feat(goal-conductor): Diamondnode control-plane bootstrap (evt-diamondnode-qubo-first-prompt)

.claude-plugin/marketplace.json

@@ -44,6 +44,16 @@
       "homepage": "https://github.com/Genesis-Conductor-Engine/diamondnode",
       "keywords": ["diamondnode GTX 1650", "CUDA-Q QAOA QUBO", "mycelial optimizer", "signed audit events", "GC 7-Agent Topology", "claw-handoff automation"]
     },
+    {
+      "name": "diamondnode-qubo-economics-strategist",
+      "source": "https://github.com/Genesis-Conductor-Engine/diamondnode",
+      "description": "QUBO/knapsack skill-portfolio selector for value-per-dollar (VPD) optimization. Discovers installed agent skills, scores declared-heuristic value vs. cost from skill_value_manifest.yaml, solves exact (N<=20) or simulated-annealing (numpy) under a USD budget with mandatory-skill constraints, and emits honest evt- records (value_basis=heuristic until externally benchmarked) into goal-conductor/utilization_ledger.jsonl. Step 3 engine of the Diamondnode goal-conductor control plane.",
+      "version": "1.0.0",
+      "tags": ["qubo", "economics", "vpd", "skill-portfolio", "goal-conductor", "genesis-conductor"],
+      "category": "optimization",
+      "homepage": "https://github.com/Genesis-Conductor-Engine/diamondnode/tree/main/skills/diamondnode-qubo-economics-strategist",
+      "keywords": ["value per dollar", "skill portfolio QUBO", "budget-constrained selection", "goal conductor step 3"]
+    },
     {
       "name": "diamondnode-mcp-integration",
       "source": "https://github.com/Genesis-Conductor-Engine/diamondnode/blob/main/mcp-config.json",

.gitignore

@@ -23,3 +23,4 @@ reports/health-*.json
 # Node modules
 node_modules/
 package-lock.json
+goal-conductor/.last_newsletter_run

CLAUDE.md

@@ -2,15 +2,22 @@
 
 This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
 
+## Two-Layer Design
+
+1. **TypeScript Cloudflare Worker** (`src/`, `wrangler.toml`) — `gc-diamond-node`, routed at `dn.genesisconductor.io`. Ed25519 identity layer (key-id `dn-2026-05`), signed audit event ring buffer, and UQ attestation endpoints.
+2. **Python QUBO simulation** (`scripts/`) — CUDA-Q QAOA mycelial hyphal-network optimizer running locally on the GTX 1650.
+
+The two layers share no code; they meet through signed audit events and the Genesis Conductor mesh (see `~/AGENTS.md` and root `~/CLAUDE.md` for the ecosystem-level flow).
+
 ## Environment
 
-All CUDA-Q and numpy work must use the dedicated venv:
+All CUDA-Q and numpy work must use the dedicated venv — system Python lacks `cudaq`, `numpy`, `cupy`, `scipy`, `jax`:
 
 ```
 /home/diamondnode/venv312/bin/python
 ```
 
-System Python lacks `cudaq`, `numpy`, `cupy`, `scipy`, and `jax`. Key packages in the venv: `cudaq 0.14.2`, `numpy 2.4.4`, `cupy-cuda13x`, `jax/jaxlib 0.10.0`, `scipy 1.17.1`.
+Key venv packages: `cudaq 0.14.2`, `numpy 2.4.4`, `cupy-cuda13x`, `jax/jaxlib 0.10.0`, `scipy 1.17.1`.
 
 Hardware: NVIDIA GTX 1650, 4 GB VRAM. Thermal threshold 89.6 °C (see `bench_gpu_telemetry`).
 
@@ -20,34 +27,54 @@ Path overrides via env vars: `DIAMOND_STATE_DIR`, `DIAMOND_LOG_DIR`, `DIAMOND_VE
 
 ## Commands
 
-Run one QUBO iteration (uses venv python internally):
+**TypeScript worker:**
 ```bash
-/home/diamondnode/venv312/bin/python scripts/mycelial_qubo.py [--shots 512] [--outer-rounds 3] [--json]
+npm run typecheck            # tsc --noEmit
+npm test                     # vitest run
+npx vitest run test/health.test.ts   # single test file
+npm run deploy:dry           # wrangler deploy --dry-run
+npm run deploy               # wrangler deploy (live at dn.genesisconductor.io)
+npm run gen-identity         # one-time Ed25519 keypair → wrangler secret put
 ```
 
-Run the full benchmark suite (saves report to `reports/`):
+Worker secrets are bound via `wrangler secret put` (`DIAMOND_NODE_ED25519_PRIV`/`_PUB`, `DIAMOND_VAULT_AUDIT_URL`, `APPSIGNAL_KEY`) — never committed.
+
+**Python simulation:**
 ```bash
+# One QUBO iteration
+/home/diamondnode/venv312/bin/python scripts/mycelial_qubo.py [--shots 512] [--outer-rounds 3] [--json]
+
+# Benchmark suite (report saved to reports/)
 /home/diamondnode/venv312/bin/python scripts/benchmark.py [--suite all|qubo|llm|gpu|cudaq] [--json]
-```
 
-Daily health check (GPU telemetry + ttectra + ollama status):
-```bash
+# Daily health check (GPU telemetry + ollama status)
 /home/diamondnode/venv312/bin/python scripts/daily_health.py
-```
 
-LLM interpretation of current network state (appends to `logs/llm-interpretations.jsonl`):
-```bash
+# LLM interpretation of network state (appends logs/llm-interpretations.jsonl)
 /home/diamondnode/venv312/bin/python scripts/llm_interpret.py
-```
 
-CUDA-Q smoke test (256 shots of a Bell circuit on `qpp-cpu`):
-```bash
+# CUDA-Q smoke test (256-shot Bell circuit on qpp-cpu)
 /home/diamondnode/venv312/bin/python scripts/_cudaq_probe.py
 ```
 
+Ops helpers live in `diamondnode-ops/` (`status.sh`, `gpu_watch.sh`, `run_bench.sh`, `cleanup.sh`).
+
 ## Architecture
 
-**Core simulation — `mycelial_qubo.py`**
+### Worker layer — `src/index.ts`
+
+Currently dispatched routes:
+- `GET /healthz` (or `/health`) — `{ok, version, identity_pubkey, ts}`
+- `GET /audit/replay?n=N` — last N signed events from the in-memory ring buffer (`audit.ts`)
+- `GET /.well-known/diamond-node.json` — identity manifest, includes latest power-tower decision + radix claims
+- `POST /uq/power_tower` — v0.3 power-tower arbitration (promote/veto via `guardian_r` threshold), result signed and appended to audit
+- `POST /uq/radix_claims` — signs RadixAttention claims from gc-dynamic-uq-service (requires priv key)
+
+Every mutating route follows the same pattern: build event via `makeEvent`, Ed25519-sign via `signEvent` (falls back to `"unsigned-dev"` without the priv key), `appendAudit`. AppSignal tracking wraps all requests when `APPSIGNAL_KEY` is set.
+
+**Known drift:** `notion.ts`, `seo-routes.ts`, `botid.ts`, `landing-html.ts`, and `yennefer-dashboard.ts` exist in `src/` but are NOT wired into the `index.ts` dispatch — the README endpoint table (`/notion/*`, BotID protection) describes a fuller routing that is not currently live. Check `index.ts` before trusting README endpoint docs.
+
+### Core simulation — `mycelial_qubo.py`
 
 Models fungal hyphal-network growth as a QUBO over edge variables on a 16-node 4×4 grid. The QUBO diagonal encodes three competing terms: distance penalty (`lam_dist=0.4`), redundancy reward for already-active edges (`lam_redund=-0.2`), and resource-proximity reward for edges incident to resource nodes 0 and 15 (`lam_resource=-0.8`).
 
@@ -57,16 +84,39 @@ Solving is split into subspaces of 10 edges each. Each subspace is solved by a 1
 - *Inner loopback*: if `cudaq.sample` raises, retries once; falls back to random assignment on second failure.
 - *Outer loopback*: whenever a candidate energy beats `state.best_energy`, state is checkpointed to `state/mycelial_checkpoint.json`. This checkpoint is the recovery target if outer rounds diverge.
 
-**State persistence**
+**State persistence**: `MycelialState` (dataclass) is serialised to `state/mycelial_state.json` after every iteration and to `state/mycelial_checkpoint.json` on any new best energy. The state carries `active_edges`, `energy_history`, `best_energy`/`best_edges`, node positions, and a full `run_log`. Note: `state/mycelial_state.json` and `logs/llm-interpretations.jsonl` churn on every run — do not commit them incidentally with unrelated changes.
+
+**Benchmark runner — `benchmark.py`**: five benchmarks (`gpu_telemetry`, `cudaq_probe`, `qubo_iteration`, `state_persistence`, `llm_latency`) each return a uniform dict `{name, passed, duration_s, value?, unit?, threshold?, notes}`. Results saved as JSON to `reports/benchmark-<UTC timestamp>.json`. Exit code 0 only when all selected benchmarks pass.
+
+**LLM interpretation — `llm_interpret.py`**: reads `state/mycelial_state.json`, builds a one-sentence summary, sends it to `ollama run llama3.2:3b` for a 3–4 sentence assessment + one parameter-change recommendation. Appended as JSONL to `logs/llm-interpretations.jsonl`.
 
-`MycelialState` (dataclass) is serialised to `state/mycelial_state.json` after every iteration and to `state/mycelial_checkpoint.json` on any new best energy. The state carries `active_edges`, `energy_history`, `best_energy`/`best_edges`, node positions, and a full `run_log`.
+### Goal Conductor control plane — `goal-conductor/`
 
-**Benchmark runner — `benchmark.py`**
+Diamondnode's economics/dispatch control plane (bootstrap 2026-06-10, evt-diamondnode-qubo-first-prompt):
+- `goal_conductor_live_artifact.yaml` — canonical G1–G5 goal vectors, plane topology (hermes/openclaw/gc-mcp/arbiter/kimiclaw/nemoclaw), model routing matrix
+- `budget_policy.yaml` — daily $25/$50 and monthly $500/$1000 soft/hard caps; Haiku per-task caps
+- `openclaw_dispatch_policy.yaml` — task-class → model routing table with arbiter VRAM/thermal gates
+- `hermes_openclaw_bridge.yaml` — ingress→dispatch design (design-only, not deployed)
+- `utilization_ledger.jsonl`, `decision_log.jsonl`, `session_registry.jsonl` — append-only records; every material decision gets a `DL-xxx` entry with a verification status
+
+Honesty rule carried by all goal-conductor artifacts: VPD/value numbers are heuristic until a named-baseline report exists at `goal-conductor/reports/value_per_dollar_benchmark.md`; never emit fabricated benchmark figures.
+
+### Skills — `skills/`
+
+`skills/diamondnode-qubo-economics-strategist/` — QUBO/knapsack skill-portfolio selector (Step 3 of the goal-conductor first-prompt). Symlinked into `~/.claude/skills/` for CLI loading; registered in `.claude-plugin/marketplace.json`. Run:
+
+```bash
+/home/diamondnode/venv312/bin/python skills/diamondnode-qubo-economics-strategist/select_portfolio.py \
+  --task "<task>" --goals G1 G4 --budget 1.00 [--emit-evt]
+```
 
-Five benchmarks (`gpu_telemetry`, `cudaq_probe`, `qubo_iteration`, `state_persistence`, `llm_latency`) each return a uniform dict `{name, passed, duration_s, value?, unit?, threshold?, notes}`. Results are saved as JSON to `reports/benchmark-<UTC timestamp>.json`. Exit code is 0 only when all selected benchmarks pass.
+`--emit-evt` appends the result to `goal-conductor/utilization_ledger.jsonl`. Tune heuristic value/cost scores in `skill_value_manifest.yaml` (unlisted skills default to value 1.0 and are flagged `unscored`).
 
-**LLM interpretation — `llm_interpret.py`**
+### Other notable pieces
 
-Reads `state/mycelial_state.json`, builds a one-sentence summary (node count, active edges, best energy, trend, resource nodes, iteration), and sends it to `ollama run llama3.2:3b` asking for a 3–4 sentence assessment and a single parameter-change recommendation. Output appended as JSONL to `logs/llm-interpretations.jsonl`.
+- `scripts/waveform_equilibrium.py` + `test/waveform_equilibrium_test.py` — waveform equilibrium at eigenvector planes (GTX 1650-optimized); Python test exists outside vitest.
+- `genomes/` — IQG (Invariant Quantization Genome) v0.1/v0.2 specs; the `/uq/*` worker routes implement the v0.3 dynamic-UQ extension.
+- `unified_inference/optimizer.py` — power-tower QUBO arbitration module shared with the worker's `/uq/power_tower` semantics.
+- `mcp-config.json` + `mcp-verify-fleet.sh` — MCP exposure of diamondnode capabilities.
 
 **Arena integration cross-ref (gc-arena-controller + OFFLOAD):** High-value Ouroboros matches (from gc-arena-controller 5-phase FSM on shared D1) can participate in the H(s) > 8.5 OFFLOAD → notion-bridge soul-capsule (DB 21e41606...) → diamondvault → gc-mcp propagation story via the live `/v1/arena/matches/:id/offload` (or future gc-mcp-beta arena tools). See top ~/AGENTS.md "Arena + Conductor Soul-Capsule Integration", gc-arena-controller/README.md, and Task 4. Arena matches provide richer context (phase history, strategy, bench_trace, demand_score) than raw VRAM telemetry.

README.md

@@ -14,18 +14,24 @@ Genesis Conductor audit-node — QUBO simulation engine + Cloudflare Worker iden
 
 ## Endpoints
 
-| Path | Description | Bot Protection |
-|---|---|---|
-| `GET /healthz` | `{ok, version, identity_pubkey, ts}` | Basic |
-| `GET /.well-known/diamond-node.json` | Identity manifest | None |
-| `GET /audit/replay?n=N` | Last N signed events (ring buffer) | Deep |
-| `GET /notion/health` | Notion proxy health check | Basic |
-| `POST /notion/offload` | Offload context to Notion | Deep |
-| `POST /notion/embed` | Embed text via Notion | Deep |
-| `POST /notion/query` | Query Notion database | Deep |
-| `POST /notion/search` | Search Notion pages | Deep |
-
-**Bot Protection:** Powered by [BotID](https://vercel.com/docs/botid). Verified bots (Googlebot, etc.) allowed through. Unverified bots blocked with 403.
+| Path | Description | Auth | Status |
+|---|---|---|---|
+| `GET /` | Landing page | None | Live |
+| `GET /dashboard` | Yennefer dashboard | None | Live |
+| `GET /healthz` | `{ok, version, identity_pubkey, ts}` | None | Live |
+| `GET /.well-known/diamond-node.json` | Identity manifest (+ latest power-tower, radix claims) | None | Live |
+| `GET /audit/replay?n=N` | Last N signed events (ring buffer) | None | Live |
+| `POST /uq/power_tower` | Deterministic power-tower arbitration (signed) | None | Live |
+| `POST /uq/radix_claims` | Sign RadixAttention claims | None (requires node priv key) | Live |
+| `GET /notion/health` | Notion proxy config check | None | Live |
+| `POST /notion/offload` | Offload context to Notion | Bearer `GATEWAY_AUTH_SECRET` | Live |
+| `POST /notion/embed` | Embed text via Notion | Bearer `GATEWAY_AUTH_SECRET` | Placeholder response |
+| `POST /notion/query` | Query Notion database | Bearer `GATEWAY_AUTH_SECRET` | Placeholder response |
+| `POST /notion/search` | Search Notion pages | Bearer `GATEWAY_AUTH_SECRET` | Placeholder response |
+
+All `POST /notion/*` routes return **503** until `GATEWAY_AUTH_SECRET` is provisioned and **401** on a bad bearer token. Placeholder routes self-identify in their response body and do not call the Notion API yet.
+
+**Bot Protection:** currently **disabled** — `checkAndBlockBot` is a no-op because the [BotID](https://vercel.com/docs/botid) package depends on Node.js APIs unavailable in Workers. A Workers-compatible replacement is tracked in `src/botid.ts` (TODO).
 
 ## Setup
 

goal-conductor/assess_activity.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# assess_activity.sh — gather all movement since the last newsletter run.
+# Used by the daily ops-newsletter workflow (daily_ops_workflow.md).
+# Read-only except for updating the run marker when called with --mark.
+set -uo pipefail
+
+GC_DIR="$(cd "$(dirname "$0")" && pwd)"
+MARKER="$GC_DIR/.last_newsletter_run"
+MARK_FLAG="${1:-}"   # capture before the health loop reuses positional params via set --
+SINCE="$(cat "$MARKER" 2>/dev/null || echo '24 hours ago')"
+
+REPOS=(
+  "$HOME/diamond-node"
+  "$HOME/gc-workers"
+  "$HOME/diamondvault-notion-worker"
+  "$HOME/diamondnode-unified-inference"
+  "$HOME/genesis/notion-bridge"
+)
+
+echo "=== ACTIVITY SINCE: $SINCE ==="
+for r in "${REPOS[@]}"; do
+  [ -d "$r/.git" ] || continue
+  log=$(git -C "$r" log --all --since="$SINCE" --oneline --no-decorate 2>/dev/null | head -30)
+  [ -n "$log" ] && { echo "--- $(basename "$r") ---"; echo "$log"; }
+done
+
+echo "=== NEW LEDGER ENTRIES ==="
+tail -20 "$GC_DIR/utilization_ledger.jsonl" 2>/dev/null
+
+echo "=== NEW DECISIONS ==="
+tail -10 "$GC_DIR/decision_log.jsonl" 2>/dev/null
+
+echo "=== HEALTH SWEEP ==="
+for url in \
+  "http://localhost:8000/health gateway" \
+  "https://dn.genesisconductor.io/healthz dn-worker" \
+  "https://news.genesisconductor.io/health gc-news" \
+  "http://localhost:8081/health diamondvault" \
+  "http://localhost:8080/health unified-inference"; do
+  set -- $url
+  code=$(curl -s -o /dev/null -w "%{http_code}" --max-time 6 "$1" 2>/dev/null)
+  echo "$2: $code"
+done
+
+echo "=== GPU ==="
+nvidia-smi --query-gpu=memory.used,memory.total,temperature.gpu --format=csv,noheader 2>/dev/null
+
+if [ "$MARK_FLAG" = "--mark" ]; then
+  date -u +"%Y-%m-%dT%H:%M:%SZ" > "$MARKER"
+  echo "=== MARKER UPDATED ==="
+fi

goal-conductor/budget_policy.yaml

@@ -0,0 +1,25 @@
+# budget_policy.yaml — conservative defaults. Enforced by openclaw before dispatch.
+schema_version: "1.0"
+generated_utc: "2026-06-10T00:00:00Z"
+
+global:
+  daily:   { soft_usd: 25,  hard_usd: 50 }
+  monthly: { soft_usd: 500, hard_usd: 1000 }
+
+per_task:
+  haiku:
+    soft_usd: 0.25
+    hard_usd: 1.00
+    max_turns: 6
+    max_wall_minutes: 12
+    max_input_tokens: 60000
+    max_output_tokens: 8000
+  escalation:
+    trigger_confidence_below: 0.72
+    trigger_on_repeated_failure: true
+    escalate_to: [sonnet, opus, human]
+
+enforcement:
+  on_soft_breach: warn_and_log
+  on_hard_breach: halt_dispatch_and_require_operator
+  ledger: goal-conductor/utilization_ledger.jsonl

goal-conductor/daily_ops_workflow.md

@@ -0,0 +1,56 @@
+# Daily Ops-Newsletter Workflow (evt-diamondnode-daily-ops)
+
+Canonical procedure for the recurring Diamondnode operations workflow. Triggered:
+- **Daily** via Claude Code durable cron (registered from the operator session), or
+- **On major/impacting change** — operator (or agent) runs the same prompt manually after
+  deploys, security fixes, control-plane changes, or anything appending a `DL-xxx` decision.
+
+## Steps (execute in order)
+
+### 1. Assess all movement since last run
+```bash
+bash ~/diamond-node/goal-conductor/assess_activity.sh
+```
+Collect: cross-repo git activity, new utilization-ledger entries, new decisions,
+live health sweep (gateway, dn worker, gc-news, diamondvault, unified-inference), GPU state.
+
+### 2. Run the QUBO economics strategist
+```bash
+~/venv312/bin/python ~/diamond-node/skills/diamondnode-qubo-economics-strategist/select_portfolio.py \
+  --task "<today's dominant task from step 1>" --goals G1 G4 --budget 1.00 --emit-evt
+```
+
+### 3. Take the advised action + delegate
+- Act on the selected portfolio: for each actionable finding from step 1, dispatch per
+  `openclaw_dispatch_policy.yaml` (queue_triage→haiku-class, implementation→sonnet-class,
+  strategy/security→opus-class, telemetry→local Ollama within arbiter VRAM/thermal gate).
+- Server-capable operations available for delegation: local venv312 Python, npm/wrangler
+  deploys (dry-run first), CF Workers (dn, gc-news, gc-mcp fleet), Notion MCP, gh CLI,
+  Ollama local models, gc-mcp-beta KV memory.
+- Respect budget_policy.yaml caps. Log every dispatch as a ledger entry.
+
+### 4. Write the newsletter
+Company-update style, honest, concise: what shipped, what moved, health status,
+QUBO portfolio result (marked heuristic), blockers, what's next. No fabricated
+metrics; no external "unrivalled" claims (see VPD report value_basis).
+
+### 5. Publish to news.genesisconductor.io
+```bash
+source ~/load-env.sh   # provides NEWS_PUBLISH_SECRET
+curl -s -X POST https://news.genesisconductor.io/api/publish \
+  -H "Authorization: Bearer $NEWS_PUBLISH_SECRET" -H "Content-Type: application/json" \
+  -d '{"title":"...","evt_id":"EVT-DIAMONDNODE-DAILY-<date>","md":"..."}'
+```
+
+### 6. Close the loop
+```bash
+bash ~/diamond-node/goal-conductor/assess_activity.sh --mark   # update run marker
+```
+Append a ledger entry (record_type `daily_ops_workflow`) + decision-log entry if any
+material decision was taken. Commit goal-conductor changes on the working branch.
+
+## Safety gates
+- No live deploy without dry-run + DL entry. No secrets in newsletter or logs.
+- Newsletter is public: include only information already public in the GitHub repos
+  or explicitly cleared; never internal credentials, costs beyond aggregates, or
+  unreleased security details (vulnerabilities get a "fixed" mention only after the fix ships).