mishkan-harness 0.1.0

package/docs/design/MISHKAN_ontology.md

@@ -0,0 +1,87 @@
+# MISHKAN — Cognee Graph Ontology
+
+The schema for the shared knowledge graph. Entity types are nodes; relationship
+types are edges. The graph starts near-empty and grows through working sessions —
+nothing is pre-seeded except the curated library (Phase 8).
+
+This ontology is versioned in `harness/` so changes are reviewable. Schema drift
+is expected; amend with a dated entry rather than rewriting silently.
+
+---
+
+## Entity types (nodes)
+
+| Entity | Description | Key properties |
+|---|---|---|
+| **Agent** | One of the 45 MISHKAN agents | `alias`, `team`, `role`, `model_tier` |
+| **Team** | One of the six teams | `name`, `hebrew`, `domain`, `lead_alias` |
+| **Project** | A repo MISHKAN was initialised on | `name`, `path`, `stack`, `created_sprint` |
+| **Sprint** | A delivery cycle within a project | `id` (S0, S1…), `project`, `started`, `closed`, `milestone` |
+| **Task** | A scoped unit of work | `id` (T-N), `sprint`, `description`, `status`, `assigned_team`, `assigned_agent` |
+| **Decision** | An architectural or scope decision | `id`, `made_by`, `sprint`, `summary`, `drivers`, `consequences`, `adr_ref` |
+| **ResearchOutput** | A resolved research pipeline result | `id`, `agent`, `team`, `query_intent`, `summary`, `outcome`, `applied_to_task` |
+| **CaseNode** | A problem solved using a curated resource | `team`, `agent`, `problem_class`, `resource_applied`, `resolution`, `outcome`, `sprint`, `task` |
+| **CuratedResource** | A vetted professional reference | `name`, `url`, `team`, `problem_class`, `source_tier` |
+| **Incident** | A documented failure + recovery | `id`, `date`, `service`, `root_causes[]`, `resolution`, `postmortem_ref` |
+| **ADR** | Architecture Decision Record | `id`, `title`, `date`, `status`, `drivers`, `decision`, `consequences` |
+| **RunbookProcedure** | An operational procedure | `id`, `title`, `service`, `trigger`, `steps_ref`, `status` |
+| **SecurityFinding** | A finding from Mishmar | `id`, `severity`, `location`, `rule_violated`, `remediation`, `status`, `sprint` |
+| **CuratedLibraryHit** | Telemetry: a curated resource was used | `resource`, `team`, `problem_class`, `sprint`, `count` |
+
+---
+
+## Relationship types (edges)
+
+| Edge | From → To | Meaning |
+|---|---|---|
+| **member-of** | Agent → Team | agent belongs to team |
+| **leads** | Agent → Team | agent is the team lead |
+| **assigned-to** | Task → Agent / Team | who owns the task |
+| **part-of** | Task → Sprint, Sprint → Project | hierarchy |
+| **applies-to** | CuratedResource → Task / problem_class | resource is relevant here |
+| **supersedes** | ADR → ADR, Decision → Decision, Doc → Doc | replaces a prior |
+| **validated-by** | Decision → ResearchOutput / CaseNode | evidence backing a decision |
+| **blocks** | Task → Task, SecurityFinding → Task | dependency / gate |
+| **derives-from** | Decision → ResearchOutput, ADR → Decision | provenance |
+| **escalated-to** | Task / Decision → Agent | who it was escalated to |
+| **written-by** | ResearchOutput / Decision / CaseNode → Agent | authorship |
+| **references** | any → any | loose citation link |
+| **mitigates** | Decision / Task → SecurityFinding / Incident | what addresses a risk |
+| **resolved-by** | Incident / SecurityFinding → Task / Decision | closure link |
+| **uses** | CaseNode → CuratedResource | which resource solved the case |
+| **documents** | ADR / RunbookProcedure → Decision / Incident / Task | doc covers this |
+
+---
+
+## Blast-radius tagging
+
+Every node written to the graph carries a `blast_radius` property used by the
+knowledge-promotion model (design §9):
+
+- `agent-private` — stays in subagent MEMORY.md, not promoted to graph
+  (these generally do not reach Cognee at all).
+- `team-level` — promoted by Team Lead; tagged with `team`.
+- `cross-harness` — promoted by Nehemiah + Bezalel at sprint close; visible
+  to all agents.
+
+Only `team-level` and `cross-harness` nodes live in Cognee. `agent-private`
+knowledge stays in flat MEMORY.md files per the promotion model.
+
+---
+
+## Query patterns the improvement layer relies on
+
+These saved queries (Phase 8) read the graph:
+
+1. **Most expensive agents per sprint** — `Agent` nodes with aggregated
+   observability metrics, ordered by cost.
+2. **Tools called most per team** — observability metrics grouped by `team`.
+3. **Blocker hot spots** — `Task` nodes with `blocks` edges, clustered.
+4. **Components accumulating findings** — `SecurityFinding` nodes grouped by
+   `location`.
+5. **Curated library hit rate per problem class** — `CuratedLibraryHit`
+   aggregated by `problem_class`, joined to `CuratedResource`.
+
+---
+
+*Ontology v1, locked May 2026. Amend with dated entries on schema drift.*

package/docs/design/MISHKAN_token_optimisation.md

@@ -0,0 +1,181 @@
+# MISHKAN — Token Optimisation & Context Management
+
+How the harness manages context and token usage **on top of Claude** — by
+leveraging the platform's native primitives, not by replacing them. MISHKAN never
+intercepts or rewrites a Claude request. It is a discipline of **input
+composition**: arrange what enters each call so the Claude model's own cost and
+context behaviour falls in the engineer's favour.
+
+This is the operational detail behind §11 of `MISHKAN_harness_design.md`.
+
+---
+
+## 1. The cost model being optimised
+
+Every agent run is one Claude API request. The model bills input tokens at two
+rates and output at one:
+
+```
+   cost ≈ (uncached_input × 1.0) + (cached_input × ~0.1) + (output × 1.0)
+```
+
+- **Cached input** — a prefix byte-identical to a recent call is read from cache
+  at roughly a tenth of the price (ephemeral cache, a few minutes' TTL).
+- **Uncached input** — everything new or changed, at full price.
+- **Output** — always full price.
+
+Three levers follow directly, and every MISHKAN mechanism pulls one or more:
+**(a) grow cached_input · (b) shrink uncached_input · (c) keep the whole window
+small** so nothing resident wasn't needed.
+
+---
+
+## 2. Anatomy of one agent call
+
+Claude Code assembles each request from fixed parts, in order. MISHKAN's
+arrangement splits them into a stable, cacheable prefix and a variable suffix:
+
+```
+   ┌───────────────────────────────────────────────┐  ┐
+   │ system prompt (Claude Code core)               │  │
+   │ agent definition (.md role block + tools)      │  │  STABLE PREFIX
+   │ ~/.claude/CLAUDE.md (engineer identity)        │  │  byte-identical
+   │ y4nn-standards + engineer-standards            │  │  call-to-call
+   │ matched path-scoped rules                      │  │  → CACHEABLE (~0.1x)
+   ├───────────────────────────────────────────────┤  ┘
+   │ project ./CLAUDE.md (sprint state)             │  ┐
+   │ task / conversation so far                     │  │  VARIABLE SUFFIX
+   │ tool results · Cognee summaries                │  │  → full price
+   └───────────────────────────────────────────────┘  ┘
+```
+
+Every agent file enforces this with a trailing `## Dynamic Context Injection
+Point` marker: everything above it is stable and caches; the changing sprint
+state and task sit below.
+
+---
+
+## 3. The five mechanisms — native primitive × MISHKAN formulation
+
+| # | Claude primitive (native) | MISHKAN formulation (input-shaping) | Lever |
+|---|---|---|---|
+| 1 | **Prompt caching** of a stable prefix | "static first, dynamic last" ordering in every agent; standards/rules above the injection point stay byte-stable | grow cached |
+| 2 | **Subagent isolation** — each Task subagent has its own context window | the 45-agent org; heavy work runs in disposable child windows, only summaries return to the parent | shrink window |
+| 3 | **Per-agent tool grants** + deferred tool schemas | tight `tools:` per agent (QA has no Write, reporters no Bash, Jakin only Read) | shrink uncached |
+| 4 | **Rule loading by glob match** | path-scoped team rules (33–39 globs each); only 3 `common/` rules are always-on | shrink uncached |
+| 5 | **MCP external store** | Cognee offloading — full artifacts to the graph, summary + node-id in context (`context-compress` skill) | shrink window |
+
+### 3.1 Prompt caching — formulated by ordering
+
+Caching fires only on a byte-identical prefix. Putting the role, standards, and
+matched rules first makes them a stable prefix that caches; the variable task sits
+last. Two calls to the same agent in a session pay full price only for what
+differs:
+
+```
+   call #1 → Hizkiah:  [role+standards+rules][task A]   prefix WRITE (~1.25x once)
+   call #2 → Hizkiah:  [role+standards+rules][task B]   prefix HIT (~0.1x); only task B full price
+```
+
+### 3.2 Subagent isolation — formulated by decomposition (the biggest lever)
+
+When an orchestrator routes via the Task tool, the specialist runs in its **own**
+window. Its file reads, research, and scans never enter the parent's context; only
+the final message returns. The main conversation stays lean regardless of how much
+work happens beneath it.
+
+```
+   MAIN THREAD (lean)                  SUBAGENT WINDOWS (isolated, discarded)
+   Nehemiah ─Task─► Hizkiah  ───────►  [reads/edits ≈30k tokens of work]
+                    returns ◄────────  "done: 3 files, contract held" (~200 tok)
+            ─Task─► Caleb    ───────►  [web research ≈25k tokens]
+                    returns ◄────────  "PKCE S256; sources […]"        (~300 tok)
+```
+
+This is **why disabling auto-compaction is low-risk in MISHKAN**: the token-heavy
+history is never on the main thread to compact — it was spent and dropped in child
+windows. (See §5.)
+
+### 3.3 Tool grants — formulated by frontmatter
+
+Each tool's JSON schema costs input tokens. Tight per-agent `tools:` lists mean an
+agent never carries schemas for tools it cannot use.
+
+### 3.4 Rule scoping — formulated by globs
+
+A rule's body is tokens. `backend/yasad.md` contributes **zero** while editing a
+`.css`; it loads only when a matching path is touched. The rule budget tracks the
+file in hand.
+
+### 3.5 Cognee offloading — formulated by externalising state
+
+Context is not history. Instead of carrying a 3,000-token result forward, write it
+to the graph and keep a ~150-token summary + node id; query for detail on demand.
+This is the **deliberate, into-a-store** counterpart to letting the model
+auto-summarise the conversation.
+
+---
+
+## 4. What "on top of Claude" means
+
+```
+                 Claude model  (caching · context window · tool-use)   ← unchanged
+                       ▲
+                       │  MISHKAN shapes INPUTS only:
+   ┌───────────────────┴─────────────────────────────────────────┐
+   │ file ORDER       → what caches      (static-first)            │
+   │ agent BOUNDARIES → what's resident  (subagent fan-out)        │
+   │ tool GRANTS      → schema weight    (tight tools:)            │
+   │ glob SCOPES      → rule weight      (path-matched)            │
+   │ store CHOICE     → context vs graph (Cognee offload)          │
+   └───────────────────────────────────────────────────────────────┘
+```
+
+No request interception, no rewriting. The platform's native behaviour does the
+work; MISHKAN composes the inputs so it works in the engineer's favour.
+
+---
+
+## 5. Interaction with auto-compaction
+
+Auto-compaction (Claude Code native) summarises older context when the window
+fills, so long sessions don't hit a wall. The engineer runs with
+`autoCompactEnabled: false` — preferring exact, un-rewritten context (consistent
+with verify-before-fix and no-fabrication).
+
+MISHKAN makes that safe in the common path because:
+
+- **Subagent isolation** keeps the heavy history off the main thread.
+- **Cognee offloading** is the manual, reviewed substitute for auto-summarisation.
+- **CLAUDE.md re-injection** reloads sprint state from file, not from a summary.
+
+**Where compaction-off still bites:** a long exploration chat with
+Nehemiah/Bezalel that never spawns a subagent accumulates on the main thread with
+no auto-rescue. Mitigation is manual: `/context-compress`, or capture intent into
+`/mishkan-init` and start a fresh session.
+
+---
+
+## 6. Model tiering (cost, complementary to tokens)
+
+Tokens and model choice are separate cost axes. `config/model-routing.yaml` sets a
+Claude tier per agent role: **Opus** for orchestration/leads, **Sonnet** for any
+agent that writes code/config, **Haiku** for evaluate/collect/advise roles. Tiering
+cuts cost without touching the token mechanics above.
+
+---
+
+## 7. Targets and honest gaps
+
+- **Budget target:** under ~10 active MCPs and ~80 loaded tools at any time.
+  Currently discipline + per-agent `tools:` lists — **not an enforced gate**.
+- **Cache-hit measurement** is aspirational: the PostToolUse hook captures
+  tool/outcome but not token/cache fields (the hook payload doesn't expose them),
+  so cache-hit-rate must be derived Cognee-side once enriched.
+- **Auto-compaction is off** by setting; §5 covers the implications.
+
+---
+
+*Operational detail for `MISHKAN_harness_design.md` §11. Mechanisms are native to
+the Claude model and Claude Code; MISHKAN's contribution is the input composition
+that makes them pay off.*

package/docs/engineer/README.md

@@ -0,0 +1,37 @@
+# Engineer Profile — canonical, replaceable
+
+This directory holds the **single source of truth** for the engineer the harness
+serves. It is meant to be edited or replaced by the engineer.
+
+| File | Role |
+|---|---|
+| `profile.md` | Canonical, agent-loadable profile. This is what MISHKAN agents load as engineer context (copied at install/sync to `~/.claude/mishkan/profile.md`). |
+| `profile-readable.md` | Human-readable narrative companion. Reference, not loaded by agents. |
+
+## How it propagates
+
+`profile.md` is the source. Two layers consume it:
+
+1. **Mechanical (a script):** `scripts/sync-profile.sh` copies `profile.md` →
+   `~/.claude/mishkan/profile.md` (the runtime path every reference points at) and
+   audits the harness for stale references. Run it after any edit, or at install.
+
+2. **Semantic (an agent):** **Seraiah** (Sefer org-layer) owns re-deriving the
+   digests that were drawn *from* the profile when it materially changes — the
+   non-negotiables block in the user-level `CLAUDE.md` and any engineering-identity
+   docs. The script moves bytes; Seraiah keeps meaning in sync.
+
+## Replacing the profile (another engineer adopting MISHKAN)
+
+Drop your own `profile.md` here (keep the section structure — identity, how you
+think, stack, practice, AI-collaboration, strengths), run `scripts/sync-profile.sh`,
+then ask Seraiah to re-derive the user-level `CLAUDE.md` non-negotiables. Nothing
+else in the harness hardcodes the previous engineer.
+
+## What references this profile
+
+- `~/.claude/CLAUDE.md` (user-level identity → non-negotiables digest)
+- `~/.claude/mishkan/agents/seraiah.md` (org-layer identity owner)
+- runtime load path: `~/.claude/mishkan/profile.md`
+
+Run `scripts/sync-profile.sh --check` to list current references and flag drift.

package/docs/engineer/profile.example.md

@@ -0,0 +1,79 @@
+---
+name: engineer-profile
+description: Canonical engineer profile loaded as context by MISHKAN agents. THIS IS A SANITIZED EXAMPLE — copy to profile.md and fill with your own details. profile.md is gitignored; never commit real names, employers, hosts, IPs, or credentials.
+type: developer_profile
+version: 1.0
+scope: agent-loadable
+language: en
+---
+
+# Engineer Profile — EXAMPLE
+
+> Copy this file to `profile.md` (same directory) and replace every placeholder
+> with your own details, then run `scripts/sync-profile.sh`. `profile.md` is
+> gitignored so your real profile never enters the public repo. Keep the section
+> structure — agents rely on it.
+>
+> **Never put secrets, production IPs, internal hostnames, or other people's names
+> in a profile that will be published.** Operational specifics belong in your local
+> `profile.md`, not here.
+
+## 0. Identity
+
+```yaml
+name: <your name>
+handle: <your handle>
+github: <username>
+languages: [<spoken/working languages>]
+title: <your title>
+focus: <what you build — e.g. backend, infra, frontend, ML>
+```
+
+## 1. How you think about engineering
+
+A few sentences on your engineering philosophy. Examples of the kind of thing
+agents use: do you sequence design before code? verify before fixing? prefer
+durable solutions over workarounds? hold tight scope? State it plainly with the
+*why*, because agents apply principles they understand.
+
+## 2. How you work with AI
+
+```yaml
+delegation:
+  high:  [<work you delegate freely — e.g. UI, config, boilerplate>]
+  zero:  [<work AI must never execute — e.g. git push, prod ssh, sudo, migrations>]
+prompting_style: <terse/structured/exploratory…>
+non_negotiables: [<your hard rules>]
+```
+
+## 3. Stack
+
+```yaml
+languages: [<languages you ship in>]
+frontend:  [<frameworks/tools>]
+backend:   [<frameworks/tools>]
+data:      [<databases>]
+infra:     [<containers, CI, cloud, IaC>]
+security:  [<practices/tools>]
+ai_ml:     [<if applicable>]
+```
+
+## 4. Engineering practice
+
+- **Version control:** <commit conventions, branching>
+- **Deployment:** <how you ship>
+- **Documentation:** <who you write for, what depth>
+- **Testing:** <your bar>
+
+## 5. Strengths
+
+- <evidence-anchored strengths — what you're genuinely good at>
+
+## 6. Focus / growth areas
+
+- <what you're deepening — skills, practices, tooling>
+
+---
+
+*Sanitized example. Real profile lives in `profile.md` (gitignored). See
+`docs/engineer/README.md` for the propagation model.*

package/docs/usage/01-installation.md

@@ -0,0 +1,178 @@
+# 01 — Installation
+
+> Goal: get MISHKAN installed and running on a host so the next session in any
+> project picks it up automatically.
+
+## Prerequisites
+
+| Need | Why | How to check |
+|---|---|---|
+| **Claude Code** | the runtime | `claude --version` (≥ 2.x) |
+| **Node 18+** | the installer (`bin/mishkan.js`) is dependency-free Node | `node --version` |
+| **Docker** | the cognee memory stack runs locally in containers | `docker --version`, `docker ps` |
+| **Disk** | ~20 GB free (Neo4j volumes, ollama models, postgres) | `df -h` |
+| **`tsh` (optional)** | only if you're on a remote VPS and need to view the cognee UIs / Neo4j Browsers locally | `tsh version` |
+
+The harness assumes a **single-user** machine. Multi-tenant scenarios are not
+designed for and a few defaults (e.g. cognee's access control off) reflect that
+(see [Memory layer](./04-memory-layer.md) and [D-007](../design/MISHKAN_decisions.md)).
+
+## What gets installed where
+
+Two target areas, distinct on purpose:
+
+```
+~/.claude/                          ← user-level Claude Code config
+├── CLAUDE.md                       ← MISHKAN identity, loads on every session
+├── rules/
+│   ├── y4nn-standards.md           ← harness-maintained defaults (refreshed on update)
+│   └── engineer-standards.md       ← YOUR override layer (installer never touches it)
+├── settings.json                   ← hooks merged in (existing hooks preserved)
+└── mishkan/                        ← everything MISHKAN under one prefix
+    ├── agents/   (45)              ← Claude Code subagent definitions
+    ├── rules/                      ← common + path-scoped team rules (JIT load)
+    ├── hooks/                      ← security · observability · model-route · reporter
+    ├── skills/   (10+)             ← orchestrated workflows
+    ├── commands/                   ← /mishkan-init, /sprint-close, /promote, …
+    ├── config/                     ← model-routing.yaml, curated-library.yaml
+    └── cognee/                     ← Docker Compose stack for the memory layer
+```
+
+Per project, [`/mishkan-init`](./02-project-init.md) later seeds:
+
+```
+<project>/
+├── CLAUDE.md                       ← project state (sprint slot)
+├── .mcp.json                       ← cognee MCP connections (work + curated)
+└── .claude/
+    ├── rules/                      ← team rules copied for path-scoped loading
+    ├── settings.json               ← deny-list (git push, ssh, sudo, docker exec)
+    └── settings.local.json         ← gitignored local allow-list
+```
+
+## Install
+
+From a clone of the harness repo:
+
+```bash
+cd ~/path/to/harness
+node bin/mishkan.js install
+```
+
+Or via npx (after publishing — not done as of this writing):
+
+```bash
+npx mishkan-harness install
+```
+
+What the installer does (read `bin/mishkan.js` for the full list):
+
+1. Copies `payload/user/rules/*` → `~/.claude/rules/` (refreshing `y4nn-standards.md`,
+   installing `engineer-standards.md` once if absent).
+2. Copies `payload/mishkan/*` → `~/.claude/mishkan/` under one clean prefix.
+3. Symlinks `payload/mishkan/commands/*` → `~/.claude/commands/` (only if no
+   filename collision with existing user commands).
+4. Merges `payload/install/settings.hooks.json` into `~/.claude/settings.json`,
+   resolving the `{{MISHKAN}}` placeholder to the absolute install path.
+   **Existing hooks are preserved** (dedupe is by exact command string).
+5. Writes an install stamp (version + timestamp) for `status` to read later.
+
+## Verify the install
+
+```bash
+# layout
+ls -la ~/.claude/mishkan/
+
+# hooks merged
+python3 -c "import json; d=json.load(open('$HOME/.claude/settings.json'));
+print([ (e['matcher'], [h['command'] for h in e['hooks']]) for e in d['hooks']['PreToolUse']])"
+# expected matchers include: Write|Edit|MultiEdit, Task|Agent
+
+# model-routing hook is registered (live behaviour)
+python3 -c "import json; d=json.load(open('$HOME/.claude/settings.json'));
+assert any('model-route.py' in h['command']
+           for e in d['hooks']['PreToolUse']
+           for h in e['hooks']), 'model-route hook missing'
+print('model-route hook: OK')"
+
+# install stamp
+cat ~/.claude/mishkan/.install-stamp.json 2>/dev/null
+```
+
+## Bring the cognee memory stack up
+
+The harness ships the memory layer as a Docker Compose stack. Two boxes:
+**work** (per-project knowledge, port `:7777`) and **curated** (shared reference
+library, port `:7730`). See [memory layer](./04-memory-layer.md) for the
+full design.
+
+```bash
+cd ~/.claude/mishkan/cognee
+
+# 1. secrets — start from the example, SOPS-manage the real .env later
+cp .env.example .env
+# … fill LLM_API_KEY and pick a provider profile (see chapter 06)
+
+# 2. bring up the work stack (always with the hardening overlay)
+docker compose -f docker-compose.yml -f docker-compose.hardening.yml up -d --build
+
+# 3. bring up the curated box (one-time per host, idempotent helper)
+bash ~/.claude/mishkan/scripts/ensure-curated-box.sh
+
+# 4. seed the curated reference library (96 nodes; runs cognify→memify)
+bash ~/.claude/mishkan/scripts/seed-curated-library.sh
+```
+
+Health checks:
+
+```bash
+docker ps --filter 'name=mishkan-' --format '{{.Names}}\t{{.Status}}'
+# expected (all "healthy" once warm):
+#   mishkan-cognee-mcp        / -neo4j / -pg / -backend / -frontend
+#   mishkan-curated-mcp       / -neo4j
+#   mishkan-ollama
+#   (if curated UI overlay enabled) mishkan-curated-backend / -frontend
+
+curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1:7777/mcp  # 406 = healthy (no MCP handshake)
+curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1:7730/mcp  # 406 = healthy
+```
+
+## Upgrade
+
+Re-run the installer. The default standards file (`y4nn-standards.md`) is
+refreshed; **`engineer-standards.md` is left alone** so your customisations
+survive across updates. The hook fragment is merged additively.
+
+## Uninstall
+
+```bash
+node bin/mishkan.js uninstall
+```
+
+Removes:
+- `~/.claude/mishkan/` entirely.
+- Symlinks under `~/.claude/commands/` that point into the mishkan tree.
+- Hook entries whose command paths include `/mishkan/hooks/` are stripped from
+  `~/.claude/settings.json` (your own hooks remain).
+
+Does **not** remove:
+- `~/.claude/rules/` (you may keep, archive, or delete by hand).
+- The cognee Docker volumes (use `docker compose down -v` from
+  `~/.claude/mishkan/cognee/` if you also want to wipe the graph).
+
+## Status
+
+```bash
+node bin/mishkan.js status
+```
+
+Prints version, install timestamp, and a quick layout check.
+
+## See also
+
+- Up next: [Project initialisation](./02-project-init.md) — running
+  `/mishkan-init` in a project directory.
+- [LLM provider profiles](./06-llm-providers.md) — choosing what powers the
+  cognee LLM/embedding calls.
+- Live install record (D-005 npm package): [`docs/design/MISHKAN_decisions.md`](../design/MISHKAN_decisions.md).
+- Initial harness commit: `35fa034`.