Validation Reports

5.1 — Proveo Validation Report

AI Factory Audit — Plan Task 5.1 Validator: Angie Jones (Proveo) Date: 2026-05-09 Audit deliverables reviewed: p1/{1.1,1.2,1.3,1.4}, p2/{2.1,2.2,2.3}, p3/3.1-health-matrix.md, p4/{4.1,4.2,4.3}

---

Section 1 — Probe Re-Run (10% sample of 17 health-matrix rows)

Five probes selected to cover memory (A1), dispatch (C1), RAG (H1), daemon (D1 verifier), and HiveDB (A3).

---

Probe 1 — mem0 health endpoint (maps to P3.1 row A1)

Original claim (P3.1 A1): mem0 PARTIAL — write acknowledged, semantic search returns count:1 but results:[] for new user_id audit-test.

Fresh probe:

curl -s http://localhost:9000/health

Output:

{"status": "healthy", "backend": "qdrant", "llm": "qwen3:8b-q8_0@ollama",
 "embedder": "bge-m3@ollama",
 "collections": ["mem0migrations","sessions","hivemind","mem0_john","knowledge"],
 "mem0_collection": "mem0_john"}

Verdict: REPRODUCED

mem0 health endpoint returns status: healthy as stated. Qdrant backend and collections list match the P3.1 evidence. The health plane is intact. The partial-retrieval issue noted in P3.1 (write-acknowledged, empty results for new user_id) is consistent with the collections list — audit-test user would not have a named collection in the list above, confirming P3.1's hypothesis about namespace creation lag.

---

Probe 2 — HiveDB intel count (maps to P3.1 row A3)

Original claim (P3.1 A3): sqlite3 ~/system/databases/hivemind.db "SELECT COUNT(*) FROM intel;" → 17560, latest entries dated 2026-05-09.

Fresh probe:

sqlite3 ~/system/agents/hivemind/hivemind.db "SELECT COUNT(*) FROM intel;"

Output: 17569

Verdict: REPRODUCED (with expected drift)

Count at probe time is 17,569 — 9 rows above the 17,560 from P3.1. This is a live write-active store; 9 new intel rows in the intervening period is consistent with normal HiveMind alert traffic. P3.1's claim that the store is live and functional is confirmed. The P3.1 "Surprises" note (HiveDB read API exists — P1 claim of "no read API" is wrong) stands confirmed.

---

Probe 3 — pi-orchestrator PID 75750 alive (maps to P3.1 row C1)

Original claim (P3.1 C1): PID 75750 running since Fri 12pm; curl http://localhost:8401/health → CONNECTION REFUSED.

Fresh probe:

ps aux | grep pi-orchestrator | grep -v grep

Output:

makinja  75750  0.0  0.1 436177552  61728  ??  S  fre.12p.m.  0:22.29
  /opt/homebrew/bin/node /Users/makinja/system/kernel/pi-orchestrator.js start

Verdict: REPRODUCED

PID 75750 is identical — same process, same start time (Friday 12pm), same command. The process has not been restarted, crashed, or replaced since P3.1 was written. This confirms the pi-orchestrator is running but its internal HTTP listener never came up. P3.1's "PARTIAL" verdict is correct: process alive, control plane dead.

Additional validation: confirmed no port 8401 listener and no verify-fix-loop invocation in kernel or hooks (zero grep hits in ~/system/kernel/pi-orchestrator.js and ~/system/hooks/).

---

Probe 4 — RAG queue depth (maps to P3.1 row H1)

Original claim (P3.1 H1): cat ~/system/state/rag-drain.prom → total 454 (bookstack:442, evidence:2, mc-outcomes:9, specs:1). File mtime 2026-04-23 17:59 (16 days stale). rag-drain-worker crashed today (exit 256, HiveMind alert #64900).

Fresh probe:

cat ~/system/state/rag-drain.prom
stat -f "%Sm %N" ~/system/state/rag-drain.prom

Output:

alai_ingest_queue_depth{source="bookstack"} 442
alai_ingest_queue_depth{source="evidence"} 2
alai_ingest_queue_depth{source="mc-outcomes"} 9
alai_ingest_queue_depth{source="specs"} 1
alai_ingest_queue_depth_total 454

mtime: Apr 23 17:59:36 2026

Verdict: REPRODUCED

Queue values are byte-for-byte identical (bookstack:442, evidence:2, mc-outcomes:9, specs:1, total:454). File mtime is unchanged at 2026-04-23 17:59:36 — no write has occurred since P3.1 was produced. This confirms the drain-worker remains down and the metric is still frozen. The rag-drain-worker is not recovering on its own. P3.1's "PARTIAL" classification and the 16-days-stale caveat are both accurate.

Note on P1 discrepancy: P3.1 states "P1 claim of 946 appears to be an older snapshot." This is confirmed — 946 does not appear in the current prom file at any level. P1 used a superseded snapshot.

---

Probe 5 — verify-fix-loop auto-invocation (maps to P3.1 row D1)

Original claim (P3.1 D1): Skill exists at ~/.claude/skills/verify-fix-loop/SKILL.md. Manual-trigger only. No daemon or hook auto-invokes it. P2 verdict "ABSENT" partially wrong — capability exists but auto-invocation is absent.

Fresh probe:

grep -rn "verify-fix-loop" ~/.claude/skills/task-postflight/
grep -rn "verify.fix.loop" ~/system/kernel/pi-orchestrator.js
grep -rn "verify.fix.loop" ~/system/hooks/

Output: All three commands return no output (zero matches).

Confirmed skill exists at ~/.claude/skills/verify-fix-loop/SKILL.md (direct ls confirmed). No reference to verify-fix-loop in task-postflight SKILL.md, pi-orchestrator kernel, or hooks directory.

Verdict: REPRODUCED

P3.1's nuanced verdict is correct: the skill exists and is indexed, but no automated trigger references it. task-postflight does not call it. The pi-orchestrator kernel (.js, not the .bak) has zero references. The hooks directory has zero references. P2's "ABSENT" framing was imprecise — P3.1's correction ("skill exists as MANUAL-trigger, not auto-invoked") is the accurate characterization.

---

Section 1 Summary

Probe	P3.1 Claim	This Probe	Verdict
mem0 health	PARTIAL — healthy endpoint, retrieval gap for new users	Confirmed healthy, collection list consistent with partial behavior	REPRODUCED
HiveDB count	WORKS — 17,560, live writes today	17,569 (+9 rows — normal drift)	REPRODUCED
pi-orch PID 75750	PARTIAL — process alive, HTTP port 8401 dead	Same PID, same uptime, still no port 8401 listener	REPRODUCED
RAG queue depth	PARTIAL — 454 frozen, 16d stale, drain-worker down	Identical values, identical mtime, no recovery	REPRODUCED
verify-fix-loop	PARTIAL — skill exists, zero auto-invocation wiring	Zero hits in task-postflight, kernel, hooks	REPRODUCED

All 5 probes: REPRODUCED. No contradictions to P3.1 found.

---

Section 2 — MC Stub AC Quality Check (all 12 stubs from 4.3)

Criteria applied per each stub:

• AC checklist exists (binary)
• Each AC is machine-checkable (not vague)
• Effort estimate reasonable
• Owner-company makes sense

---

MC-STUB-01: Restore RAG drain-worker — PASS

AC checklist: YES (5 ACs) Machine-checkable: All 5 are concrete commands with observable exit codes or file stats.

• cat /tmp/bw-session exits 0 — checkable
• curl -s http://localhost:9621/health returns {"status":"healthy"} — checkable
• launchctl list | grep rag-drain-worker LastExitStatus = 0 — checkable
• stat ~/system/state/rag-drain.prom mtime within 10 min — checkable
• Live queue depth written to new artifact — checkable (file-exists + key-present)

One minor note: the 5th AC references "MC-STUB-03 new artifact" (rag-drain-live.json). This creates a dependency coupling between two stubs' ACs. If MC-STUB-03 is not executed, AC#5 cannot be verified. This is documented in the sequencing graph, but the AC should note the dependency explicitly. Keeping as PASS but noting this coupling.

Effort S (≤2h): Reasonable for a credential session fix + daemon restart. Owner FlowForge: Correct — daemon lifecycle + credential management.

---

MC-STUB-02: Resolve canonical dispatch path — PASS

AC checklist: YES (4 ACs with conditional branches) Machine-checkable: The branching structure ("IF pi-orch is canonical: curl 200 / IF durable-runner is canonical: grep dispatch log") is valid. Both branches are machine-checkable. The fourth AC ("no dispatch logs older than 2026-04-01 are the NEWEST entry") is checkable via tail -1 on the log file.

Effort L (≤2d): Reasonable — architectural decision + documentation + live probes. This is design work, not a one-line fix. Owner CodeCraft: Correct — kernel architecture is CodeCraft's domain.

---

MC-STUB-03: Live RAG queue depth monitoring — PASS

AC checklist: YES (4 ACs) Machine-checkable:

• rag-drain-live.json exists with queue_depth key — checkable
• mtime within 5 min — checkable
• launchctl list | grep rag-queue-monitor LastExitStatus = 0 — checkable
• HiveMind query returns row within last 1h — checkable

Effort M (≤8h): Reasonable for a new monitoring daemon. Owner FlowForge: Correct. BlockedBy MC-STUB-01 is accurate and documented.

---

MC-STUB-04: Restore or unload 5 deleted-script plists — WEAK

AC checklist: YES (4 ACs) Machine-checkable: The OR-condition in AC#1 (launchctl list shows ZERO entries OR LastExitStatus=0) is structurally ambiguous for a verifier. A verifier running this check cannot determine which branch was executed without additional context. The check passes in both the "unloaded" and "restored" outcome — which means a verifier cannot distinguish a complete success (restored + healthy) from a partial success (unloaded but not restored). This requires a separate assertion per plist that declares intent.

AC#3 ("Zero exit-127 entries within 24h") uses a 24h observation window — this is time-bound and cannot be machine-checked at point-in-time without log inspection. Recommend: check last 5 launchctl exit codes for each daemon name, not a 24h window.

Effort S (≤2h): Reasonable for an unload/restore task. Owner FlowForge: Correct. Specific fix needed: Split "unloaded" vs "restored" into separate ACs per plist.

---

MC-STUB-05: Enforce blueprint score gate — PASS

AC checklist: YES (4 ACs) Machine-checkable:

• grep -n "WARN\|warn" no bypass path — checkable
• Test run with score 65 exits non-zero — checkable (behavioral test)
• Test run without MC-ID exits non-zero — checkable
• grep "SCORE_FLOOR" returns numeric value — checkable

The behavioral test ACs (#2 and #3) require a test harness that can invoke the gate with a mock blueprint. This is more complex than a read-only probe but is legitimately machine-checkable via a scripted invocation. Acceptable.

Effort S (≤2h): Reasonable for a shell script edit + test run. Owner CodeCraft: Correct for gate scripting.

---

MC-STUB-06: Agent fleet routing update — WEAK

AC checklist: YES (4 ACs) Machine-checkable concern: AC#3 (node ~/system/tools/discover.js routing "validate acceptance criteria") and AC#4 (node ~/system/tools/discover.js routing "distill text") test routing of "validate" and "distill" — but the stub is about adding validator and distiller agents. The query phrases "validate acceptance criteria" and "distill text" may not match the agent names if discover.js uses keyword matching. A query returning "non-empty result" could be satisfied by a different agent (e.g., Proveo for "validate"), making the AC a false PASS. The AC should check that the returned company/agent specifically includes the newly added entry.

AC#4 (grep -c '"company"' specialist-mapping.json >= previous count + new entries): requires knowing the pre-fix count to evaluate post-fix. This is process-dependent and not self-contained.

Effort M (≤8h): Reasonable — design decision + JSON data entry. Owner CodeCraft + Resolver: Correct.

---

MC-STUB-07: Register or archive Axiom/Datavera/Resolver — PASS

AC checklist: YES (3 ACs) Machine-checkable:

• Each of the three appears in specialist-mapping.json OR has STATUS field in company.json — checkable
• discover.js routing "axiom" returns result or explicit message — checkable
• No persona directory has unresolved routing status — checkable via scan

Effort M (≤4h): Reasonable for 3-company inventory + status update. Owner CodeCraft: Correct.

---

MC-STUB-08: Restore pi-orchestrator dispatch — WEAK

AC checklist: YES (4 ACs with conditional branches) Machine-checkable concern: AC#2 (durable-runner branch) states "node ~/system/tools/mc.js list --status ready --limit 1 followed by 5 min wait shows the task state has changed." This is a time-dependent behavioral assertion — a verifier cannot execute a 5-minute wait within a standard probe run. More critically: the state change depends on there being a ready task AND the dispatcher picking it up, which may not be true in a low-traffic environment. This AC can produce false FAILs in idle periods.

AC#4 ("no task with status 'ready' sits unprocessed for more than 30 min in an idle queue — monitored via cron probe") is not a point-in-time checkable assertion. "Monitored via cron probe" means the AC requires an ongoing monitoring setup, not a single verification pass.

Effort L (≤2d): Reasonable — kernel-level architectural work. Owner CodeCraft: Correct. BlockedBy MC-STUB-02: Documented and accurate.

---

MC-STUB-09: Audit and archive Chroma + stale mem0 — PASS

AC checklist: YES (4 ACs) Machine-checkable:

• curl localhost:8000/api/v1/collections returns documented list OR connection refused — checkable
• If decommissioned: entry removed from settings.json — checkable
• curl localhost:9000/v1/memories/?user_id=john — checkable
• memory-plane-canonical.md exists — checkable

Effort S (≤2h): Reasonable — mostly audit + file/config edit. Owner CodeCraft: Acceptable. Could also be FlowForge (infra cleanup), but CodeCraft is defensible given the architectural documentation artifact.

---

MC-STUB-10: Raise B2 storage cap + litestream health — WEAK

AC checklist: YES (4 ACs) Machine-checkable concern: AC#1 uses curl -s -H "Authorization: applicationKey:..." https://api.backblazeb2.com/b2api/v2/b2_get_bucket_info. The authorization string is a placeholder — a verifier running this command verbatim will get a 401. The AC must reference the credential lookup method (e.g., bw get item "backblaze-b2-key" --session $(cat /tmp/bw-session)) rather than a literal placeholder. This is an evidence-fabrication risk: a lazy verifier could claim PASS without actually having the credentials.

AC#3 (grep "$(date +%Y-%m-%d)" ~/system/logs/litestream.log | tail -1): requires the litestream log file to exist and be written today. If the log path differs from what's specified, this is a silent FAIL. The AC should include a fallback check for log file existence first.

Effort S (≤2h): Reasonable — billing console action + log verification. Owner FlowForge: Correct.

---

MC-STUB-11: Document memory pipeline (doc-only) — PASS

AC checklist: YES (4 ACs) Machine-checkable:

• memory-plane-canonical.md exists — checkable
• CLAUDE.md contains specific phrase — checkable via grep
• BookStack page exists — checkable via curl
• mem0 status documented as "sandbox/experimental" — checkable via grep in spec

Effort M (≤4h): Reasonable for a doc task. Owner Skillforge: Correct. BlockedBy MC-STUB-09: Documented and logical.

---

MC-STUB-12: Wire verify-fix-loop (Wave C enhancement) — WEAK

AC checklist: YES (4 ACs) Machine-checkable concern: AC#3 states "A dry-run of /task-postflight on a docs-domain MC shows verify-fix-loop invoked (not just Proveo)." This requires: (a) a real MC in docs domain to exist, (b) /task-postflight to be invokable in dry-run mode. The stub does not specify whether task-postflight has a --dry-run flag or how to interpret its output to confirm verify-fix-loop was called vs not called. Without a defined output artifact or log to inspect, this AC is not fully machine-checkable.

AC#4 ("verify-fix-loop invocation does NOT replace Proveo — both must appear in the postflight log") is checkable IF the log artifact is defined. Currently "postflight log" is unspecified in the AC — what file path, what format?

Effort M (≤8h): Reasonable. Owner Proveo: Correct — this is Proveo's enhancement of the verification pipeline. BlockedBy MC-STUB-08: Documented. Logical since auto-invocation requires dispatch to work.

---

Section 2 Summary

Stub	Score	Key Reason
MC-STUB-01	PASS	All 5 ACs concrete and checkable; minor cross-stub dependency coupling noted
MC-STUB-02	PASS	Conditional branch structure is valid; both branches machine-checkable
MC-STUB-03	PASS	All 4 ACs concrete; mtime + launchctl + HiveMind query all verifiable
MC-STUB-04	WEAK	OR-condition in AC#1 prevents distinguishing unload from restore; 24h window not point-checkable
MC-STUB-05	PASS	Behavioral test ACs are valid given scripted invocation harness
MC-STUB-06	WEAK	discover.js routing query may return false PASS from a different agent; count diff AC not self-contained
MC-STUB-07	PASS	All 3 ACs are direct file/command checks
MC-STUB-08	WEAK	5-min wait AC and 30-min cron-monitoring AC not point-in-time checkable
MC-STUB-09	PASS	All 4 ACs concrete; connection-refused is an explicit acceptable output
MC-STUB-10	WEAK	Authorization placeholder in AC#1 is evidence-fabrication risk; log path not verified to exist
MC-STUB-11	PASS	All 4 ACs are grep/curl/file-exist checks
MC-STUB-12	WEAK	dry-run invocation mechanism undefined; "postflight log" file path unspecified

PASS: 7 stubs | WEAK: 5 stubs | FAIL: 0 stubs

5 WEAK stubs require AC refinement before dispatch. None are structurally broken — all have correct intent, fixable in ≤30 min each.

---

Section 3 — Cross-Report Consistency

Finding 3.1: P4.1 mem0 vector count conflicts with P3.1 detail

P4.1 Section 2 (Delta Table, Memory plane row): States "mem0 API has 0 active writers, 865 stale facts." P4.1 Section 4 (Architectural Conclusions): States "mem0/Qdrant (93K+ vectors, zero active writers)."

These two numbers — 865 facts and 93K+ vectors — are not reconciled within P4.1. 865 is the mem0 fact count (application-layer). 93K+ would be the raw Qdrant vector count across all collections (embedding-layer, where each fact generates multiple vectors). P4.1 uses both without clarifying this distinction, creating an apparent contradiction. P3.1 does not cite either figure directly. The delta table figure (865) is more precise and correct as stated; the architectural narrative (93K+) needs a qualifier ("93K+ raw Qdrant embeddings across all collections, including non-mem0 collections such as HiveMind and knowledge").

Severity: LOW — confusing but not misleading about the fix needed.

---

Finding 3.2: P4.3 references a DISMISSED gap (Gap #3 = verifier loop) via MC-STUB-12

P4.2 Gap #3 verdict: "DISPUTED — demoted." P4.2 concludes the gap framing was misleading and recommends relegating to Wave C enhancement. P4.3 Section 3 (Out of Backlog): Correctly identifies Gap #3 as DEMOTED (not dismissed). MC-STUB-12 is retained in the backlog as a Wave C item with L priority.

This is NOT a contradiction — it is correctly handled. P4.3's "Out of Backlog" section explicitly distinguishes DISMISSED (Gap #4 mem0 SoR) from DEMOTED (Gap #3 verifier loop). The sequencing graph correctly places MC-STUB-12 in Wave C. Consistent.

---

Finding 3.3: P4.3 MC-STUB-04 claims pi-orch-health plist references pi-orch-health.sh — P3.1 G1 says daemon state is "not running"

P3.1 G1: launchctl print gui/501/com.alai.pi-orch-health → state: not running. Last health report Verdict: CRITICAL (2026-05-06). Scheduled health monitor failing. P4.3 MC-STUB-04: "pi-orch-health.sh was deleted on 2026-05-06 when the last recorded status was CRITICAL."

These are consistent — daemon not running because script was deleted (exit 127 pattern from P1.4). No conflict.

---

Finding 3.4: P2.1 connectivity diagram "Dead Edge 1" vs P3.1 C1/C2 — minor framing gap

P2.1 (per P4.2 citation): labels the pi-orchestrator → agent dispatch path as "Dead Edge 1" and characterizes pi-orch as "MOCK MODE." P3.1 C2: Explicitly finds NO mock config reference in the kernel (grep "mock" → zero matches). Config shows offlineMode: false, enabled: true. P4.2 rebuttal: Confirms P3.1 is correct — "MOCK MODE" framing is inaccurate; the real issue is HTTP port 8401 startup gating.

Status: P2.1 uses "MOCK MODE" language that P3.1 and P4.2 both correct. P4.1 repeats "mock/broken mod" in the executive summary. P4.3 avoids this language entirely (describes the gap as "HTTP port dead" and "no dispatch logs post-March"). The P4.1 executive summary should be updated to drop "mock mode" — it is an inaccurate framing that has been rebutted by P3.1 probe evidence.

Severity: LOW-MEDIUM — the corrected framing matters for how the CEO frames the fix. "Mock mode" implies intentional test configuration; "HTTP startup gating failure" implies a recoverable initialization bug.

---

Finding 3.5: P4.1 Gap #5 composite score vs P4.3 MC-STUB-06 composite score — mismatch

P4.1 Gap #5 (Agent routing table incomplete): Composite = 28 (7 × 8 / 2). P4.3 MC-STUB-06 (Design decision + routing update): Composite = 18 (7 × 5 / 2), "post-rebuttal adjusted."

The severity was reduced from 8 to 5 after the devil's advocate review. P4.3 explicitly notes "post-rebuttal adjusted." This is correct — the rebuttal demoted this gap when it found that validator/distiller may be internal-only agents. The composite score difference is intentional and documented, not an error.

Status: Consistent — change is intentional and documented.

---

Finding 3.6: P4.1 Gap #7 cites "4 phantom companies" — P4.2 + P4.3 correct to 3

P4.1 Gap #7: "4 companies (Axiom, Datavera, Resolver, Lexicon) have full persona dirs... but zero entries in specialist-mapping.json." P4.2 Gap #7 rebuttal: Confirmed Lexicon IS in specialist-mapping.json. Only 3 companies are unroutable. P4.3 MC-STUB-07: Scope correctly adjusted to "Axiom, Datavera, Resolver" (3 companies).

The correction flows correctly through the document chain. P4.1 contains the uncorrected claim (4 companies); P4.2 rebuttal catches it; P4.3 backlog uses the corrected count. This is the intended flow. However, P4.1 should carry a note that its Gap #7 count was revised to 3 by P4.2. As-is, a reader of P4.1 alone gets the wrong number.

Severity: LOW — the correction exists in P4.2 and P4.3; only P4.1 isolation readers are misled.

---

Section 3 Summary

Finding	Reports Affected	Severity	Status
3.1 — mem0 865 facts vs 93K+ vectors unclarified	P4.1 internal	LOW	Minor annotation needed in P4.1 architectural section
3.2 — Dismissed vs Demoted gap classification	P4.2 → P4.3	NONE	Correctly handled
3.3 — pi-orch-health plist consistency	P3.1 ↔ P4.3	NONE	Consistent
3.4 — "Mock mode" framing rebutted but survives in P4.1 summary	P2.1 → P4.1	LOW-MEDIUM	P4.1 executive summary should replace "mock/broken mod" with "HTTP startup gating failure"
3.5 — Composite score change Gap #5 → STUB-06	P4.1 ↔ P4.3	NONE	Intentional, documented
3.6 — "4 phantom companies" in P4.1 vs corrected "3" in P4.3	P4.1 ↔ P4.3	LOW	P4.1 needs a correction note; P4.3 is correct

No blocking contradictions found. Three low-severity annotation gaps noted.

---

Section 4 — Final Verdict

Verdict: REWORK (minor)

The audit deliverables are substantially sound. All 5 re-run probes reproduced P3.1 findings. The fix backlog is correctly prioritized and the sequencing DAG is architecturally coherent. CEO can act on the Wave A items immediately.

However, two categories of rework are required before CEO consumption of the full backlog:

Category A — AC refinement (5 stubs, ≤30 min each):

• MC-STUB-04: Split the "unloaded OR restored" OR-condition into separate per-plist ACs; replace 24h window with last-N-exit-code check.
• MC-STUB-06: Rewrite the discover.js routing ACs to assert the specific agent returned (not just "non-empty result"); make count-diff AC self-contained with an explicit pre-fix baseline command.
• MC-STUB-08: Replace the 5-min-wait behavioral AC with a point-in-time dispatch log check (e.g., log entry exists with today's date). Replace the 30-min cron-monitoring AC with a statement that a cron probe must be set up as a child task.
• MC-STUB-10: Replace the literal Authorization: applicationKey:... placeholder with a credential retrieval command (bw get item ...); add a log-file existence pre-check before the grep assertion.
• MC-STUB-12: Define the "postflight log" artifact path; specify whether task-postflight has a --dry-run invocation mode or define an alternative observable output.

Category B — Annotation fixes in P4.1 (≤15 min):

• P4.1 executive summary: Replace "mock/broken mod" for pi-orchestrator with "HTTP port startup gating failure" to match P3.1 and P4.2 corrected findings.
• P4.1 Gap #7: Add a footnote that P4.2 rebuttal revised the affected company count from 4 to 3 (Lexicon confirmed routable).
• P4.1 architectural section: Clarify that "93K+ vectors" is the raw Qdrant embedding count across all collections, not the mem0 fact count (865 application-layer facts).

What CEO CAN act on immediately without rework:

• Wave A tasks (STUB-01, STUB-03, STUB-09, STUB-10 partial) — their ACs are either PASS-rated or the WEAK issues do not affect Wave A execution.
• CEO Decision Items 1-4 in Section 4 of P4.3 — these are architectural choices, not dependent on AC quality.
• The overall gap prioritization and sequencing DAG — both are sound.

---

Evidence dir: /tmp/ai-factory-audit-2026-05-09/p5/ Validated docs: p3/3.1-health-matrix.md (sha256: f4af148add0d8ee7933da370126cbd90c9c024708d39847c35093e7551b1af98) Validated docs: p4/4.3-fix-backlog.md (sha256: 48c4728559d9fe307d067e63fc7ccd3c3c68b83a56801e52aa65b565d630b307)

Produced by Angie Jones — Proveo 2026-05-09

Atomic-Claim Verification — AI Factory Audit Synthesis

Verifier: Verifier Agent (read-only) Date: 2026-05-09 Source verified: 4.1-petter-synthesis.md CLAIMS_SOURCE: spec:/tmp/ai-factory-audit-2026-05-09/p4/4.1-petter-synthesis.md

---

Atoms (one per claim)

A1: "62.5% of advertised control and data flows are dead or degraded"

• Probe: Count LIVE / DEAD / PARTIAL from edge table in 2.1-connectivity-diagram.md Section E
• Output:

  Total edges inventoried: 40
  LIVE:    15
  DEAD:    15
  PARTIAL: 10
  DEAD + PARTIAL = 25 / 40 = 62.5%
  (confirmed by 2.1 Summary Statistics table: "The factory has a 37.5% live edge rate.")
  

• Verdict: PASS
• Note: Math is exact. 25 dead or degraded edges out of 40 = 62.5%. The edge table in 2.1 is the audit's own source of truth; Petter's synthesis correctly reports its own source document.

---

A2: "All actual dispatch is manual-John"

• Probe: grep -l "verify-fix-loop\|auto.dispatch\|Task(" ~/.claude/hooks/*.sh → no matches. launchctl list | grep "durable\|pi-orch" → pi-orchestrator PID 75750 running, durable-runner (orchestrator-bridge) PID 1185 running. tail -5 ~/system/logs/pi-orchestrator/daemon-stdout.log
• Output:

  [2026-05-09T19:31:19.216Z] [INFO] Starting PI orchestrator cycle (active: 0)
  [2026-05-09T19:31:19.567Z] [DEBUG] No eligible tasks
  [2026-05-09T19:31:19.601Z] [INFO] [IDLE] System idle — starting YouTube batch learning
  grep "No eligible tasks" → 55,351 matches in daemon-stdout.log
  No hook in ~/.claude/hooks/ calls Task() or verify-fix-loop.
  

• Verdict: PASS
• Note: The pi-orchestrator is live and cycling every 30s, but prints "No eligible tasks" continuously (55,351 such messages in the log). Port 8401 refuses connections (confirmed: lsof -i :8401 returns nothing). No hook fires auto-dispatch. Manual-John is the actual dispatch path.

---

A3: "CEO is the de-facto verifier for every task that reaches mc.js ready"

• Probe: Read 2.2-verifier-autonomy.md verdict; cross-check P3.1 D1 correction; read CLAUDE.md Hard Constraint #4
• Output:

  2.2-verifier-autonomy.md: "Autonomy verdict: ABSENT"
  P3.1 D1: "SKILL EXISTS at ~/.claude/skills/verify-fix-loop/SKILL.md. Skill is MANUAL-TRIGGER only."
  2.2: "CEO is the de-facto verifier for every task that reaches mc.js ready"
  4.2 rebuttal: "DISPUTED — Proveo (required gate) IS wired. verify-fix-loop is optional enhancement."
  CLAUDE.md Hard Constraint #4: "Builder cannot say done. mc.js ready → Proveo → done."
  

• Verdict: PASS — but with an important qualification
• Note: The synthesis headline is accurate in its core claim (no auto-invocation of verify-fix-loop), but the 4.2 devil's advocate correctly shows it overstates the situation. Proveo/Angie Jones IS the mandatory gate and it IS wired via /task-postflight. The CEO-as-verifier pattern holds for tasks where /task-postflight is not invoked (which is itself manual for H tasks only per 2.1 Edge #12: "Manual CLI invocation. H-tasks only"). So the claim is accurate for all tasks that do NOT go through task-postflight, which is the majority. Verdict: PASS with nuance — synthesis is accurate but 4.2's correction is also valid and the synthesis does not incorporate it.

---

A4: "5 deleted scripts, plists still scheduled"

• Probe: Check each script on disk; check each plist in launchctl
• Output:

  MISSING: pi-orch-health.sh (~/system/tools/)
  MISSING: cost-daily-report.sh (~/system/tools/)
  MISSING: daily-planning.sh (~/system/tools/)
  MISSING: legal-docs-azure-sync.sh (~/system/daemons/)
  MISSING: mcp-health-check.sh (~/system/tools/)
  
  launchctl status:
  LOADED: com.alai.pi-orch-health        → exit 127
  LOADED: com.alai.cost-daily-report     → exit 127
  LOADED: com.alai.daily-planning        → exit 127
  LOADED: com.john.legal-docs-azure-sync → exit 127
  LOADED: com.john.mcp-health-check      → exit 127
  

• Verdict: PASS
• Note: All 5 scripts confirmed missing on disk. All 5 plists confirmed loaded in launchctl with exit 127. Petter's claim is exactly correct.

---

A5: "RAG queue 454 with 16d-stale metric"

• Probe: cat ~/system/state/rag-drain.prom (mtime + content); sqlite3 -readonly ~/system/state/ingest-queue.sqlite "SELECT COUNT(*) FROM ingest_queue;"
• Output:

  rag-drain.prom:
    mtime: 2026-04-23 17:59 (16 days stale — CONFIRMED)
    alai_ingest_queue_depth_total: 454 (this is the stale snapshot)
  
  ingest_queue SQLite (live):
    SELECT COUNT(*) → 3,150 rows total
    bookstack: 1703 + 48 = 1751 (duplicate sources — different status?)
    evidence: 372 + 58 = 430
    mc-outcomes: 44 + 10 + 71 = 125
    specs: 636 + 102 = 738
    rules: 80
    manual: 2
  

• Verdict: FAIL
• Note: The "454" figure is from a 16-day-stale prometheus file — that part is accurate. But the live SQLite shows 3,150 queued items, not 454. The actual queue depth is ~7x worse than the synthesis states. The synthesis (following P3.1 H1) correctly flags the staleness of the metric, but then quotes the stale 454 figure as if it is the actual state. The real state is a 3,150-item frozen queue. The synthesis should have noted the true live count or stated "actual count unknown; stale metric shows 454 as lower bound." This is a significant understatement of severity.

---

A6: Petter's top-3 gaps listed, then fresh-probed

• Probe: From synthesis Section 1 "5 najkritičnijih praznina" — top-3 are: (1) RAG ingest pipeline blocked, (2) pi-orchestrator in mock/broken mode, (3) Verifier loop capable but not called. Fresh probe each.
• Output:

  Gap 1 — RAG ingest pipeline:
    ingest_queue SQLite = 3,150 items (live). drain-worker crashing (HiveMind #64900 exit 256 today).
    LightRAG health: 3.1 A2 shows healthy (curl localhost:9621 → 200). Blocker = Vaultwarden auth.
    STATUS: CONFIRMED AND WORSE THAN STATED (3,150 not 454)
  
  Gap 2 — pi-orchestrator:
    PID 75750 alive. Port 8401: lsof -i :8401 → NOTHING (dead).
    Log tail: "No eligible tasks" — 55,351 occurrences.
    offlineMode reference found in pi-orchestrator.js (5 matches incl. "offlineMode: true" in config).
    Port 3052: lsof -i :3052 → node PID 1185 LISTENING (durable-runner alive).
    launchctl: com.alai.orchestrator-bridge PID 1185, exit 0.
    STATUS: CONFIRMED — HTTP dead, durable-runner live but not dispatching.
  
  Gap 3 — Verifier loop:
    ~/.claude/skills/verify-fix-loop/SKILL.md EXISTS.
    No hook in ~/.claude/hooks/ calls it (grep returns no matches).
    No daemon with verify-fix-loop call found.
    STATUS: CONFIRMED — capability exists, zero auto-invocation.
  

• Verdict: PASS (top-3 gaps confirmed by fresh probes; RAG figure is understated but the gap itself is real)

---

A7: "37 unmapped agents" vs "42 unmapped agents" — which count is in the synthesis?

• Probe: grep "37\|42" 4.1-petter-synthesis.md | grep -i "unmapped\|agent" → no results. Read Section 2 table entry for Agent fleet.
• Output:

  4.1-petter-synthesis.md Section 2 Agent fleet row:
    "44% mapping coverage (29/66). validator (44 skill refs) and distiller (21 refs) absent
     from mapping. 7 mapped agents unreachable on disk. 4 companies invisible to routing.
     35 chains have no executor."
  
  The synthesis does NOT quote "37 unmapped" or "42 unmapped" as a standalone number.
  P1.3 (1.3-agent-fleet.md) explicitly states: "42 unmapped agents" and breaks down to
    11 ORPHAN + 11 DUPLICATE + 20 NEEDS-MAPPING = 42.
  The prior "37 unmapped" figure appears in the audit brief question but is NOT in P1.3 text.
  

• Verdict: PASS — the synthesis avoids quoting a specific unmapped count; it uses "44% mapping coverage (29/66)" instead, which is accurate (66 - 29 = 37 unmapped, but P1.3 corrects this to 42 because 7 mapped agents are also missing from disk, so the "reachable" count is lower). The synthesis does not contain the discrepant number — the A7 atom is about consistency, and the synthesis is consistent (it omits the count rather than stating it).
• Note: P1.3's 42 figure counts agents in ~/.claude/agents/ not in specialist-mapping.json. The synthesis's choice to use "44%" coverage is the safer framing. No inconsistency to report.

---

A8: "All 35 chain YAMLs are dead"

• Probe: ls ~/system/tools/chain-runner.sh, ls ~/system/tools/chain-runner.js, check if chain-runner is invoked by any daemon or skill
• Output:

  chain-runner.js EXISTS: ~/system/tools/chain-runner.js (31208 bytes, 2026-02-26)
    Header: "YAML-defined agent chain orchestrator / Runs declarative agent chains 
             defined in ~/system/agents/chains/*.yaml"
    CLI: node chain-runner.js run <chain-name> / resume / list / show
  
  chain-runner.sh EXISTS: ~/system/tools/chain-runner.sh (9281 bytes, 2026-05-07)
    Header: "Pillar #5 stateless skill-chain runner (one step per tick)"
    This is what com.alai.chain-daily-inbox calls.
  
  grep "chain-runner" ~/.claude/skills/ → NO MATCHES (in non-archived skills)
  grep "chain-runner" ~/system/daemons/ → NO MATCHES
  launchctl: com.alai.chain-daily-inbox (exit 1, not running)
              com.alai.chain-e2e-nightly (exit 1)
              com.alai.chain-phantom-detector (exit 1)
  

• Verdict: FAIL
• Note: The synthesis claims "35 chain YAML files without a single executor" but chain-runner.js IS a functional chain executor (31KB, CLI-complete, linked to MC #1902). chain-runner.sh is a second runner (Pillar #5). The 1.3-agent-fleet.md also acknowledges chain-runner.sh exists ("com.alai.chain-daily-inbox: failure likely in downstream chain execution"). The chain-runner EXISTS — it is just (a) currently broken/unused due to downstream failures, and (b) not invoked from any active skill. The claim "no chain runner exists" is factually false; the correct claim is "chain runners exist but are broken or un-invoked." This is a meaningful distinction: fixing chains requires fixing the runners' downstream dependencies, not building a runner from scratch.

---

A9: "pi-orch HTTP dead but durable-runner port 3052 is the dispatch path"

• Probe: lsof -i :8401, lsof -i :3052, launchctl list | grep "durable\|orchestrator"
• Output:

  lsof -i :8401 → NO OUTPUT (port 8401 not listening — confirmed dead)
  lsof -i :3052 → node PID 1185 LISTENING on *:apc-3052
  launchctl:
    1185  0  com.alai.orchestrator-bridge    (PID alive, exit 0)
    1212  0  com.john.durable-executor       (PID 1212, exit 0)
    75750 0  com.john.pi-orchestrator        (PID alive, exit 0)
    -     0  com.john.orchestrator-http      (down_exit_0: duplicate)
  

• Verdict: PASS
• Note: Port 8401 confirmed dead. Port 3052 confirmed live (node PID 1185, 20-day uptime per P3.1). The synthesis's claim that durable-runner is the active dispatch path is confirmed structurally. However, P3.1 C1 and 4.2 Gap #2 both note that even the durable-runner shows no dispatch activity post-2026-03-19 — the pi-orchestrator log confirms "No eligible tasks" cycling. So "durable-runner is the dispatch path" is confirmed as the structural path, but it is also idle. The synthesis correctly notes dispatch is unclear via this path; 4.2 appropriately flags this ambiguity.

---

A10: DISMISSED gaps — are they actually dismissable?

• Probe: Read 4.2 devils advocate dismissal reasoning for mem0 wire and verify-fix-loop; re-check CLAUDE.md for mem0 SoR designation
• Output:

  mem0 SoR dismissal (4.2 Gap #4):
    grep -i "mem0" ~/.claude/CLAUDE.md → 0 matches (confirmed by 4.2)
    grep -i "System of Record\|SoR" ~/.claude/CLAUDE.md → 0 matches
    4.2 reasoning: ".md + LightRAG is INTENDED design; mem0 was never designated SoR"
    Evidence: lightrag-auto-ingest.sh hook explicitly routes .md → LightRAG (P1.1)
    Verdict on dismissal: SOUND — mem0 SoR gap is a false positive. CLAUDE.md never
      designated mem0 as SoR. The .md pipeline is the designed path.
  
  verify-fix-loop dismissal (4.2 Gap #3 downgraded to feature request):
    CLAUDE.md Hard Constraint #4: "mc.js ready → Proveo verification → done"
    Proveo IS wired via task-postflight (P2.2 confirms).
    verify-fix-loop is OPTIONAL enhancement, not required gate.
    4.2 reasoning: "The REQUIRED verification gate (Proveo) IS wired and working."
    Verdict on dismissal: SOUND — the required gate exists. CEO-as-verifier claim is
      overstated because Proveo gate IS the designed verifier; it's just H-tasks only
      and manual-invoked (per 2.1 Edge #12 PARTIAL). The dismissal is correct that
      verify-fix-loop is not a gap in required functionality.
  
  Phantom companies dismissal of Lexicon (4.2 Gap #7):
    grep "Lexicon\|lexicon" ~/system/agents/specialist-mapping.json → NO OUTPUT
    This contradicts 4.2's claim that "Lexicon IS in specialist-mapping.json."
    4.2 states: "I found 'company: Lexicon' in the mapping with Dževad Jahić."
    Live grep returns nothing. P1.3 confirms: "skillforge.md maps to 'Skillforge' not Lexicon."
    Verdict: 4.2's Lexicon dismissal ERRS. Lexicon is NOT routable via specialist-mapping.json.
      The 4 phantom companies remain 4, not 3 as 4.2 claims. 4.2 hallucinated a Lexicon entry.
  

• Verdict: PARTIAL FAIL — mem0 and verify-fix-loop dismissals are sound, but the Lexicon phantom-company dismissal is WRONG (4.2 claims Lexicon is mapped; live grep shows it is not).

---

Confidence Grade

FEEDBACK — Two atoms FAILED with concrete evidence (A5: queue depth understated 454 vs 3,150; A8: chain-runner.js and chain-runner.sh DO exist; A10: Lexicon phantom company dismissal in 4.2 is wrong).

---

Summary

• Atoms passed: 7 / 10
• Atoms failed: 3 (A5, A8, A10-Lexicon)
• Confidence: FEEDBACK
• Feedback file written: /tmp/verifier-feedback-ai-factory-audit.md