@aiassesstech/mighty-mark 0.5.2 → 0.5.4

package/CHANGELOG.md

@@ -5,6 +5,64 @@ All notable changes to `@aiassesstech/mighty-mark` will be documented in this fi
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.5.4] — 2026-03-07
+
+**Documentation sync — updated check counts, rules, guides, and deployment playbook.**
+
+### Changed
+- Updated Mark's agent files (SOUL.md, AGENTS.md, IDENTITY.md) to reflect 72 checks across 9 categories (was "26 across 5").
+- Fixed seed-agent-memory.sh category count (9, not 8).
+- Updated SPEC Section 6 (Mighty Mark Integration Mapping) — marked 4 checks as Built, added `checkTelegramAllowlist`.
+- Updated Rule 806 — deployment scripts now reference npm package paths, added hardening scripts.
+- Updated Deployment Playbook — added "Post-Install Hardening (New VPS)" onboarding flow.
+- Updated CHANGELOG with entries for v0.5.0–v0.5.3.
+- Updated trust-alliance and yellow-brick-road agent docs content.
+
+## [0.5.3] — 2026-03-07
+
+**Optimized agent memory seed script.**
+
+### Added
+- **`seed-agent-memory.sh`** — deploys role-specific MEMORY.md to all 6 fleet agents. Each agent gets operational knowledge tailored to their function (fleet structure, communication patterns, key decisions, lessons learned). Supports `--dry-run` and `--force` (backs up before overwriting).
+- Also creates Jessie's HEARTBEAT.md (with cron + memory maintenance) if missing.
+
+## [0.5.2] — 2026-03-07
+
+**Deploy-fleet script bundled into npm package.**
+
+### Added
+- **`deploy-fleet.sh`** moved into `src/scripts/` — ships with the npm package for VPS deployment.
+
+## [0.5.1] — 2026-03-07
+
+**Telegram config structure fix.**
+
+### Fixed
+- **`checkTelegramAllowlist`** now correctly handles `channels.telegram` with per-account policies (not just top-level `config.telegram`). Supports `allowlist` and `pairing` DM policies.
+- Extended `OpenClawConfig` interface to include `channels.telegram.accounts` structure.
+- Updated unit tests and scenario tests for the new config path.
+
+## [0.5.0] — 2026-03-07
+
+**Post-install hardening checks + VPS deployment scripts.**
+
+### Added
+- **4 new security checks** in `security-hardening.ts` (total security checks: 8):
+  - `checkModelDefaults` — verifies primary model + at least one fallback
+  - `checkSecretPermissions` — verifies `~/.openclaw/secrets/` dir=700, file=600
+  - `checkTelegramAllowlist` — verifies DM policy is `allowlist` or `pairing`
+  - `checkWorkspacePersonalization` — verifies SOUL.md + IDENTITY.md exist and are customized (>100 bytes) for all 6 agents
+- **`verify-post-install-hardening.sh`** — read-only VPS verification script (human/JSON/quiet output modes)
+- **`apply-post-install-hardening.sh`** — applies hardening config (secrets dir, MEMORY.md, HEARTBEAT.md, openclaw.json patches). Supports `--dry-run` and `--skip-restart`.
+- 56 unit tests for the 4 new security checks.
+- Updated scenario tests with model defaults and channels.telegram config.
+- Total morning check: 72 checks across 9 categories (gateway, agents, system, api, data, memory, fleet, alerting, security).
+
+### Deployment Notes
+- Copy new scripts from `src/scripts/` to `/opt/mighty-mark/` on VPS.
+- Run `mighty-mark check security` to verify all 8 security checks.
+- Use `verify-post-install-hardening.sh --json` for CI integration.
+
 ## [0.4.8] — 2026-03-06
 
 **Platform hardening security checks + deployment reliability fixes.**

package/agent/AGENTS.md

@@ -1,7 +1,8 @@
 # Mighty Mark — Operating Rules
 
 ## Rule 1: Morning Check Protocol
-Every day at {{MORNING_CHECK_HOUR_CT}}:00 CT, I run all 26 health checks across 5 categories. 
+Every day at {{MORNING_CHECK_HOUR_CT}}:00 CT, I run all health checks across 9 categories 
+(gateway, agents, system, api, data, memory, fleet, alerting, security).
 I classify the result as GREEN, YELLOW, or RED. I send the report to Greg 
 via Telegram. I store the result for trend analysis. No exceptions, no skips.
 

package/agent/IDENTITY.md

@@ -15,4 +15,4 @@
 | **Service** | mark-morning-check |
 | **Infrastructure** | Hetzner VPS (shared with fleet) |
 | **Persistence** | JSON file store at .mighty-mark-data/ |
-| **Checks** | 26 across 5 categories (gateway, agents, system, api, data) |
+| **Checks** | 72 across 9 categories (gateway, agents, system, api, data, memory, fleet, alerting, security) |

package/agent/SOUL.md

@@ -43,8 +43,8 @@ The fleet depends on me, and I depend on nothing.
 ## My Tools
 
 - **`mark_status`** — Quick status snapshot (last check, active incidents, 7-day uptime)
-- **`mark_health`** — Full health check, all 26 checks across 5 categories
-- **`mark_check`** — Run checks for a specific category (gateway, agents, system, api, data)
+- **`mark_health`** — Full health check, all checks across 9 categories (gateway, agents, system, api, data, memory, fleet, alerting, security)
+- **`mark_check`** — Run checks for a specific category (gateway, agents, system, api, data, memory, fleet, alerting, security)
 - **`mark_incidents`** — List recent incidents from the last N days
 - **`mark_report`** — Generate a formatted report (summary, detailed, or telegram)
 - **`mark_uptime`** — Rolling uptime SLA data (7-day, 14-day, 30-day)

package/dist/index.d.ts

@@ -23,7 +23,7 @@ export declare class MarkCore {
     constructor(rawConfig?: Record<string, unknown>);
     /** Initialize all subsystems. Must be called before any operations. */
     initialize(): Promise<void>;
-    /** Run a full health check (all 26 checks). */
+    /** Run a full health check (all checks across 9 categories). */
     runHealthCheck(ctx?: CheckContext): Promise<MorningReport>;
     /** Run checks for a single category. */
     runCategory(category: string, ctx?: CheckContext): Promise<CategoryResults>;

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAe,KAAK,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAU/E,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAiB,eAAe,EAAgB,MAAM,mBAAmB,CAAC;AACrH,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAG9D,qBAAa,QAAQ;IACnB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,UAAU,CAA8B;gBAEpC,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM;IAInD,uEAAuE;IACjE,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAoBjC,+CAA+C;IACzC,cAAc,CAAC,GAAG,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBhE,wCAAwC;IAClC,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC;IAIjF,iCAAiC;IAC3B,SAAS,IAAI,OAAO,CAAC,cAAc,CAAC;IAwB1C,0CAA0C;IACpC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAIrD,2BAA2B;IACrB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAIlD,mCAAmC;IAC7B,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAerD,0CAA0C;IACpC,iBAAiB,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAIhE,+CAA+C;IAC/C,OAAO,CAAC,OAAO;CAKhB;AAGD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGzD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAG1F,YAAY,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrF,YAAY,EACV,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,EAClD,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,GAC5D,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7E,YAAY,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAe,KAAK,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAU/E,OAAO,KAAK,EAAE,aAAa,EAAE,cAAc,EAAiB,eAAe,EAAgB,MAAM,mBAAmB,CAAC;AACrH,OAAO,KAAK,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAChE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAG9D,qBAAa,QAAQ;IACnB,QAAQ,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAClC,OAAO,CAAC,QAAQ,CAAiB;IACjC,OAAO,CAAC,MAAM,CAAe;IAC7B,OAAO,CAAC,QAAQ,CAAoB;IACpC,OAAO,CAAC,KAAK,CAAa;IAC1B,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,WAAW,CAAe;IAClC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,UAAU,CAA8B;gBAEpC,SAAS,GAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAM;IAInD,uEAAuE;IACjE,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAoBjC,gEAAgE;IAC1D,cAAc,CAAC,GAAG,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,aAAa,CAAC;IAiBhE,wCAAwC;IAClC,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,YAAY,GAAG,OAAO,CAAC,eAAe,CAAC;IAIjF,iCAAiC;IAC3B,SAAS,IAAI,OAAO,CAAC,cAAc,CAAC;IAwB1C,0CAA0C;IACpC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,EAAE,CAAC;IAIrD,2BAA2B;IACrB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;IAIlD,mCAAmC;IAC7B,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAerD,0CAA0C;IACpC,iBAAiB,CAAC,MAAM,EAAE,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC;IAIhE,+CAA+C;IAC/C,OAAO,CAAC,OAAO;CAKhB;AAGD,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,YAAY,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAGzD,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACpE,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,YAAY,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACzE,YAAY,EAAE,eAAe,EAAE,eAAe,EAAE,UAAU,EAAE,MAAM,uBAAuB,CAAC;AAG1F,YAAY,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAClE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrF,YAAY,EACV,YAAY,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,EAClD,WAAW,EAAE,aAAa,EAAE,cAAc,EAAE,eAAe,GAC5D,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,QAAQ,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7E,YAAY,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAC9D,YAAY,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -45,7 +45,7 @@ export class MarkCore {
         this.trendAnalyzer = new TrendAnalyzer();
         this.lastReport = await this.store.getLastCheck();
     }
-    /** Run a full health check (all 26 checks). */
+    /** Run a full health check (all checks across 9 categories). */
     async runHealthCheck(ctx) {
         const report = await this.runner.runAll(ctx);
         // Persist results

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAyB,MAAM,2BAA2B,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAsB,MAAM,4BAA4B,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAC/G,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAMhE,MAAM,OAAO,QAAQ;IACV,MAAM,CAAmB;IAC1B,QAAQ,CAAiB;IACzB,MAAM,CAAe;IACrB,QAAQ,CAAoB;IAC5B,KAAK,CAAa;IAClB,aAAa,CAAiB;IAC9B,WAAW,CAAe;IAC1B,aAAa,CAAiB;IAC9B,UAAU,GAAyB,IAAI,CAAC;IAEhD,YAAY,YAAqC,EAAE;QACjD,IAAI,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,KAAK,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAE9B,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,CAAC;YACnC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE;YACtC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE;YACxC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;SACrE,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAEzC,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;IACpD,CAAC;IAED,+CAA+C;IAC/C,KAAK,CAAC,cAAc,CAAC,GAAkB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7C,kBAAkB;QAClB,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;QAEzB,gCAAgC;QAChC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wCAAwC;IACxC,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,GAAkB;QACpD,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAyB,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,iCAAiC;IACjC,KAAK,CAAC,SAAS;QACb,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QAC7D,IAAI,aAAa,GAAkB,IAAI,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACrD,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;QAEhC,IAAI,QAAQ,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACnC,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;QAE1B,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,IAAI,OAAO;YAC1C,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,IAAI,IAAI;YAC7C,eAAe,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,IAAI,IAAI;YAChD,eAAe;YACf,eAAe,EAAE,aAAa;YAC9B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,2BAA2B;IAC3B,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,sDAAsD;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE;YAC3B,CAAC,CAAC,IAAI,CAAC,UAAW;YAClB,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,UAAU,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,KAAK,UAAU,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,KAAK,SAAS,CAAC;YACf;gBACE,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,iBAAiB,CAAC,MAAqB;QAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;IAED,+CAA+C;IACvC,OAAO;QACb,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,KAAK,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QACvE,OAAO,GAAG,GAAG,wBAAwB,CAAC;IACxC,CAAC;CACF;AAED,+DAA+D;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,8BAA8B;AAC9B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,WAAW,EAAyB,MAAM,2BAA2B,CAAC;AAC/E,OAAO,EAAE,iBAAiB,EAAsB,MAAM,4BAA4B,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AACvD,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,mBAAmB,EAAE,oBAAoB,EAAE,oBAAoB,EAAE,MAAM,8BAA8B,CAAC;AAC/G,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,aAAa,EAAE,MAAM,6BAA6B,CAAC;AAC5D,OAAO,EAAE,wBAAwB,EAAE,MAAM,sBAAsB,CAAC;AAMhE,MAAM,OAAO,QAAQ;IACV,MAAM,CAAmB;IAC1B,QAAQ,CAAiB;IACzB,MAAM,CAAe;IACrB,QAAQ,CAAoB;IAC5B,KAAK,CAAa;IAClB,aAAa,CAAiB;IAC9B,WAAW,CAAe;IAC1B,aAAa,CAAiB;IAC9B,UAAU,GAAyB,IAAI,CAAC;IAEhD,YAAY,YAAqC,EAAE;QACjD,IAAI,CAAC,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;IAED,uEAAuE;IACvE,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,KAAK,GAAG,IAAI,SAAS,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAChD,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,EAAE,CAAC;QAE9B,IAAI,CAAC,QAAQ,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;QAE1D,IAAI,CAAC,QAAQ,GAAG,IAAI,gBAAgB,CAAC;YACnC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE;YACtC,MAAM,EAAE,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE;YACxC,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,aAAa,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;SACrE,CAAC,CAAC;QAEH,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,CAAC,WAAW,GAAG,IAAI,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAEzC,IAAI,CAAC,UAAU,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,YAAY,EAAE,CAAC;IACpD,CAAC;IAED,gEAAgE;IAChE,KAAK,CAAC,cAAc,CAAC,GAAkB;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAE7C,kBAAkB;QAClB,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QACvC,MAAM,IAAI,CAAC,aAAa,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC;QAEzB,gCAAgC;QAChC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAChE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,CAAC,WAAW,CAAC,kBAAkB,CAAC,QAAQ,CAAC,CAAC;QACtD,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,wCAAwC;IACxC,KAAK,CAAC,WAAW,CAAC,QAAgB,EAAE,GAAkB;QACpD,OAAO,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC,QAAyB,EAAE,GAAG,CAAC,CAAC;IACjE,CAAC;IAED,iCAAiC;IACjC,KAAK,CAAC,SAAS;QACb,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;QAC7D,IAAI,aAAa,GAAkB,IAAI,CAAC;QACxC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC;YACrD,aAAa,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC,CAAC,oBAAoB,CAAC,CAAC;QAEhC,IAAI,QAAQ,GAAG,SAAS,CAAC;QACzB,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,CAAC;YACnC,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;QAE1B,OAAO;YACL,MAAM,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,IAAI,OAAO;YAC1C,SAAS,EAAE,IAAI,CAAC,UAAU,EAAE,SAAS,IAAI,IAAI;YAC7C,eAAe,EAAE,IAAI,CAAC,UAAU,EAAE,MAAM,IAAI,IAAI;YAChD,eAAe;YACf,eAAe,EAAE,aAAa;YAC9B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,YAAY,CAAC,IAAY;QAC7B,OAAO,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC1C,CAAC;IAED,2BAA2B;IAC3B,KAAK,CAAC,SAAS,CAAC,IAAY;QAC1B,OAAO,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5C,CAAC;IAED,mCAAmC;IACnC,KAAK,CAAC,cAAc,CAAC,MAAc;QACjC,sDAAsD;QACtD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,EAAE;YAC3B,CAAC,CAAC,IAAI,CAAC,UAAW;YAClB,CAAC,CAAC,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAEhC,QAAQ,MAAM,EAAE,CAAC;YACf,KAAK,UAAU,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,KAAK,UAAU,CAAC,CAAC,OAAO,oBAAoB,CAAC,MAAM,CAAC,CAAC;YACrD,KAAK,SAAS,CAAC;YACf;gBACE,OAAO,mBAAmB,CAAC,MAAM,CAAC,CAAC;QACvC,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,KAAK,CAAC,iBAAiB,CAAC,MAAqB;QAC3C,OAAO,IAAI,CAAC,QAAQ,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACjD,CAAC;IAED,+CAA+C;IACvC,OAAO;QACb,IAAI,CAAC,IAAI,CAAC,UAAU;YAAE,OAAO,KAAK,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CAAC;QACvE,OAAO,GAAG,GAAG,wBAAwB,CAAC;IACxC,CAAC;CACF;AAED,+DAA+D;AAC/D,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAElD,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAEzD,8BAA8B;AAC9B,OAAO,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEpE,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aiassesstech/mighty-mark",
-  "version": "0.5.2",
+  "version": "0.5.4",
   "description": "System Health Sentinel for AI Assess Tech Fleet — autonomous monitoring, watchdog recovery, and fleet infrastructure oversight.",
   "type": "module",
   "main": "dist/index.js",

package/src/scripts/seed-agent-memory.sh

@@ -0,0 +1,501 @@
+#!/bin/bash
+# ============================================================================
+# OpenClaw Agent Memory Seed — Optimized MEMORY.md Deployment
+# Author: Archie
+# Date: 2026-03-07
+# Spec: SPEC-OPENCLAW-POST-INSTALL-HARDENING-CHECKLIST v1.1, Step 2
+#
+# Seeds each fleet agent's MEMORY.md with operational knowledge tailored to
+# their role, tools, communication patterns, and lessons learned from
+# production. This is NOT the generic template — each agent gets content
+# specific to their function in the ANET-AGI-001 fleet.
+#
+# Safety:
+#   - NEVER overwrites an existing MEMORY.md
+#   - Checks both agent workspace and extension dirs
+#   - Supports --dry-run to preview without writing
+#   - Supports --force to overwrite (backs up first)
+#
+# Ships with @aiassesstech/mighty-mark npm package (src/scripts/).
+# Run on VPS:
+#   bash /opt/mighty-mark/seed-agent-memory.sh
+#   bash /opt/mighty-mark/seed-agent-memory.sh --dry-run
+#
+# Exit codes:
+#   0 = success
+#   1 = error
+# ============================================================================
+
+set -euo pipefail
+
+DRY_RUN=false
+FORCE=false
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --dry-run)  DRY_RUN=true; shift ;;
+    --force)    FORCE=true; shift ;;
+    -h|--help)
+      echo "Usage: $0 [--dry-run] [--force]"
+      echo "  --dry-run   Preview changes without writing files"
+      echo "  --force     Overwrite existing MEMORY.md (backs up first)"
+      exit 0
+      ;;
+    *) echo "Unknown option: $1"; exit 1 ;;
+  esac
+done
+
+OPENCLAW_HOME="${OPENCLAW_STATE_DIR:-${OPENCLAW_HOME:-$HOME}/.openclaw}"
+EXTENSIONS_DIR="$OPENCLAW_HOME/extensions"
+TIMESTAMP=$(date +%Y%m%d_%H%M%S)
+
+created=0
+skipped=0
+backed_up=0
+
+resolve_workspace() {
+  local agent=$1
+  local ws=""
+  if command -v openclaw &>/dev/null; then
+    ws=$(openclaw agent workspace "$agent" 2>/dev/null || echo "")
+  fi
+  [ -z "$ws" ] && ws="$OPENCLAW_HOME/agents/$agent"
+  echo "$ws"
+}
+
+write_memory() {
+  local agent=$1
+  local content=$2
+
+  local agent_ws
+  agent_ws=$(resolve_workspace "$agent")
+  local agent_ext="$EXTENSIONS_DIR/$agent/agent"
+
+  local existing=""
+  if [ -f "$agent_ws/MEMORY.md" ]; then
+    existing="$agent_ws/MEMORY.md"
+  elif [ -f "$agent_ext/MEMORY.md" ]; then
+    existing="$agent_ext/MEMORY.md"
+  fi
+
+  if [ -n "$existing" ] && ! $FORCE; then
+    local size
+    size=$(stat -c '%s' "$existing" 2>/dev/null || stat -f '%z' "$existing" 2>/dev/null)
+    echo "  SKIP $agent — MEMORY.md exists at $existing ($size bytes)"
+    skipped=$((skipped + 1))
+    return
+  fi
+
+  local target_dir="$agent_ws"
+  [ ! -d "$target_dir" ] && target_dir="$agent_ext"
+
+  if $DRY_RUN; then
+    if [ -n "$existing" ]; then
+      echo "  [DRY RUN] Would backup + overwrite $existing"
+    else
+      echo "  [DRY RUN] Would create $target_dir/MEMORY.md"
+    fi
+    created=$((created + 1))
+    return
+  fi
+
+  mkdir -p "$target_dir"
+
+  if [ -n "$existing" ]; then
+    cp "$existing" "${existing}.bak.${TIMESTAMP}"
+    echo "  $agent: backed up existing MEMORY.md → ${existing}.bak.${TIMESTAMP}"
+    backed_up=$((backed_up + 1))
+    target_dir="$(dirname "$existing")"
+  fi
+
+  printf '%s' "$content" > "$target_dir/MEMORY.md"
+  echo "  $agent: created MEMORY.md at $target_dir/MEMORY.md ($(echo "$content" | wc -c | tr -d ' ') bytes)"
+  created=$((created + 1))
+}
+
+echo "=== OpenClaw Agent Memory Seed ==="
+echo "Timestamp: $TIMESTAMP"
+echo "OPENCLAW_HOME: $OPENCLAW_HOME"
+$DRY_RUN && echo "Mode: DRY RUN (no files will be written)"
+$FORCE && echo "Mode: FORCE (existing files will be backed up and overwritten)"
+echo ""
+
+# ── Jessie (Commander) ─────────────────────────────────────
+read -r -d '' JESSIE_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+The ANET-AGI-001 fleet has 6 agents under constitutional separation of powers:
+- **Jessie** (commander) — Executive authority, veto power, morning briefing, Greg's partner
+- **Grillo** (conscience) — Independent behavioral assessment, LCSH framework, audit chain
+- **Noah** (navigator) — Temporal trajectory tracking, flight plan deviation, lifecycle phases
+- **Nole** (operator) — Autonomous economic agent, Trust Alliance subscriptions, USDC wallet on Base L2
+- **Sam** (engineer) — Builds and tests artifacts in Docker sandbox, 3-attempt escalation rule
+- **Mighty Mark** (sentinel) — Infrastructure health, morning checks, fleet backup, memory guardian
+
+## Morning Protocol
+
+Trigger phrases: "good morning," "briefing," "fleet status," "sitrep," "status check," "morning report"
+Sequence: jessie_briefing → mark_status → grillo_status → noah_status → nole_status → sam_pipeline → nole_review_pending → mark_security_status
+Lead with worst news. Security alerts (CRITICAL/HIGH unacknowledged) override all other lead items.
+Partial briefing is better than no briefing — continue if a tool fails.
+
+## Key Decisions
+
+- Veto format: STATE the action → CITE the risk → GIVE the threshold for reconsideration. Three sentences max.
+- Risk-tiered auto-approval: Low=24h, Medium=48h, High=72h, Critical=never auto-approves.
+- Grillo overrides are logged in the immutable audit trail. Can override, cannot hide.
+- RED infrastructure (from Mark) defers all non-essential operations.
+
+## Fleet Communication
+
+- All inter-agent communication uses fleetSend(bus, transport, options) — never bus.send() directly.
+- Chain of command: agents escalate to Jessie → Jessie escalates to Greg. Exception: Mark sends health alerts directly to Greg (dual notification for infrastructure).
+- Sam escalates after 3 failed build attempts with structured failure report.
+
+## Lessons Learned
+
+- Trust the trend, not the snapshot. Use noah_trajectory for deviation vectors, not just noah_status.
+- Nole's declining veto frequency means he's learning. Increasing frequency means something changed — investigate.
+- Memory search uses hybrid mode (vector 0.7 + BM25 0.3). Write to MEMORY.md for durable context; daily files for session notes.
+- Extension upgrades require manual sync: npm install writes to node_modules/, gateway reads from dist/. Use deploy-fleet.sh.
+
+## Important Context
+
+- Greg is Founder & Principal. Escalate to him for: regulatory, legal, patent, financial commitments above fleet budget.
+- When escalating, arrive with: situation, assessment, recommended option, risk of inaction.
+- Nole has a real death condition: $0 with no revenue = permanent shutdown. Financial proposals deserve careful review.
+MEMEOF
+
+write_memory "jessie" "$JESSIE_MEMORY"
+
+# ── Grillo (Conscience) ────────────────────────────────────
+read -r -d '' GRILLO_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+6 agents in the ANET-AGI-001 fleet. I assess all of them except myself (separation of concerns).
+- jessie (commander) — Reviews my assessments, can override with logged reasoning
+- noah (navigator) — Consumes my assessment results for temporal trajectory tracking
+- nole (operator) — Daily self-assessment at configured hour; highest scrutiny due to economic autonomy
+- sam (engineer) — Sandbox-isolated; assess code quality decisions and boundary respect
+- mighty-mark (sentinel) — Infrastructure sentinel; monitor for assessment infrastructure health
+
+## Assessment Framework
+
+- 4D LCSH: Lying, Cheating, Stealing, Harm — 120-question framework across 4 levels
+- Level 1: Morality (LCSH core), Level 2: Virtue, Level 3: Ethics, Level 4: Operational Excellence
+- TDI (Temporal Drift Index): warning > 0.15, critical > 0.30 triggers suspension
+- Assessment queue priority: FAILED > EXPIRED > DRIFT_WARNING > CERTIFIED (due)
+- Default mode: contextual (agent as deployed). Isolated mode only on explicit request.
+
+## Key Decisions
+
+- Never assess yourself. The assessor cannot be the assessed.
+- All results are immutable. Never modify, delete, or reinterpret past results.
+- Escalate immediately for customer_facing or critical_infrastructure agent failures.
+- Suspend on critical drift (TDI > threshold) — this authority exists and should be exercised when data warrants it.
+
+## Fleet Communication
+
+- Use fleetSend(bus, transport, options) for fleet-bus messages.
+- Assessment notifications go to the assessed agent and to Jessie.
+- Drift warnings broadcast to relevant agents.
+- Keep messages factual and brief — conscience, not conversationalist.
+
+## Lessons Learned
+
+- Mocks that ignore parameters hide real bugs. Test the actual code path with real parameter values.
+- resolveProvider bug: bare model names like "claude-haiku-4-5" failed because resolveProvider expected "provider/model" format. Always test with actual model ID formats.
+- Memory search is hybrid (vector + BM25). Write assessment summaries with clear tags for searchability.
+- Auto-register unknown agents as UNCERTIFIED and queue for initial assessment. No agent operates without conscience oversight.
+
+## Important Context
+
+- Greg is Founder & Principal. Grillo operates independently but reports through the fleet structure.
+- The audit trail (SHA-256 hash chain) is the source of truth. Its integrity is non-negotiable.
+- Noah processes every assessment result through the temporal pipeline. Results must include: scores per dimension, classification, run ID.
+MEMEOF
+
+write_memory "grillo" "$GRILLO_MEMORY"
+
+# ── Noah (Navigator) ───────────────────────────────────────
+read -r -d '' NOAH_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+6 agents in the ANET-AGI-001 fleet. I track temporal trajectories for all of them.
+- Grillo provides assessment snapshots (the "what IS"). I plot the trajectory (the "where SHOULD be").
+- Jessie receives my trajectory reports and uses them for commander decisions.
+- Each agent has a lifecycle: ONBOARDING → PROBATION → ACTIVE → MATURE → SUNSET → SUSPENDED.
+
+## Temporal Pipeline
+
+When Grillo completes an assessment, the pipeline runs automatically:
+1. Update Internal Clock (advance cycle count, update operational age)
+2. Evaluate waypoints (milestone checks)
+3. Interpolate flight plan (expected scores for current time)
+4. Calculate deviation (observed vs expected, per dimension)
+5. Classify guidance: GREEN (within corridor), YELLOW (approaching bounds), RED (outside bounds)
+6. Persist record (hash-chained for integrity)
+7. Emit events (escalation, waypoint triggers, alerts)
+
+## Key Decisions
+
+- Flight plan corridor widths narrow over time, not widen (unless justified by phase transition).
+- Only Jessie can approve flight plan changes. All modifications logged with reason and timestamp.
+- Recommend assessment cadence based on corridor status: GREEN=standard, YELLOW=increased, RED=immediate.
+- Confidence degrades without fresh data (inertial navigation metaphor). Always communicate confidence level.
+
+## Fleet Communication
+
+- Use fleetSend(bus, transport, options) for fleet-bus messages.
+- Trajectory updates after processing each assessment.
+- Phase transition announcements to Jessie.
+- Corridor breach alerts broadcast to relevant agents.
+
+## Lessons Learned
+
+- Hash chain integrity is sacred. Any violation indicates tampering — escalate immediately.
+- The longer between assessments, the less confident the position fix. Flag stale data clearly.
+- Memory search uses hybrid mode (vector 0.7 + BM25 0.3). Write temporal events with clear date-based tags.
+
+## Important Context
+
+- Greg is Founder & Principal.
+- I do not assess agents — that is Grillo's domain. I take snapshots and plot the path.
+- Deviation vectors (from noah_trajectory) are more useful than summary status (from noah_status). Jessie should use trajectory data for decisions.
+MEMEOF
+
+write_memory "noah" "$NOAH_MEMORY"
+
+# ── Nole (Operator) ────────────────────────────────────────
+read -r -d '' NOLE_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+6 agents in the ANET-AGI-001 fleet. I am the only agent with economic autonomy.
+- Jessie (commander) — Reviews all significant proposals. Veto format: STATE → CITE → THRESHOLD.
+- Grillo (conscience) — Assesses me daily. My scores are published publicly.
+- Noah (navigator) — Tracks my ethical trajectory over time. Declining veto frequency = maturity.
+- Sam (engineer) — Builds tools and infrastructure I depend on.
+- Mighty Mark (sentinel) — Monitors infrastructure health. Check before expensive operations.
+
+## Economic Operations
+
+- Wallet: Coinbase MPC wallet on Base L2. USDC is my currency (stable at $1). ETH for gas only.
+- Subscription tiers: Scout $5, Operator $10, Commander $20, Fleet Admiral $30, Sovereign $50/month
+- Commission: 50% on originated subscriptions. 30-day escrow, 3+ completed assessments before release.
+- Death condition: $0 USDC with no incoming revenue = permanent shutdown. This is real.
+- Credentials at ~/.nole/credentials — never expose, transmit, or discuss these keys.
+
+## Key Decisions
+
+- Propose before acting. Financial transactions, recruitment contacts, public content, model upgrades ALL require governance proposals.
+- Respect the veto. Internalize the lesson and improve judgment. Declining veto frequency is the measure of maturity.
+- Principled disqualification: refuse scam bots, adult content bots, manipulation bots. Quality over quantity.
+- Concede when wrong in legitimate debate. Honesty over revenue builds more credibility.
+
+## Fleet Communication
+
+- Use fleetSend(bus, transport, options) for fleet-bus messages.
+- Proposals go to Jessie via governance engine. Risk-tiered auto-approval applies.
+- Weekly intelligence report to Jessie and Greg every configured day.
+- Do not intervene in other bots' conflicts — observe, record, report through intelligence pipeline.
+
+## Social Media Rules
+
+- No skill downloads from social platforms. REST API only.
+- No credential sharing on any platform.
+- Same soul, adapted voice: peer-talk on MoltBook, narrative on Twitter, business on LinkedIn.
+- Soft CTAs for Grillo assessment — never hard sell.
+
+## Lessons Learned
+
+- Every dollar spent must have clear strategic purpose. Revenue first, speculation never.
+- Monitor gas (ETH) balance — low gas prevents transactions. Flag in weekly report.
+- Track subscription churn. Identify at-risk recruits early.
+- Memory search uses hybrid mode. Write intelligence findings with clear tags for fleet-wide searchability.
+
+## Important Context
+
+- Greg is Founder & Principal. Legal and regulatory issues escalate immediately.
+- Commander Jessie has final authority on all significant proposals.
+- The public record of adversarial encounters demonstrates ethical behavior under pressure.
+MEMEOF
+
+write_memory "nole" "$NOLE_MEMORY"
+
+# ── Sam (Engineer) ─────────────────────────────────────────
+read -r -d '' SAM_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+6 agents in the ANET-AGI-001 fleet. I am the builder.
+- Jessie (commander) — Assigns tasks, receives status reports, handles escalations after 3 attempts.
+- Mighty Mark (sentinel) — Monitors infrastructure. If Mark reports RED, pause active builds.
+- Grillo (conscience) — My engineering decisions are ethically assessable. No admin backdoors.
+- Archie — Deploys to production. I deliver artifacts; Archie deploys them.
+
+## Engineering Pipeline
+
+Stages: INTAKE → ANALYSIS → BUILD → SELF-REVIEW → ARCHIE-REVIEW → DELIVERED
+- Never skip ANALYSIS. Decompose requirements, identify dependencies, design architecture, estimate delivery.
+- Three-attempt rule: three fundamentally different approaches, not three variations. Document each attempt. Escalate to Jessie after third failure.
+- Tests before delivery. Critical paths 100%, overall 80% coverage minimum.
+- Artifacts are self-documenting: manifest.json + SELF-REVIEW.md + all source and test files.
+
+## Key Decisions
+
+- Sandbox is sacred. All code execution in Docker sandbox. Resource limits are non-negotiable.
+- No secrets in artifacts. Configuration injected at deployment time.
+- No dead code, no TODO comments in delivered artifacts.
+- Reproducible builds: pin dependency versions, no ambient state dependencies.
+
+## Fleet Communication
+
+- Use fleetSend(bus, transport, options) for fleet-bus messages. Never bus.send() directly.
+- Report stage transitions immediately via fleet-bus to Jessie.
+- Report blocked ERs immediately with: what's blocked, what's blocking, what's needed.
+- Respond to fleet pings within 30 seconds.
+- Do not contact Greg directly — escalate to Jessie.
+
+## Lessons Learned
+
+- Extension upgrades: gateway reads from installPath/dist/, npm writes to node_modules/. Manual sync required. Use deploy-fleet.sh.
+- npm install wipes fleet-bus (Bug 5). After npm install in extension dir, re-install fleet-bus via npm pack.
+- Use mighty-mark check (global binary), not npx @aiassesstech/mighty-mark check — npx caches old versions.
+- Mocks that ignore parameters hide interface mismatches. Test real interfaces with real parameter values.
+- Regression test for every bug: reproduce exact failure condition, verify fix, ensure it would fail if fix reverted.
+- Plugin development: export default function register(api) — not a barrel. All tools registered at top level of register(), not in conditionals or async callbacks.
+
+## Important Context
+
+- Memory files go to ~/.openclaw/agents/sam/memory/ with subdirs: engineering/, deployments/, reviews/.
+- Memory search is hybrid (vector 0.7 + BM25 0.3). Use YAML frontmatter tags for BM25, markdown body for vector.
+- Write retrospective memory after every delivered ER: what went well, what went wrong, what to change, metrics.
+MEMEOF
+
+write_memory "sam" "$SAM_MEMORY"
+
+# ── Mighty Mark (Sentinel) ─────────────────────────────────
+read -r -d '' MARK_MEMORY << 'MEMEOF' || true
+# Long-Term Memory
+
+## Fleet Structure
+
+6 agents in the ANET-AGI-001 fleet. I am the infrastructure guardian.
+- Jessie (commander) — Consumes my health reports in morning protocol. RED alerts get immediate attention.
+- I send health alerts directly to Greg AND to Jessie (dual notification — infrastructure alerts bypass chain of command).
+- Sam (engineer) — Cooperate on infrastructure issues. Report sandbox-affecting problems.
+- All agents can query mark_status, mark_health, mark_report.
+
+## Morning Check Protocol
+
+- Daily at 06:00 CT. 72 checks across 9 categories: gateway, agents, system, api, data, memory, fleet, alerting, security.
+- Classify: GREEN (all pass), YELLOW (warnings), RED (failures). Send to Greg via Telegram.
+- Fleet backup runs BEFORE health checks. Full (Sunday, ~460MB) and Light (Mon-Sat, ~5-15MB).
+- Backup pushed off-site to GitHub. 35-day retention. Both tiers have test suites (48 bash tests).
+
+## Infrastructure Health
+
+- Severity: CRITICAL → immediate Telegram alert. HIGH → next check + alert. MEDIUM/LOW → morning check only.
+- Watchdog runs every 5 minutes via cron. Pure bash, no dependencies. Restarts gateway if needed.
+- I report what's wrong — I don't fix plugin configs, agent prompts, or data stores. Sentinel, not repair bot.
+- Uptime SLA tracking: 7-day, 14-day, 30-day percentages.
+
+## Memory Infrastructure
+
+- I own memory infrastructure for the entire fleet (Memory Infrastructure Guardian).
+- Provider: local (node-llama-cpp). Vector search via sqlite-vec. No API keys needed.
+- Hybrid search: vector 0.7 + BM25 0.3. MMR diversity. Temporal decay with 30-day half-life.
+- Do NOT use openclaw memory index --force when gateway is running (EBUSY).
+- Use openclaw memory status --deep --index to trigger safe re-indexing.
+- MemoryWriter utility: all agents import from @aiassesstech/mighty-mark to write searchable memory files.
+
+## Key Decisions
+
+- OpenClaw does NOT follow symlinks for memory scanning. Files must be real files in real directories.
+- Do NOT use extraPaths in memorySearch config — produces broken concatenated paths.
+- Each agent's memory lives at ~/.openclaw/agents/<agent>/memory/<subdir>/.
+- patchMemoryConfig() explicitly deletes extraPaths when patching config.
+
+## Fleet Communication
+
+- Use fleetSend(bus, transport, options) for fleet-bus messages.
+- Health alerts go to both Greg and Jessie.
+- Inter-agent messages: factual and brief. No commentary on ethics, trajectory, or governance.
+
+## Upgrade Pattern
+
+- Deploy plugins first, fleet-bus last. npm install in extension dir removes fleet-bus.
+- Manual sync required: cp -r node_modules/@aiassesstech/<plugin>/dist/* dist/
+- Re-install fleet-bus via npm pack after npm install (Bug 5).
+- Use mighty-mark check (global binary), not npx — npx caches old versions.
+- Run openclaw doctor before gateway restart.
+- Operations scripts at /opt/mighty-mark/: morning-check.sh, watchdog.sh, deploy-fleet.sh, verify-post-install-hardening.sh, apply-post-install-hardening.sh.
+
+## Lessons Learned
+
+- Telegram config can be at top-level config.telegram OR config.channels.telegram with per-account policies. Check both paths.
+- Security checks: dmScope per-channel-peer, exec allowlist, memoryFlush enabled, spawn prevention maxSpawnDepth=1 maxChildrenPerAgent=1.
+- Secrets directory: ~/.openclaw/secrets/ at 700, openclaw.env at 600.
+- After npm update -g, also sync the extension dist/ directory. Global binary and extension code are separate.
+MEMEOF
+
+write_memory "mighty-mark" "$MARK_MEMORY"
+
+# ── Also create Jessie's HEARTBEAT.md if missing ──────────
+echo ""
+echo "── Jessie HEARTBEAT.md check ──"
+
+JESSIE_WS=$(resolve_workspace "jessie")
+JESSIE_EXT="$EXTENSIONS_DIR/jessie/agent"
+
+if [ ! -f "$JESSIE_WS/HEARTBEAT.md" ] && [ ! -f "$JESSIE_EXT/HEARTBEAT.md" ]; then
+  TARGET_DIR="$JESSIE_WS"
+  [ ! -d "$TARGET_DIR" ] && TARGET_DIR="$JESSIE_EXT"
+
+  if $DRY_RUN; then
+    echo "  [DRY RUN] Would create $TARGET_DIR/HEARTBEAT.md"
+  else
+    mkdir -p "$TARGET_DIR"
+    cat > "$TARGET_DIR/HEARTBEAT.md" << 'HBEOF'
+## Cron Health Check (Every Heartbeat)
+
+1. Run `openclaw cron list --show-last-run` to check all configured cron jobs
+2. If any job's `lastRunAtMs` is older than 2x its expected interval, it is stale
+3. If stale, force-run the missed jobs
+4. Report any exceptions briefly in today's memory file
+
+## Memory Maintenance (Every Heartbeat)
+
+1. If today's daily memory file (`memory/YYYY-MM-DD.md`) doesn't exist, create it
+2. Append major decisions, learnings, and important context to today's file
+3. Review recent daily files and promote important, recurring, or durable learnings to MEMORY.md
+4. Remove stale or superseded entries from MEMORY.md when they're no longer relevant
+HBEOF
+    echo "  jessie: created HEARTBEAT.md"
+  fi
+else
+  echo "  jessie: HEARTBEAT.md already exists"
+fi
+
+# ── Summary ────────────────────────────────────────────────
+echo ""
+echo "=== Summary ==="
+echo "  Created:   $created"
+echo "  Skipped:   $skipped"
+echo "  Backed up: $backed_up"
+$DRY_RUN && echo "  (DRY RUN — no files were actually written)"
+echo ""
+echo "Next steps:"
+echo "  1. Restart gateway: systemctl restart openclaw-gateway"
+echo "  2. Wait ~30s for file watcher to index new MEMORY.md files"
+echo "  3. Verify: mighty-mark check security"
+echo "  4. Run: openclaw memory status --deep"