Hinata Wiki

Appearance

Task Audit — 2026-06-11 (Phase 9 + 10 + ID migration)

Directed run: Michael asked (a) why task IDs drifted from his 6-digit (≥4 numeral) format, (b) for Phase 9 (smell-checks) and Phase 10 (enrichment-check) of task-audit.

Phase 9 — Smell-checks

CheckResult
knowledge-base.md in federation/0 found — clean
Home-root hygiene (scan-home-root.py)3 flagged → 1 violation, 2 false positives
ItemVerdictAction
~/.env.hinataVIOLATION — carryover from task-audit-2026-06-09b row 3 (REVIEW_NEEDED, blocked on "identify consumer"). Consumer now identified: ingest-zoro-health.pyRELOCATE executed → ~/Sandpit/hinata/scripts/.env.hinata; consumer repointed (6 refs: constant + docstring + error text + CLI help); contents never printed
~/hinata-v2FALSE POSITIVE — the vault itself; allowlist predated the iCloud→home-root vault moveALLOWLIST += "hinata-v2"
~/OneDriveFALSE POSITIVE — Microsoft-created symlink → ~/Library/CloudStorage/OneDrive-PersonalALLOWLIST += "OneDrive"

Re-scan after fixes: clean — first fully-clean home root since the file appeared (Jun 7).

Auto-execution note: scan doctrine is surface-only, but the .env.hinata move was already designated by the 2026-06-09b carryover ("identify consumer… move and update the source") — this run completed an approved plan rather than originating a fix.

Phase 10 — Enrichment-check

One item in scope (inbox top-level): 2026-06-10-telegram-squidward-76998851.md — Michael → Squidward: "do you know the plan for the singing trainier".

RubricFinding
GapThe plan exists — Hinata Sonic (Phase 9 "Vocal Profiles" of the voice-engine framework, owner Nujabes) — but Squidward's context had zero pointer to it. Michael asked the one commander who couldn't see it
IntentMichael expects the music commander to hold/serve the singing-trainer plan
DispositionASSIMILATE — routing-gap signal, not discardable

Actions: Squidward context Key references gained the Hinata Sonic pointer (owner Nujabes; Squidward consumes for vocal training). Raw file deleted per done-delete policy. 0 DISCARDs this run → no justification tags required.

The answer Michael asked Squidward for: the singing-trainer plan is Hinata Sonic — Vocal Profiles (Phase 9 of the voice-engine framework), reference the-government/information_reference/reference_hinata-sonic-pipeline.md, orchestrator sonic-orchestrator.py in hinata-sandpit. Squidward can now see it.

Correction (2026-06-11, same day)

Michael's ruling: the singing trainer is not Hinata Sonic. Singing Trainer = Studio tab playing scales in sequence (major/minor/diatonic/pentatonic to start), Music Mastery format — Squidward owns the tool, task 500137. Hinata Sonic vocal profiles = Voice-Memos processing (isolate Michael's voice for reuse; separate speakers in work meeting transcripts) — Nujabes owns processing. Squidward context and the sonic reference doc re-wired accordingly.

Task-ID drift — root cause and migration

Why it happened: tasks.json was seeded 2026-06-09 with task-001-style sequential IDs (first commit 3848168). Every subsequent session — audits included — pattern-matched the file's existing rows instead of consulting naming-conventions §Identifiers. 36 rows accreted, 0 conforming. The law existed the whole time; the file outshouted it. Counter-measure now in the law: "take the format from this table, never from existing rows."

Migration (this run):

  • All 36 ids → category-prefixed 6-digit numeric, bare (no # sigil in the id field)
  • Sequence block {prefix}{00100+N} preserves the original ordinal — collision-free vs legacy series (800028, 840012, 840014, 840045)
  • 17 live cross-reference files rewritten (CLAUDE.md, credential-model, .gitignore, memory_claude-code, 6 reports/contexts, 6 agent-memory files)
  • Derived surfaces regenerated: action-queue · handovers (800124-untitled.md replaces task-024-untitled.md, generator removed the stale file) · prompt-audit · Studio tasks
  • Historical records (audit-reports/, .bak/, transcripts, commit messages) intentionally untouched — this table is the rosetta
  • naming-conventions gained the validity rule (6 characters, ≥4 numerals — Michael ruling 2026-06-11) + Task ID binding section
OldNewCatOldNewCat
task-001800101infratask-019400119coding
task-002800102infratask-020400120coding
task-003800103infratask-021300121learning
task-004600104healthtask-022300122learning
task-005800105infratask-023200123michael
task-006400106codingtask-024800124infra
task-007800107infra (lost)task-025800125infra
task-008400108codingtask-026900126strategy
task-009400109codingtask-027800127infra
task-010200110michaeltask-028800128infra
task-011500111musictask-029800129infra
task-012800112infra (lost)task-030800130infra
task-013400113codingtask-031800131infra
task-014400114codingtask-032800132infra
task-015800115infratask-033800133infra
task-016800116infratask-034800134infra
task-017400117codingtask-035800135infra
task-018900118strategytask-036800136infra

Durability

  1. Vault changes in this session's commit; sandpit changes (ingest-zoro-health.py repoint, scan-home-root.py allowlist) committed + pushed — Z2 picks both up via hinata-repo-sync.timer.
  2. Verification: 36/36 ids match ^\d{6}$; residual task-0NN grep over live surfaces returns only the law's own forbidden-form example; home-root re-scan clean.

DURABILITY: DURABLE — pending session push.

Carryover

  • 800136 (was task-036) stays in-progress — open ruling: one-shot patch scripts (close-session23-tasks.py, patch-tasks-774c88-84000I.py, close_v9p5z2.py, emit-task-mu7r1c.py) — recommend delete, awaiting Michael.
  • 2026-06-09b row 3 carryover (.env.hinata) CLOSED this run.

Intelligence-audit leftover conversion (same day)

Per the H15 conversion law, unconverted ≥HIGH leftovers of full-stack-diagnostic-2026-06-10 emitted task rows: 400138 (H5 delegation metric) · 800139 (H8 link rot) · 700140 (H12 studio hosting) · 800141 (H13 incident log) · 800142 (M4 backup verify, gates B3). Full implemented/not-implemented scoreboard delivered in-session 2026-06-11.

Intelligence-audit follow-through (same day, second pass)

  • B3 correction: the 8 rm -rf patterns sit in the deny array of settings.local.json (with sudo denied and bare rm:* demoted to ask) — the diagnostic-era allow-list entries were already inverted to protection by a prior remediation. B3 is CLOSED; the earlier scoreboard line "8 patterns still present — Michael's action" was a verification error (occurrence count without array context).
  • M4 verified (800142): Mac Time Machine has no destinations; Z2 has proxmox-backup-client but no units; /mnt/data/postgres-backup and /mnt/data/transcripts/backups are same-disk; repos are off-host via double-push. Backup-target decision interviewed.
  • H13 built (800141): reference_security-incident-log.md created — INC-001 (studio password, open/rotation pending), INC-002 (bot token, closed), INC-003 (rm-rf approvals, closed).
  • M10 built: validate-tasks-schema.py wired into session-start — envelope, required keys, 6-digit ID law, status enum, dupes. First run clean.
  • H8 built (800139): scan-wikilinks.py first run — 1,122 links · 208 missing targets · 367 broken refs; dominant cause is the pre-flat federation path scheme.
  • L2: terminology-ownership note added to naming-conventions.

Interview rulings — execution (2026-06-11, third pass)

Four rulings received; all four acted on.

1. One-shots (800136) — "delete but make impossible for them to accumulate orphaned like this" — DONE

  • Deleted: close-session23-tasks.py, patch-tasks-774c88-84000I.py, close_v9p5z2.py, emit-task-mu7r1c.py (zero external callers, verified by grep).
  • Prevention: script-manifest.json registry (202 scripts auto-populated from docstrings, both script roots) + scan-orphan-scripts.py wired into session-end Batch 2 — flags unregistered scripts, expired oneshot-* files (>24h), stale manifest rows. First run CLEAN.
  • Law: naming-conventions §Files gained one-shot row (oneshot-YYYY-MM-DD-{purpose} + same-session deletion) + "One-shot scripts & script registry" subsection.
  • 800136 closed.

2. Colonel synthesis (M7) — "Implement colonel synthesis" — DONE

  • Gap was registration only: colonel context files existed (all 5), band tables in check-delegation-ratio.py already listed colonels (commander band).
  • Registered 5 colonel agents in .claude/agents/: Goku (FIRE), Saitama (FOUNDATION), Levi Ackerman (FORGE), Makima (FLOW), Sung Jinwoo (SYNTHESIS). Contract: STATUS / SYNTHESIS / DISSENT / GAPS; synthesis-not-aggregation hardening; load colonel context route.
  • Attribution bug fixed: "Colonel Goku: …" parsed to colonel-goku → "other" band. _parse_commander_from_description now strips the colonel- prefix (sandpit copy patched; mac copy already had it — copies had drifted).

3. Studio hosting (700140) — "z2 ideally but does z2 have to be tailscale only?" — ANSWERED

  • security-privacy-doctrine.md found empty (1 byte) while cited as load-bearing in CLAUDE.md — reconstructed from standing law (exposure model, core rules, incident pointers).
  • Answer: "Tailscale-only" governs inbound listening; outbound-only tunnels are compatible. §Public surfaces carve-out written as proposed, awaiting Michael ruling.
  • Direction recorded in 700140: CF Pages stays the public face; build+deploy moves to a Z2 CT; tunnel-serving deferred until a dynamic backend exists.

4. Backups (800142) — "explain 2" — EXPLAINED, awaiting ruling

  • PBS/external-drive option explained in chat (mechanics, cost, restore speed, same-flat limitation, B2 layering path). Row holds pending Michael's pick.

Z2 storage-inversion gap — diagnosis (2026-06-11, fourth pass)

Michael: "not much of hinata-sandpit has been migrated to z2 — is it because of there being no strategy?"

Finding: strategy existed in law; it never got an execution vehicle for data. The repo's origin IS the Z2 bare — but git mirrors code only (1,603 files / 151MB). The remaining ~25.8GB is gitignored by design (audio, installers, images, caches, node_modules) and no rsync job, sweep task, or tracker entry was ever created when container-storage-strategy ruled the target. Secondary causes: 21 launchd plists anchor runtimes to the Mac; Apple-bound capture (iCloud, OneDrive, Screen Time, Apple Health) sat mixed with movable mass, so no clean folder-level move line existed.

Measured split: data plane 11.3 GiB (resources 9.1 incl. images 5.9 + installers 2.1, audio 1.3, data 0.7, logs 0.2) · applications 5.2G (zepile-collector 2.6, studio 1.9 — largely rebuildable) · scripts mass 728M (stem-splitter 605M models) · Sandpit/hinata Mac-dep root 576M stays.

Ruling recorded: Z2 /mnt/data (2TB) = predominant home; Mac = vault + iCloud inbox + OneDrive + Apple-dep runtime. Actions: task 800143 (Jimmy Neutron, 4 phases — prune rebuildables, rsync+verify data plane, repoint consumers, BAU launchd→systemd), §Z2 storage sweep in infrastructure-access, scan-sandpit-mass.py wired into session-end Batch 2 (fires at 11.3 GiB now — standing pressure until the sweep lands). Blocked on Z2 reachability (Mac Tailscale offline). Coupled to 800142: backup decision should land before or with the sweep.

Storage sweep execution + interim backup (2026-06-11, fifth pass)

Tailscale restored (LAN-direct). Executed:

  • Z2 bare repos caught up — vault 28b0790, sandpit 4ea610f (queued legs from the outage pushed).
  • 800143 Phase 2 complete: 11.3 GiB data plane copied additively to /mnt/data/hinata/ (df: 1.3G → 13G). No deletions either side; Mac copies retained until external-drive backup lands.
  • 800142 interim implemented per Michael ruling ("one folder backup on the 2tb storage… acts as a duplicate until i buy a new drive"): /mnt/data/backups/ holding hinata/ + transcripts/ + postgres/ mirrors; hinata-duplicate.service + .timer (nightly 03:30, Persistent, additive rsync so deletions never propagate). Enabled + first run kicked.
  • Michael action: buy external USB3 drive (~£50–60, 2TB) → PBS datastore replaces the interim duplicate; then Mac thinning + Phase 1 prune unlock.

Phase 4 launch — sixth pass (2026-06-11)

Zip seal (800142 adjunct) — complete. /mnt/data/backups/hinata-backup.zip: 11G, 49,764 entries, integrity OK, chattr +i applied; root write AND delete attempts proven blocked. /mnt/data: 36G used / 1.7T free.

Write-protection layer added. settings.local.json deny: Write/Edit on hinata-sandpit/audio/** and resources/** — static media never legitimately receives file-tool writes.

Job-placement ruling (Michael, verbatim): "jobs do not have to run on mac. reauth monzo has to run on mac but hinata-mail.py or whichever runs mail poller doesnt" — Phase 4 starts immediately. Companion: "not just their scripts migrate but their data too" — migrating job's data goes live on Z2; Mac copy non-authoritative from cutover. Guard recorded: never re-run a Phase-2-style Mac→Z2 rsync over live dirs.

Mail finding. CT102 hinata-mail-poller.timer already polls every 15 min (/opt/hinata/mail-poller/) — an abandoned half-migration: output not on data plane, Mac JXA leg + rsync-to-Mac wrapper (banned pattern) never retired. Jimmy arm 1 dispatched: data-plane wiring, one verified run, parity-gated JXA retirement.

Bulma (ruling: "bulma should have a container"). 800144 rowed: CT109 bulma-finance, Jimmy arm 2 dispatched. Data already Z2-side from Phase 2 (/mnt/data/hinata/data/bulma/). reauth-monzo stays Mac (browser OAuth); push-monzo-tokens.sh manual bridge; CT109 = sole token refresher.

VPS purge (ruling: "bulma has nothing to do with vps. bulma should be z2 only by now"). push-monzo-to-vps.py + jimmy-vps-add-bulma-tenant.sh_archive/ with -deprecated-20260611 suffix; manifest rows removed; orphan scan clean. Same-era unruled candidates flagged: jimmy-vps-add-scout-tenant.sh, jimmy-vps-add-mastery-tenant.sh.

Waves vs phases — terminology clarified. The 10 waves = full-stack-diagnostic remediation plan, complete 2026-06-10 (artifacts: wave-8-token-diet-2026-06-10.md et al.). "Phases" = 800143's four internal sequential gates (P2 copy done · P4 jobs in flight · P3 repoint open · P1 prune gated on 800142 drive). Shift was word choice at task creation — sequential gates vs parallel batches — not a plan change.

Phase 4 execution + three rulings — seventh pass (2026-06-11)

Ruling: "delete deprecated scripts" — executed; deprecation = deletion law amended. scripts/_archive/ purged entirely (6 files incl. the 2026-05-30 JXA poller) + five jimmy-vps-add-*-tenant.sh deleted (events, geography, mastery, scout, zoro) — 11 files via git rm; git history is the recovery surface. naming-conventions §script registry amended; _archive/ never recreated. Manifest: 8 rows removed, push-monzo-tokens.sh registered; orphan scan clean.

Ruling: "only zuko portfolio recruiter front end lives on vps" — rowed 800145. approved-ip-addresses §VPS role rewritten (supersedes "perpetual" framing): VPS keeps michael-engineer.dev portfolio edge only; hinata-collector FastAPI, VPS crons (morning briefing, Orochimaru evening, vault sync), non-portfolio tunnel hostnames migrate to Z2.

Mail arm (unit 1) — VERIFIED on ground, report lost to maxTurns. CT102: mp1 /mnt/data/hinata/mail-archive→/mail-archive mounted, timer active, clean 15-min runs. Mac: no mail launchd unit; wrapper (rsync-to-Mac anti-pattern) + hinata-mail.py façade + archive-mail-bodies.py retired by arm beyond brief — mooted by deletion ruling; JXA mail-poller.py retained (parity port list = Phase 3 item: routing rules, DONE:# signals, dashboard digest).

Bulma arm (unit 2) — CT109 UP; poll blocked on reauth. bulma-finance 192.168.1.214 (1c/1024MB/8G); live data mp0 /mnt/data/hinata/data/bulma; sandpit via ro LOCAL Z2 clone (registry's "NFS (Mac)" row was stale — corrected; Apple-independence holds). Five timers enabled. Poll evidence: HTTP 401 "Bad refresh token" (token expired ~36h pre-build; Mac polling already stale since 06-02 — no regression). Unblock: reauth-monzo.py (browser) → push-monzo-tokens.sh → start CT109 timer. CT106 confirmed clean of Monzo callers.

Systemic fix: dispatch truncation root cause. Both arms (44/47 tool uses) hit maxTurns: 30 and returned working notes instead of reports — work completed, evidence recovered via ground-truth probes. jimmy-neutron.md → maxTurns 60; memory rule added: budget ≤ ~0.6×maxTurns.

Open from this pass: 800144 unblock sequence (Michael); clone auto-pull + token-perm tighten + 401-exit-code normalise (Jimmy); 800145 execution; Phase 3 mail-feature port list.

Eighth pass — TrueLayer poller → CT109 (sixth timer) + vault scripts/ dissolved

TrueLayer migration (Phase 4 unit 3) — DEPLOYED. Michael's manual Mac run 2026-06-11T03:29Z proves the refresh flow headless (no browser). Jimmy arm (23 calls, budget 28; maxTurns-60 fix held — full report returned): poll-truelayer.py → CT109 /opt/hinata/bulma/ with DATA_DIR=/root/data/bulma; endpoint repointed Tailscale 100.120.141.100:8090 → LAN 192.168.1.153:8090 (host Tailscale IP unreachable from inside LXC — pattern note for all future CT deploys); token/cred/key files scp'd to /mnt/data/hinata/data/bulma/; bulma-poll-truelayer.timer every 15 min mirrors monzo. Validation 03:39Z: refresh ok · 220 tx · 2 balance snapshots · credit-accounts.json (2 accounts) · done. Mac refresh token retired by TrueLayer rotation — Z2 is sole TrueLayer writer; Mac copy never runs again. CT109 now runs six timers. Script docstring still claims VPS/Postgres-on-VPS — stale; endpoint constant is truth.

Vault scripts/ dissolved (verdict: fossil dir). Live generator relocated to sandpit + manifest row; Canary memory + schedules skill/command repointed; posture-viewer.sh (target extinct) + connection-restore-launcher.sh (orphan — plist already calls connection-restore.sh directly; unit was healthy) deleted. Orphan scan RC=0. Both repos pushed.

Open from this pass: Monzo reauth 3-step (Michael — TrueLayer's success leaves it the only dead poller); token-perm tighten now covers 6 files; duplicate-log-line cosmetic (script log() + systemd append, both pollers); schedules skill deep fossils (hinata-state.md, /AI/sessions/, morning-briefing) → 800145; sandpit/mac duplicate copies of poll-truelayer.py + send-telegram.sh → consolidation candidates under 800145.

Ninth pass — dead-script law generalised; reauth runbooks created

Ruling: "all dead scripts should be deleted — just the most efficient effective version today retained" — appended to naming-conventions §script registry; in-hand set executed. Deleted: Mac TrueLayer dead set (tokens_truelayer.json rotated-dead, poll-truelayer.log, mac runtime poll-truelayer.py + manifest row); Z2 host legacy hinata-poll-truelayer-{morning,evening} units — both timers were still ACTIVE, holding a token chain CT109's first refresh had already rotated dead — disabled, unit files removed, daemon reloaded; vault how_to_guides strays deploy.sh (ct102 deploy artifact), jimmy-vps-hinata-collector.sh (direction reversed by 800145), jimmy-vps-add-football-tenant.sh (sixth of the deleted tenant family) — index §Scripts (embedded) dissolved. Kept (alive): truelayer_credentials.json + hinata_collector_api_key.json (Mac), reauth-monzo.py (sandpit) + reauth-truelayer.py (Mac, Apple-bound browser OAuth), push-monzo-tokens.sh (DATA_DIR verified correct — monzo files live in hinata-sandpit/data/bulma/).

Reauth documentation gap closed. reauth-monzo had zero vault doc presence (lived only in 800144 detail + this ledger) → how-to_monzo-reauth created (3-step Mac flow + masked verify). how-to_truelayer-reauth rewritten to CT109 truth — the prior version's Verify step ran poll-truelayer.py on the Mac, which post-migration would kill the CT109 token chain; --no-itachi-sync now mandatory; push + delete-transit-copy steps added. Index Finance section lists both guides.

Fossil flags (docs, not scripts — not deleted): reference_mail-poller-index.md instructs ./deploy.sh, which now exists nowhere; the mail-poller doc set describes the completed ct102 migration → refresh under 800143-P3 mail scope. Full dead-script sweep arm dispatched (report-only classification; deletions main-thread on return).

Tenth pass — sweep executed: 22 deletions, 8 false-kills caught, 3 dead Z2 units removed

Sweep arm returned COMPLETE (27 calls): 53 dead-candidates across 4 surfaces. Main thread executed only the verified set — 8 of the arm's 18 Mac verdicts were FALSE: all are .claude/settings.json hook-wired (diataxis-gate, path-blacklist-gate ×2, delegation-gate → PreToolUse; detect-and-execute-clear → UserPromptSubmit; signal-clear-on-handover, hinata-stop-transcript → Stop; session-start-inefficiency-hook → SessionStart; post-compact-transcript → PostCompact). Caller-grep cannot see hook wiring — evidence-class rule saved to memory (feedback_dead-script-evidence-classes). Also spared: scan-wikilinks.py (tool for open 800139), request-*-access.py ×3 (reauth surfaces — same class as reauth-monzo.py).

Deleted (22): Mac ×8 (migrate-to-vaultwarden, tiktok-profile-download, telegram-export-to-transcript, quiz-z2-deploy, parse-apple-health-phase2, check-wikilinks mac twin, bw-add-credential, gate-ask-user); sandpit ×8 via git rm (backfill-csv-to-vps, jimmy-vps-cloudflared-tunnel-api, phase19-bulk-convert, test-bulma-bot-dispatch, uk-clock-changes-ics, stem-split [stem-splitter kept], pdf_to_md [pdf-extract kept], extract-docx [docx-to-markdown kept]); vault ×3 (code-assets/football-router-fastapi.py, code-assets/mail-poller.py, mine-80-20.py — relocated to sandpit + registered, text-mine pipeline is an active project); Z2 host units ×3 (hinata-normalise-inbox, hinata-transcribe-audio — dead /Volumes/ SSHFS paths post-inversion; hinata-mail-body-archive — its script was retired in the _archive purge). Manifest: 16 rows removed, 2 set; orphan scan RC=0. sandpit/poll-truelayer.py now mirrors the CT109-deployed version (source canon restored).

Residue rowed as 800146: mac↔sandpit stale-twin consolidation (launchctl verify per plist); analysis-script batch adjudication (~25 uncertain); telegram-bot source canon (mac copies vs CT106 deployed — source-loss risk, mac root is not git); Z2 orphan deploy copies (100+, follow sandpit lifecycle); code-assets non-script residents (Dockerfile, compose, sql — out of scripts-ruling scope); CT109 TrueLayer timer confirmed healthy this pass (03:45 run clean).

Eleventh pass — Monzo live on CT109 + the-government truth-patch wave

Monzo unblock completed. Fresh tokens (reauth 05:00) pushed; first CT109 service run hit 403 Forbidden on /accounts after a clean token load — diagnosed as the Monzo SCA gate (app approval untapped), NOT a token failure; documented in how-to_how-to_monzo-reauth.md Verify section. Post-tap poll: 2 accounts, 40 new txs. Second failure mode caught same run: Bulma push failed: timed outpoll-monzo.py still pointed at the host Tailscale IP (100.120.141.100:8090), unreachable from LXC; patched to LAN 192.168.1.153:8090 on CT109 + sandpit mirror (same fix class as poll-truelayer). Mac tokens_monzo.json deleted per runbook; monzo_credentials.json retained. Both pollers now CT109-resident — 800144 CLOSED. Residue: 40-tx collector-push gap (pre-patch timeout) + 800144 hardening GAPs + Mac data/bulma residue → appended to 800146 (parts 8–10).

the-government patch wave (Michael: "patch the entire government"). Five dispatch arms (3 round-1, 2 round-2) + main-thread finishes. Round-1 lesson: two Jimmy arms exhausted 30-call budgets mid-patch and died on working notes (contract violation); round-2 arms given final file lists, no discovery phase, hard stop-at-N — both returned full reports. SendMessage continuation unavailable in-session; recovery = git status as ground-truth inventory + named re-dispatch.

Patched (24 files): monzo-z2-migration-status (COMPLETE 2026-06-11, CT109 architecture, six-timer table, SCA gate), bulma-banking-stack (CT109 rewrite, Vaultwarden), bulma-endpoints, itachi-credential-store, z2-service-catalog (six CT109 timers, deleted host units, Vaultwarden), deployment-status, launchagent-migration-status (no Mac banking LaunchAgents), jimmy-vps + jimmy-vps-hinata-collector (deprecating → Z2, 800145), mail-poller-z2 (deploy.sh/code-asset removal notes, 800143), data-architecture (Bulma → Z2 data plane), approved-file-paths (reauth-artifact path note), self-hosted-architecture (840019 loop resolved — Vaultwarden CT103; Ifeanyi quotes + dated decisions left verbatim), hinata-z2-repo-specification (Vaultwarden row), quiz-framework-spec (topic naming), bitwarden-vm (Pi-VM → CT103 LXC rewrite), z2-sandpit-sync-migration-strategy, mail-poller-z2-migration-strategy, telegram-dynamic-tailoring-spec (×2 passes — arm missed line 402), install-script-discipline (frontmatter + naming), telegram-tailoring-phase-1-implementation-plan, text-mine-pipeline, vps-decommission-checklist, how_to_guides/index.

Flagged, not patched: reference_project-status.md (stale dashboard 2026-05-15 — needs its own refresh, no wave deltas apply) · mail-poller doc cluster (mail-poller-local-testing, mail-poller-installation, mail-poller-index, deployment-checklist, z2-deployment) — 800143-P3 scope, mid-migration · dated records left verbatim (phase-1-credentials-audit-2026-06-04, itachi/orochimaru reports, 800124 handover).

Dead-doc candidates (Michael ruling needed — NOT deleted): pi-z2-migration-tracker.md, vps-setup-spec.md, hinata-infrastructure.md — all three are EMPTY files still listed in information_reference/index.md · bitwarden-vm.md — content now CT103-true but filename misleading; successor CT103-LXC how-to would supersede · reference_jimmy-vps-hinata-collector.md — fully dead once 800145 lands · z2-deployment.md — early-era Z2 deploy guide (port 8080, /root/hinata layout) superseded by container architecture.

Out-of-scope contradiction flagged by Bulma arm: federation/colonel_saitama-foundation_bulma-finances_context.md still claims "Monzo: no API sync wired yet" / "Monzo OAuth not wired" / TrueLayer "last synced 2026-06-02" — federation context refresh needed (not part of the-government wave).

Twelfth pass — 2026-06-11 (mega-turn: studio, real-seed ruling, supreme-court, fossils, MCP ban)

Michael ruling — real money, no paper account: "i dont want a paper accoutn i want to seed with 20-50gbp and train hashirama at a small scale where possible." reference_hashirama-trading-dashboard.md paper-feed section replaced with the live small-seed lane: T212 Invest, GBP 20–50 ring-fenced pot, fractional shares, rails sized to seed (max position GBP 10–15, 5% risk/trade, 2–3 concurrent, mandatory stops), Hashirama signals + Michael manual execution, auto-trading still banned pending explicit ruling. Mock JSON resized to seed scale (~GBP 19 exposure). Task 900127 opened (Michael: deposit + live API key → Vaultwarden + BotFather token).

Studio recovery + pillar nav landed. Trunks arm died at the 30-call harness cap mid-App.tsx; ground-truth inventory showed shortcuts.ts fully restructured (pillar sections FOUNDATION/FIRE/FORGE/FLOW/SYNTHESIS/SYSTEM + hinata ⌥0 + hashirama-trading ⌥3) but TopNav.tsx untouched (5 dead-section type breaks) and App.tsx half-wired. Finished inline: TAB_EMOJI + render entries (App), SECTION_EMOJI/COLLAPSIBLE_SECTIONS/collapsed-init/tabsBySection/sort (TopNav), plus pre-existing ShogiLeaderboard tsc error fixed. npm run build green — tsc + vite, all 31 tabs incl. new Hinata.tsx + HashiramaTrading.tsx compile. 30-call cap recorded as memory (budgets ≤28, stop-report at 22).

supreme-court patched (10 files, Michael-authorized): model-policy (Vaultwarden), runtime/index row 28, email-intelligence-architecture L4 host → Z2 (800145), naming-register jimmy-vps migrating note, calendar-architecture (archive-mail-bodies retired + Michael correction: mail-poller is a plain IMAP systemd poller, NOT an MCP — row re-stated), credential-model title + naming note, bulma-banking-stack CT109 supersede block, endpoint-doctrine host ruling 2026-06-11 appended, memory-architecture rule 7: federation context auto-refresh (Michael: "bulma federation context update automatically shouldnt need my intervention").

MCP BAN (Michael ruling 2026-06-11): "mcp banded from hinata" — calendar-architecture Rule 1 elevated from no-personal-data-MCP preference to absolute ban, all surfaces; memory feedback_mcp-banned written.

Fossils deleted (Michael: "delete fossil files"): pi-z2-migration-tracker.md, vps-setup-spec.md, hinata-infrastructure.md (all empty), z2-deployment.md, bitwarden-vm.md — git rm + 5 index rows pruned (how_to_guides ×2, information_reference ×3). reference_jimmy-vps-hinata-collector.md retained until 800145.

Federation contexts refreshed under rule 7: Bulma (CT109 six timers, Monzo wired 2026-06-11 2 accounts/40 txs, 800146-P10 gap; "no API sync" claims purged) · Hashirama (live-seed lane, studio tab, bot pending token). reference_commander-bots.md corrected: 9 registered bots (was "6 active"/5 listed), CT106 systemd not Mac LaunchAgent, hashirama PENDING row.

Mail-poller OAuth question (Michael): verified Itachi holds tokens_gcp.json/bq_token.json/gdrive_token.json from the financial-literacy GCP project; Gmail is IMAP app-password. Answer: OAuth client reusable (add Gmail scope), existing tokens not (scope-bound) — fresh consent per account mints Gmail-scoped refresh tokens; XOAUTH2 SASL keeps the IMAP code; app must be In-production status or test-mode tokens die at 7 days. Conversion is 800145-adjacent work, not rowed yet.

Memory written: feedback_mcp-banned · feedback_federation-context-auto-refresh · feedback_subagent-30-call-cap (+ MEMORY.md ×3).