog.

**proof-of-work** — Self-hosted multi-user workout logger (Next.js), StartOS 0.4 s9pk.
Live `1.2.0:9` (tsc/lint clean, 274 tests); 6 AI providers incl. SparkControl local inference; design contract established. Operator running on-box successfully.
Blocker: Mobile-Safari first-login-tap fails (2nd works) — gated on capturing the Safari error code. Next: P3 hardening batch, design-cleanup batch, tiered AI prompts, Next 15→16.

**recap-relay** — Operator-side credit-metered transcription/diarization/analysis relay in front of Gemini + Spark Control; powers Recaps. Private, operator-box only.
Live `v0.2.127` (app 0.2.155), 79 tests green, dashboard redesign (mobile-first) done, design contract imported. **⚠ A P1 analyze-hang outage is captured in the inbox but NOT yet reflected as fixed here.**
Next (low priority per repo): typography hygiene tail; deferred speaker-tool polish; P3+ security/packaging tail.

**recap** — YouTube + podcast summarizer + library; StartOS s9pk (self-host) and `recaps.cc` cloud (multi-tenant).
Live: app `0.2.162` + relay `0.2.126`, 158 tests; just shipped relay-client dedup. Daily Digest installed but off-box-unsmoke-tested.
Next: deferred refactor-survey items (test-first); operator verification actions (iPad scroll, Gemini key rotation, real cloud purchase/webhook/reminder tests, smoke Daily Digest); design `palette.css` stretch.

**spark-control** — Browser-based StartOS 0.4 package controlling a dual DGX Spark AI cluster (vLLM model swaps + STT/diarization/TTS/embeddings/redaction APIs).
Live `v0.27.3:0`; Qwen3.6 vision end-to-end (cards 7/7 @ ~97 tok/s), 161 pytest. Vision "check" button removed at owner's request — do NOT re-add.
Next (externally gated): Grant sends adopter reply; adopter runs disk-scan diagnostic; codify Gitea Releases channel.

**standards** *(meta / tooling layer)* — Global source of agent commands, subagents, and `how-i-work.md`, symlinked live into `~/.claude`.
Fleet built/live (9 commands, 12 subagents); recent: `refactor-scout`, `/adjudicate`, design round-trip, `onboarding-tester` all shipped. Prior roundup snapshot 2026-06-18.
Next: first real `/adjudicate` run (calibrate drop-bias); Stage-1 `onboarding-tester` harness; cross-repo quality-gate standard + `/harden` (item 1); non-git-folder sweep (item 6 residual).

**ten31-database** — Self-hosted venture-fund CRM (replacing Airtable) + in-house AI fundraising layer; Phase 0/1 live on Start9.
Live `v0.1.0:103` (verified 2026-06-20); fundraising grid + email capture is system of record. Mobile UX batch, required-date reminders, M3 business-card OCR all shipped this session. W1 Reminders + W2 NL-query built/tested (deploy pending).
Next: spot-check bidirectional sync; Phase 8 mobile-design conformance (8 phases scoped); deferred in-app card intake (plan written, approval pending); real-card OCR accuracy spot-checks.

**ten31-signal-engine** — Recurring pipeline ingesting audio/text, extracting structured claims, surfacing investment signals through Ten31's thesis lens with falsifiable predictions.
Strike adversarial test CONDITIONAL PASS (2026-06-16); 56,008 claims embedded in Qdrant; engine correctly refuses the false positive. Repo clean, no automated test suite yet.
Next: frontier-fan-out test H6; complete Strike reflexivity demo (audio-GPU gated); Job A discovery scorers.

**ten31-transcripts** — Native macOS menu-bar app: dual-track call audio + active-speaker window-watching → self-hosted SparkControl for transcription/diarization/naming.
`main` clean (2026-06-17), 91 tests; meeting-name prompt + folder rename built. Naming prompt unit-tested but not yet exercised on a live stop.
Next: repoint `origin` to `gitea-home` (off flaky `.local`); backend URL primary→fallback + `mmss()` NaN guard; run a real recording end-to-end.

---

## Priority queue (all projects + untriaged inbox)

### P1
- [P1] Analyze-phase hang permanently jams the single in-memory hardware FIFO slot → blocks ALL YouTube processing; multi-hour outage — source: inbox(untriaged) → recap-relay — `server/backends/gemini.js:587/281` (no AbortSignal), `hardware-queue.js:51-98` (no acquire-timeout/dead-holder watchdog)
- [P1·"elevated, money-path bug"] Auto-charge silently lapses subscription on 200-with-failure response — source: keysat (ROADMAP, Payments & subscriptions)

### P2
*Untriaged inbox*
- [P2] Add Gemini 3.5 to model selection (research-agent confirm available stable model name) — source: inbox(untriaged) → recap
- [P2] Add Gemini 3.5 to model selection (research-agent confirm available stable model name) — source: inbox(untriaged) → recap-relay
- [P2] Verify cloud background subscription processing isn't silently skipped post-core-decoupling (entitlement gate `server/index.js:1400`) — source: inbox(untriaged) → recap — check `recaps.cc/api/sub-check-log`
- [P2] Email auto-capture should match investor only in `to:`/`from:` (not cc) — source: inbox(untriaged) → ten31-database
- [P2] Add camera icon in top bar (next to pencil) for business-card capture → same flow as Matrix intake bot — source: inbox(untriaged) → ten31-database
- [P2] Backup-history in Settings should default minimized + chevron-expandable at bottom — source: inbox(untriaged) → ten31-database
- [P2] Screen refresh should preserve the current tab rather than reset to the top tab — source: inbox(untriaged) → ten31-database
- [P2] Redesign the software logo/icon (used for the StartOS service) — source: inbox(untriaged) → spark-control
- [P2] Add a dashboard card for the ten31 CRM / intake bot (Update/Restart/Stop/Logs tile) — source: inbox(untriaged) → spark-control (also tracked in ten31-database ROADMAP)
- [P2] Brainstorm better cardio logging + cardio program planning (in-week variety + long-term programs) — source: inbox(untriaged) → proof-of-work
- [P2] Open-brackets artifact in the Matrix capture echo (`📥 captured → - [ ] (...)`) — source: inbox(untriaged) → matrix-bridge
- [P2] Run full-eval on the signal-engine folder (evaluator/security/exerciser/doc/spec) — source: inbox(untriaged) → ten31-signal-engine
- [P2] Gitea API automation for `/new-project` (replace manual create/publish gate) — source: inbox(untriaged) → standards *(meta)*
- [P2] Run janitor agent on all projects — source: inbox(untriaged) → standards *(meta)*

*From ROADMAPs*
- [P2] 6× full-eval hardening: X-Forwarded-For rate-limit bypass; dependency advisories; admin UI split from public API; webhook-endpoint allowlist; runtime-prepared SQL migration; `rate_buckets` reaper — source: keysat
- [P2] Design-contract cleanup from 2026-06-16 audit (3 gold-as-fill CTA blockers, structural consolidation, token gaps) — source: keysat
- [P2] `@fastify/static` 8.3.0 → ≥9.1.3 (path-traversal advisories) + re-test — source: premier-gunner
- [P2] Input validation: reject unknown metric `kind`, validate calendar dates, 400 on bad `metric_id` — source: premier-gunner
- [P2] Tests: record-recompute direction, streak math, migration idempotency — source: premier-gunner
- [P2] 7× known debt: operator-internal strings leak to cloud; credit over-spend TOCTOU on licensed installs; multi-mode tenant can spend operator's Gemini key; metadata cache for `GET /api/history`; dependency CVEs; no tests on risky files; smaller hardening (unsanitized IDs, schema validation, file size) — source: recap
- [P2] 5× tech debt (EVALUATION.md): test-coverage gap (swap state machine/proxies/SSH/StartOS); lockfile + dependency floors; HTTP 500 handling; NGC API key on cmdline; global mutable `catalog` race — source: spark-control
- [P2] Guard `mmss()` against NaN/∞ — source: ten31-transcripts
- [P2/P3] `SessionController` state-machine tests + extraction — source: ten31-transcripts

### P3
*Untriaged inbox*
- [P3] AGENTS.md endpoint list mis-describes `POST /relay/analyze` ({transcript}→sections); actual route takes `{prompt}` → standard envelope — source: inbox(untriaged) → recap-relay
- [P3] Operator-onboarding agent (sibling to `onboarding-tester`, operator journey; needs clean StartOS service-install room) — source: inbox(untriaged) → standards *(meta)*

*From ROADMAPs*
- [P3] No CI / doc-drift cluster — source: keysat
- [P3] Code health (refactor-scout): delete 3 confirmed-dead functions; extract column consts; large-function splits (DEFER, gated on characterization tests first) — source: keysat
- [P3] CSRF token; cross-category metric guard; logout without session; consistent 404s; validate category `color` — source: premier-gunner
- [P3] Security & hardening: verify proxy forwards real client IPs; CSP `unsafe-eval`; `/api/health` info disclosure; rate-limit map leak; shorter/configurable sessions; text max-length; unify JSON-parse pattern — source: proof-of-work
- [P3] README stale; deprecated `@app.on_event`; packaging placeholders + broken docs link; body/upload size limits; startup crash on bad `VLLM_PORT` — source: spark-control
- [P3] `manifest.json` sha256; unauthenticated LAN backend — source: ten31-transcripts
- [P3] Request-size caps; invoice-ID hijack; container root user; in-memory auth rate-limit reset; repo hygiene (old `.s9pk`, `cookies.txt`); StartOS registry submission; doc reconciliation — source: recap
- [P3] Matrix voice-note transcription (Spark Control Whisper, if endpoint exists) — source: ten31-database
- [P3+] Security tail (no `/relay/*` rate limiting, root container, dashboard innerHTML XSS, TLS verify, debug leaks); packaging (prune 126 version files, pin yt-dlp, Dockerfile, manifest, no README); `/relay/health` stale 0.2.11; doc fixes — source: recap-relay

### Unprioritized — needs triage (ROADMAP backlog with no explicit priority signal)
- **keysat:** rail-preference editing UI; agent-delegable payment-provider connect (approved, not urgent); onboarding doc-harness Stage 2 (gated; Stage 1 complete); Start9 Community Registry submission; registry version-retention (research-agent task); StartOS-native notifications/health-checks for internal failures; Elastic License v2 vs custom (parked); re-test `KEYSAT_INTEGRATION.md`; **multi-profile webhook routing regression test (adjudicated → DO, low blast radius)**; reorder entitlements catalog
- **recap:** persist provider preference server-side; apply Export menu to clip-collection panel; CI lint+type-check; surface failed auto-queue items; Zaprite recurring card billing (BLOCKED on Zaprite); close architecture-simplification gaps (8,10,5/6-partial); decide Max tier-quota default; refactoring backlog (extract subscription engine [test-first], `/api/process` pipeline, `sweepAndRefreshTrial` middleware, transcript coalescers)
- **recap-relay:** speaker-tool polish (re-infer names after recluster, renumber after merge, preserve unpolished base, async re-polish, merge provenance); empty analysis section at window boundary; audit live upload→merge→recluster→repolish pipeline; `palette.css` from tokens
- **proof-of-work:** tiered AI prompt formatting; keep `MODEL_MENU`/`PRICES` current; fix `publish.sh` Step-3 registry no-op; build for `arm`; community-registry submission (4 blockers); adherence tracking; export/import polish + CSV round-trip; charts/progress views; design-cleanup batch; hygiene (legacy s9pk, drop `bcryptjs`, `workout-planner/` scratch)
- **premier-gunner:** "Log another" (multiple same-category sessions/day); km/h unit option; per-metric direction toggle; Phase 3 AI coach (deferred); password UX under StartOS; packaging hygiene; other arches
- **spark-control:** Gemma-4-26B vision (deferred); Qwen3.5-122B reasoning upgrade (candidate); parakeet long-audio guard (deferred); audio-endpoint concurrency sweep; echo cancellation + LLM referee for speaker naming; Qdrant auth+snapshots; observability; API-key auth; second audio worker; per-model vLLM flags from UI; Spark host update actions; Open WebUI integration
- **ten31-database:** W1b nurture-gap automation (deferred); conversational NL edits in Matrix intake; LLM-judge fuzzy-match re-ranker; email-proposal review API audit; outreach detector; Squarespace form-submissions; intake "search NL-query on no-match"; email-capture learn-from-reject; pre-compile JSX (drop runtime Babel)
- **ten31-signal-engine:** frontier-fan-out H6; estimator rework (H4); build real resolver (stub); extend claim-type weighting to §7.1 power-infra; Job A scorers; MD&A targeting; complete Strike reflexivity demo; confirm materiality of own_network sources; BTC Sessions (Ben Perrin); River image-PDF OCR; corpus expansion; automated test suite; episode-pipelining; corpus-management UI; expose pipeline tunables; daily digest email; forward live operation; Start9 s9pk packaging
- **ten31-transcripts:** Meet faint-blue-border detection; geometric screen-share exclusion; speaker-view/spotlight layout; Zoom/Teams ring/hue gating; 1:1 Signal audio-pill fallback; accessibility-tree name hook; Jitsi support; self mic-channel cleanup; adaptive chunk sizing; per-app recording control; constrain recap reading width; SwiftLint/SwiftFormat decision; UserDefaults env-var shadowing
- **matrix-bridge:** intent-routing brain (D8, Qwen3 dispatcher); thread-based session continuity; Nextcloud/CalDAV output integration; E2EE (D9, libolm); delete vestigial `phase-0` branch
- **standards** *(meta):* cross-repo quality-gate standard (linters/hooks/CI, item 1); deterministic inbox-surfacing SessionStart hook (item 3); thread inbox-check line into bootstrapping (item 4)

---

## Not yet pushed down (inbox — exists nowhere but the inbox)

**recap-relay**
- [P1] Analyze-phase hang jams hardware FIFO slot (full root-cause + 2-part fix + unit test in the inbox note), 2026-06-20
- [P3] AGENTS.md `/relay/analyze` request-shape wording fix, 2026-06-15
- [P2] Add Gemini 3.5 to model selection, 2026-06-16

**recap**
- [P2] Verify cloud background subscription skip post-core-decoupling, 2026-06-20
- [P2] Add Gemini 3.5 to model selection, 2026-06-16

**ten31-database**
- [P2] Email auto-capture only on `to:`/`from:` match (not cc), 2026-06-20
- [P2] Camera icon in top bar for business-card capture, 2026-06-20
- [P2] Backup-history minimize + chevron, 2026-06-18
- [P2] Screen refresh preserve current tab, 2026-06-18

**spark-control**
- [P2] Redesign software logo/icon, 2026-06-18
- [P2] Dashboard card for ten31 CRM / intake bot, 2026-06-18

**proof-of-work**
- [P2] Cardio logging + program planning, 2026-06-19

**matrix-bridge**
- [P2] Open-brackets artifact in capture echo, 2026-06-19

**ten31-signal-engine**
- [P2] Run full-eval on the folder, 2026-06-16

**standards** *(meta)*
- [P2] Gitea API automation for `/new-project`, 2026-06-14
- [P2] Run janitor agent on all projects, 2026-06-16
- [P3] Operator-onboarding agent, 2026-06-16

---

## Proposed new projects (inbox `new:` items — awaiting `/new-project` bootstrap)

- **new:embedded-links-reader** [P2] — give the app an article/blog URL; it scrapes the links the author embedded, reads them, and summarizes them, 2026-06-14
- **new:portfolio-scraper** [P2] — track portfolio companies for podcasts, tweets, founder appearances, news; deliver a digest via email or another interface, 2026-06-14
- **new:personal-website** [P2] — personal website hosted on Start9 Pages, served on clearnet via StartTunnel; HTML site, Claude Design styling, gather design inspiration, 2026-06-16

---

## Gaps

- **recap-relay state vs. reality:** the repo's `Current state` reads healthy (v0.2.127, 79 tests green) but a confirmed **P1 multi-hour outage** (analyze-hang) is captured in the inbox and is *not yet reflected or fixed* in the repo. The immediate operational unblock (restart recap-relay) recurs until the code fix lands. Highest-divergence item this round.
- **recap ↔ recap-relay coupling:** the recap subscription-skip P2 was surfaced while diagnosing the relay analyze-hang; both reference `recaps.cc/api/sub-check-log`. They are separate issues but share a diagnostic.
- **Non-git folders under `~/Projects`:** 13 folders are not git repos and were skipped (see header). Some look like dormant project ideas (e.g. "satoshi-sleep (need to add code)", ten31-command-center, one-river, website-landing). This is the standards ROADMAP item-6 residual ("non-git-folder sweep") — none are tracked or readable as projects yet.
- **No CI anywhere:** keysat, recap, proof-of-work, ten31-signal-engine, spark-control all explicitly note absent/partial CI; ten31-signal-engine and ten31-database have no automated suite for parts. This recurs as the standards cross-repo quality-gate item (item 1).
- **Stale roundup index drift:** previous `STATUS.md` snapshot is dated 2026-06-18, but the standards `AGENTS.md` "Latest /roundup" line says 2026-06-16 — the index is stale relative to the actual file. Activity since 06-18 (keysat `:62`, ten31-database `:101–103`, recap `0.2.162`, recap-relay dashboard redesign, the P1 capture) lands in this one.
- All 11 readers succeeded; no repo was missing `AGENTS.md`.