Merge pull request 'chore: gardener housekeeping 2026-04-06' (#11 ) from chore/gardener-20260406-0001 into master

chore: gardener housekeeping 2026-04-06
Merge pull request 'fix: match Position History background to Active Positions (#9 )' (#10 ) from fix/issue-8 into master
2026-04-06 00:04:02 +00:00 · 2026-04-06 00:01:26 +00:00 · 2026-04-05 18:14:02 +00:00 · 2026-04-05 18:11:11 +00:00 · 2026-04-05 18:09:02 +00:00 · 2026-04-05 18:04:27 +00:00
700 changed files with 105985 additions and 12519 deletions
--- a/.claude-code-supervisor.yml
+++ b/.claude-code-supervisor.yml
@ -0,0 +1,26 @@
 # Claude Code Supervisor configuration
 # Copy to ~/.config/claude-code-supervisor/config.yml
 # or .claude-code-supervisor.yml in your project root.
 triage:
  # Command that accepts a prompt on stdin and returns text on stdout.
  # Default: claude -p (uses Claude Code's own auth)
  command: "claude -p --no-session-persistence"
  model: "claude-haiku-4-5-20251001"
  max_tokens: 150
 notify:
  # Command that receives a JSON string as its last argument.
  # Called when triage determines action is needed.
  # Examples:
  #   openclaw:  openclaw gateway call wake --params
  #   ntfy:      curl -s -X POST https://ntfy.sh/my-topic -d
  #   webhook:   curl -s -X POST https://example.com/hook -H 'Content-Type: application/json' -d
  #   script:    /path/to/my-notify.sh
  command: "openclaw gateway call wake --params"
 # Quiet hours — suppress non-urgent escalations
 quiet_hours:
  start: "23:00"
  end: "08:00"
  timezone: "Europe/Berlin"
--- a/.codeberg/ISSUE_TEMPLATE/bug.yaml
+++ b/.codeberg/ISSUE_TEMPLATE/bug.yaml
@ -0,0 +1,49 @@
 name: Bug Report
 about: Something is broken or behaving incorrectly
 labels:
  - bug
 body:
  - type: textarea
    id: what
    attributes:
      label: What's broken
      description: What happens vs what should happen. Include error messages, logs, or screenshots.
    validations:
      required: true
  - type: textarea
    id: reproduce
    attributes:
      label: Steps to reproduce
      description: Minimal steps to trigger the bug.
      placeholder: |
        1. Run `forge test --match-test testFoo`
        2. See error: "revert: ..."
    validations:
      required: true
  - type: textarea
    id: affected-files
    attributes:
      label: Affected files
      description: Which source files need to change? Include test files that cover this area.
      placeholder: |
        - onchain/src/Optimizer.sol
        - onchain/test/Optimizer.t.sol
    validations:
      required: true
  - type: textarea
    id: acceptance
    attributes:
      label: Acceptance criteria
      description: How do we know it's fixed?
      placeholder: |
        - [ ] Bug no longer reproduces with steps above
        - [ ] Regression test added
        - [ ] CI green
    validations:
      required: true
  - type: textarea
    id: deps
    attributes:
      label: Dependencies
      description: Issues that must be merged first. Leave empty if none.
      placeholder: "- #NNN (reason)"
--- a/.codeberg/ISSUE_TEMPLATE/feature.yaml
+++ b/.codeberg/ISSUE_TEMPLATE/feature.yaml
@ -0,0 +1,51 @@
 name: Feature
 about: New functionality or enhancement
 labels:
  - backlog
 body:
  - type: textarea
    id: problem
    attributes:
      label: Problem / motivation
      description: Why is this needed? What's the current limitation?
    validations:
      required: true
  - type: textarea
    id: solution
    attributes:
      label: Proposed solution
      description: How should it work? Be specific about behavior, not just "add X."
    validations:
      required: true
  - type: textarea
    id: affected-files
    attributes:
      label: Affected files
      description: Which files need to change? Include e2e test files that may break or need updating.
      placeholder: |
        - tools/push3-evolution/evolve.sh
        - tools/push3-evolution/test/evolve.test.ts (new)
    validations:
      required: true
  - type: textarea
    id: acceptance
    attributes:
      label: Acceptance criteria
      description: Checkboxes. Max 5 — if you need more, split the issue.
      placeholder: |
        - [ ] Feature works as described
        - [ ] Tests added / updated
        - [ ] CI green
    validations:
      required: true
  - type: textarea
    id: deps
    attributes:
      label: Dependencies
      description: Issues that must be merged first. Leave empty if none.
      placeholder: "- #NNN (reason)"
  - type: textarea
    id: context
    attributes:
      label: Additional context
      description: Links to docs, prior art, design decisions, related issues.
--- a/.codeberg/ISSUE_TEMPLATE/push3-seed.yaml
+++ b/.codeberg/ISSUE_TEMPLATE/push3-seed.yaml
@ -0,0 +1,62 @@
 name: Push3 Seed Variant
 about: Write a new optimizer strategy as a Push3 program for the evolution kindergarten
 labels:
  - backlog
 body:
  - type: textarea
    id: strategy
    attributes:
      label: Strategy philosophy
      description: One paragraph describing the optimizer's approach. What's the core idea?
      placeholder: "This optimizer prioritizes floor position depth over everything else. Philosophy: if the floor never moves down, ETH is safe."
    validations:
      required: true
  - type: textarea
    id: behavior
    attributes:
      label: Expected behavior
      description: How should each output parameter respond to inputs? Be specific.
      placeholder: |
        - CI: always 0 (no VWAP bias)
        - anchorShare: low (10-20% of ETH)
        - anchorWidth: narrow (10-30 ticks)
        - discoveryDepth: minimal
        - Responds to: percentageStaked (slot 0), averageTaxRate (slot 1)
    validations:
      required: true
  - type: textarea
    id: acceptance
    attributes:
      label: Acceptance criteria
      description: Standard for all seed variants.
      value: |
        - [ ] Push3 file created at `tools/push3-evolution/seeds/llm_<name>.push3`
        - [ ] Transpiles without error: `npx tsx tools/push3-transpiler/src/index.ts <file> /tmp/test.sol`
        - [ ] Produced Solidity compiles: `forge build`
        - [ ] Entry added to `tools/push3-evolution/seeds/manifest.jsonl` with all required fields:
          - `file` — filename of the `.push3` seed (e.g. `"llm_my_strategy.push3"`)
          - `fitness` — raw integer score from the evaluator, or `null` if not yet evaluated
          - `origin` — one of `"hand-written"`, `"llm"`, or `"evolved"`
          - `run` — evolution run ID (integer), or `null` for hand-written/LLM seeds
          - `generation` — generation index within the run (integer), or `null` for hand-written/LLM seeds
          - `date` — ISO date the entry was added (e.g. `"2026-03-14"`)
          - `note` — one-sentence description of the strategy and any known caveats
    validations:
      required: true
  - type: textarea
    id: reference
    attributes:
      label: Reference files
      description: Key files for understanding Push3 syntax and the transpiler.
      value: |
        - Transpiler source: `tools/push3-transpiler/src/transpiler.ts` (defines all Push3 opcodes)
        - Existing seed: `tools/push3-transpiler/optimizer_v3.push3` (current production optimizer)
        - Evolution seed: `tools/push3-transpiler/optimizer_seed.push3` (simpler starting point)
        - Push3 uses named bindings via `DYADIC.DEFINE` (e.g. `PERCENTAGESTAKED DYADIC.DEFINE`)
        - Outputs: 4 values left on the DYADIC stack (top to bottom): ci, anchorShare, anchorWidth, discoveryDepth
        - Inputs: 8 dyadic rational slots pushed onto stack (slot 0=percentageStaked on top, slot 1=averageTaxRate, 2-7=normalized indicators)
  - type: textarea
    id: deps
    attributes:
      label: Dependencies
      value: "- #667 (seed kindergarten — directory structure and manifest must exist first)"
--- a/.codeberg/ISSUE_TEMPLATE/refactor.yaml
+++ b/.codeberg/ISSUE_TEMPLATE/refactor.yaml
@ -0,0 +1,50 @@
 name: Refactor / Tech Debt
 about: Code improvement without changing behavior
 labels:
  - backlog
 body:
  - type: textarea
    id: what
    attributes:
      label: What needs cleaning up
      description: Current state and why it's a problem.
    validations:
      required: true
  - type: textarea
    id: approach
    attributes:
      label: Approach
      description: How to fix it. Specifics matter — the dev-agent will follow this literally.
    validations:
      required: true
  - type: textarea
    id: affected-files
    attributes:
      label: Affected files
      description: Every file that will change. Include test files.
    validations:
      required: true
  - type: textarea
    id: acceptance
    attributes:
      label: Acceptance criteria
      placeholder: |
        - [ ] Refactored code works identically (no behavior change)
        - [ ] Existing tests still pass
        - [ ] CI green
    validations:
      required: true
  - type: textarea
    id: deps
    attributes:
      label: Dependencies
      description: Issues that must be merged first. Leave empty if none.
      placeholder: "- #NNN (reason)"
  - type: textarea
    id: risks
    attributes:
      label: Risks
      description: What could break? Which e2e tests cover this area?
      placeholder: |
        - e2e/staking.spec.ts — exercises the staking flow that touches these files
        - Risk: CSS class rename could break selectors
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,76 @@
 # Exclude large directories and unnecessary files from Docker build context
 # Git
 .git/
 .github/
 # CI  
 .woodpecker/
 # Dependencies (will be installed during build)
 node_modules/
 **/node_modules/
 .pnpm-store/
 .npm/
 .yarn/
 # Build outputs
 dist/
 build/
 out/
 .next/
 .nuxt/
 .cache/
 # Development
 .vscode/
 .idea/
 *.swp
 *.swo
 *~
 # Logs
 *.log
 logs/
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
 # Test artifacts
 test-results/
 playwright-report/
 coverage/
 # Temporary files
 tmp/
 temp/
 *.tmp
 # OS files
 .DS_Store
 Thumbs.db
 # Ponder
 .ponder/
 services/ponder/.ponder/
 # Docker
 docker-compose.override.yml
 # Environment files
 .env
 .env.*
 !.env.example
 # Foundry artifacts (most will be built during bootstrap)
 # But keep ABI JSON files needed by kraiken-lib
 onchain/out/
 !onchain/out/Kraiken.sol/
 !onchain/out/Kraiken.sol/Kraiken.json
 !onchain/out/Stake.sol/
 !onchain/out/Stake.sol/Stake.json
 onchain/cache/
 onchain/broadcast/
 # Artifacts
 artifacts/
--- a/.gitignore
+++ b/.gitignore
@ -15,8 +15,7 @@ out/
 .infura
 .DS_Store
-/onchain/lib/**/node-modules/
+**/node_modules/
 onchain/node_modules/
 # Ignore vim files:
 *~
@ -27,7 +26,6 @@ ponder-repo
 tmp
 foundry.lock
 services/ponder/.env.local
 node_modules
 # Test artifacts
 test-results/
@ -37,3 +35,10 @@ services/ponder/.ponder/
 # Temporary files
 /tmp/
 logs/
 # Holdout scenarios (cloned at runtime by evaluate.sh)
 .holdout-scenarios/
 # Local deployment addresses (generated per-run by bootstrap scripts)
 onchain/deployments-local.json
--- a/.gitmodules
+++ b/.gitmodules
@ -7,12 +7,13 @@
 [submodule "onchain/lib/uni-v3-lib"]
 	path = onchain/lib/uni-v3-lib
 	url = https://github.com/Aperture-Finance/uni-v3-lib
-[submodule "onchain/lib/pt-v5-twab-controller"]
+	ignore = dirty
 	path = onchain/lib/pt-v5-twab-controller
 	url = https://github.com/GenerationSoftware/pt-v5-twab-controller
 [submodule "onchain/lib/openzeppelin-contracts"]
 	path = onchain/lib/openzeppelin-contracts
 	url = https://github.com/openzeppelin/openzeppelin-contracts
 [submodule "onchain/lib/abdk-libraries-solidity"]
 	path = onchain/lib/abdk-libraries-solidity
 	url = https://github.com/abdk-consulting/abdk-libraries-solidity
 [submodule "onchain/lib/pt-v5-twab-controller"]
 	path = onchain/lib/pt-v5-twab-controller
 	url = https://github.com/GenerationSoftware/pt-v5-twab-controller
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@ -21,8 +21,9 @@ if [ -f "onchain/src/Kraiken.sol" ] && [ -f "kraiken-lib/src/version.ts" ]; then
      echo "  Library VERSION: $LIB_VERSION"
      echo "  Compatible versions: $COMPATIBLE"
-      # Check if contract version is in compatible list
+      # Check if contract version is in compatible list (strip spaces for reliable matching)
-      if echo ",$COMPATIBLE," | grep -q ",$CONTRACT_VERSION,"; then
+      COMPATIBLE_CLEAN=$(echo "$COMPATIBLE" | tr -d ' ')
      if echo ",$COMPATIBLE_CLEAN," | grep -q ",$CONTRACT_VERSION,"; then
        echo "  ✓ Version sync validated"
      else
        echo "  ❌ Version validation failed!"
--- a/.lintstagedrc.json
+++ b/.lintstagedrc.json
@ -0,0 +1,4 @@
 {
  "tests/**/*.ts": ["eslint"],
  "scripts/**/*.ts": ["eslint"]
 }
--- a/.woodpecker/build-ci-images.yml
+++ b/.woodpecker/build-ci-images.yml
@ -0,0 +1,144 @@
 # Build and push CI images for E2E testing services
 # Triggered on changes to service code or Dockerfiles
 kind: pipeline
 type: docker
 name: build-ci-images
 when:
  event: push
  branch:
    - master
    - feature/ci
  path:
    include:
      - .woodpecker/build-ci-images.yml
      - docker/Dockerfile.service-ci
      - docker/Dockerfile.node-ci
      - containers/*-entrypoint.sh
      - containers/entrypoint-common.sh
      - kraiken-lib/**
      - onchain/**
      - services/ponder/**
      - services/txnBot/**
      - web-app/**
      - landing/**
      - scripts/sync-tax-rates.mjs
      - scripts/bootstrap-common.sh
 steps:
  # Compile Solidity contracts to generate ABI files needed by Dockerfiles
  - name: compile-contracts
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          # Initialize git submodules (required for forge dependencies)
          git submodule update --init --recursive
          # Install uni-v3-lib dependencies (required for Uniswap interfaces)
          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
          # Build contracts to generate ABI files
          cd onchain
          export PATH=/root/.foundry/bin:$PATH
          forge build
        '
  - name: build-and-push-images
    image: docker:27-cli
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      REGISTRY: registry.niovi.voyage
      REGISTRY_USER: ciuser
      REGISTRY_PASSWORD:
        from_secret: registry_password
    commands:
      - |
        set -eux
        # Login to registry
        echo "$REGISTRY_PASSWORD" | docker login "$REGISTRY" -u "$REGISTRY_USER" --password-stdin
        SHA="${CI_COMMIT_SHA:0:7}"
        # Build and push node-ci (base image with Foundry pre-installed)
        echo "=== Building node-ci ==="
        docker build \
          -f docker/Dockerfile.node-ci \
          -t "$REGISTRY/harb/node-ci:$SHA" \
          -t "$REGISTRY/harb/node-ci:latest" \
          .
        docker push "$REGISTRY/harb/node-ci:$SHA"
        docker push "$REGISTRY/harb/node-ci:latest"
        # Build and push ponder-ci (unified Dockerfile)
        echo "=== Building ponder-ci ==="
        docker build \
          -f docker/Dockerfile.service-ci \
          --build-arg SERVICE_DIR=services/ponder \
          --build-arg SERVICE_PORT=42069 \
          --build-arg ENTRYPOINT_SCRIPT=containers/ponder-entrypoint.sh \
          --build-arg HEALTHCHECK_RETRIES=12 \
          --build-arg HEALTHCHECK_START=20s \
          --build-arg NEEDS_SYMLINKS=false \
          -t "$REGISTRY/harb/ponder-ci:$SHA" \
          -t "$REGISTRY/harb/ponder-ci:latest" \
          .
        docker push "$REGISTRY/harb/ponder-ci:$SHA"
        docker push "$REGISTRY/harb/ponder-ci:latest"
        # Build and push webapp-ci (unified Dockerfile)
        echo "=== Building webapp-ci ==="
        docker build \
          -f docker/Dockerfile.service-ci \
          --build-arg SERVICE_DIR=web-app \
          --build-arg SERVICE_PORT=5173 \
          --build-arg HEALTHCHECK_PATH=/app/ \
          --build-arg HEALTHCHECK_RETRIES=84 \
          --build-arg HEALTHCHECK_START=15s \
          --build-arg ENTRYPOINT_SCRIPT=containers/webapp-entrypoint.sh \
          --build-arg NODE_ENV=development \
          --build-arg NEEDS_SYMLINKS=true \
          -t "$REGISTRY/harb/webapp-ci:$SHA" \
          -t "$REGISTRY/harb/webapp-ci:latest" \
          .
        docker push "$REGISTRY/harb/webapp-ci:$SHA"
        docker push "$REGISTRY/harb/webapp-ci:latest"
        # Build and push landing-ci (unified Dockerfile)
        echo "=== Building landing-ci ==="
        docker build \
          -f docker/Dockerfile.service-ci \
          --build-arg SERVICE_DIR=landing \
          --build-arg SERVICE_PORT=5174 \
          --build-arg ENTRYPOINT_SCRIPT=containers/landing-ci-entrypoint.sh \
          --build-arg NODE_ENV=development \
          --build-arg HEALTHCHECK_RETRIES=6 \
          --build-arg HEALTHCHECK_START=10s \
          --build-arg NEEDS_SYMLINKS=false \
          -t "$REGISTRY/harb/landing-ci:$SHA" \
          -t "$REGISTRY/harb/landing-ci:latest" \
          .
        docker push "$REGISTRY/harb/landing-ci:$SHA"
        docker push "$REGISTRY/harb/landing-ci:latest"
        # Build and push txnbot-ci (unified Dockerfile)
        echo "=== Building txnbot-ci ==="
        docker build \
          -f docker/Dockerfile.service-ci \
          --build-arg SERVICE_DIR=services/txnBot \
          --build-arg SERVICE_PORT=43069 \
          --build-arg HEALTHCHECK_PATH=/status \
          --build-arg HEALTHCHECK_RETRIES=4 \
          --build-arg HEALTHCHECK_START=10s \
          --build-arg ENTRYPOINT_SCRIPT=containers/txnbot-entrypoint.sh \
          --build-arg NPM_INSTALL_CMD=install \
          --build-arg NEEDS_SYMLINKS=false \
          -t "$REGISTRY/harb/txnbot-ci:$SHA" \
          -t "$REGISTRY/harb/txnbot-ci:latest" \
          .
        docker push "$REGISTRY/harb/txnbot-ci:$SHA"
        docker push "$REGISTRY/harb/txnbot-ci:latest"
        echo "=== All CI images built and pushed ==="
--- a/.woodpecker/ci.yml
+++ b/.woodpecker/ci.yml
@ -0,0 +1,226 @@
 kind: pipeline
 type: docker
 name: build-and-test
 when:
  event: pull_request
  path:
    exclude:
      - "formulas/**"
      - "evidence/**"
      - "docs/**"
      - "*.md"
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      depth: 50
      reference: /git-mirrors/harb.git
      netrc_machine: codeberg.org
      netrc_username: johba
      netrc_password:
        from_secret: codeberg_token
 steps:
  - name: bootstrap-deps
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          git submodule update --init --recursive
          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
        '
  - name: foundry-suite
    depends_on: [bootstrap-deps]
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          cd onchain
          export PATH=/root/.foundry/bin:$PATH
          forge --version
          forge build
          forge test -vvv
          forge snapshot
        '
  - name: contracts-local-fork
    depends_on: [foundry-suite]
    image: registry.niovi.voyage/harb/node-ci:latest
    environment:
      HARB_ENV: BASE_SEPOLIA_LOCAL_FORK
    commands:
      - |
        bash -c '
          set -euo pipefail
          cd onchain
          export PATH=/root/.foundry/bin:$PATH
          forge test -vv --ffi
        '
  # NOTE: contracts-base-sepolia step removed — requires base_sepolia_rpc secret
  # which is not configured. Re-add when RPC secret is provisioned.
  - name: transpiler-tests
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    when:
      - event: pull_request
        path:
          include:
            - tools/push3-transpiler/**
            - tools/push3-evolution/**
    commands:
      - |
        bash -c '
          set -euo pipefail
          cd tools/push3-transpiler
          npm install --silent
          npm run build
          npm test
        '
  - name: evolution-tests
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    when:
      - event: pull_request
        path:
          include:
            - tools/push3-evolution/**
            - tools/push3-transpiler/**
    commands:
      - |
        bash -c '
          set -euo pipefail
          cd tools/push3-transpiler
          npm install --silent
          cd ../push3-evolution
          npm install --silent
          npm run build
          npm test
        '
  - name: seed-transpile-check
    depends_on: [bootstrap-deps]
    image: registry.niovi.voyage/harb/node-ci:latest
    when:
      - event: pull_request
        path:
          include:
            - tools/push3-transpiler/**
            - tools/push3-evolution/seeds/**
    commands:
      - |
        bash -c '
          set -euo pipefail
          cd tools/push3-transpiler
          npm install --silent
          cd ../..
          export PATH=/root/.foundry/bin:$PATH
          failed=0
          for seed in tools/push3-evolution/seeds/*.push3; do
            name=$(basename "$seed")
            echo "--- Transpiling $name ---"
            if ! npx tsx tools/push3-transpiler/src/index.ts "$seed" onchain/src/OptimizerV3Push3.sol; then
              echo "WARN: $name failed to transpile (invalid program) — skipping" >&2
              continue
            fi
            echo "--- Compiling $name ---"
            if ! (cd onchain && forge build --skip test script --silent); then
              echo "FAIL: $name transpiled but Solidity compilation failed" >&2
              failed=1
            fi
          done
          git checkout onchain/src/OptimizerV3Push3.sol
          if [ "$failed" -ne 0 ]; then
            echo "ERROR: One or more seeds failed transpile+compile check" >&2
            exit 1
          fi
          echo "All seeds transpile and compile successfully."
        '
  - name: single-package-manager
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          if [ -f kraiken-lib/yarn.lock ]; then
            echo "ERROR: kraiken-lib/yarn.lock must not be committed. Use npm only (see packageManager field in kraiken-lib/package.json)." >&2
            exit 1
          fi
        '
  - name: validate-evolution-patch
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    when:
      - event: pull_request
        path:
          include:
            - onchain/**
            - tools/push3-evolution/**
    commands:
      - |
        bash -c '
          set -euo pipefail
          if ! git apply --check tools/push3-evolution/evolution.patch; then
            echo "ERROR: evolution.patch needs regeneration — see tools/push3-evolution/evolution.conf" >&2
            exit 1
          fi
          echo "evolution.patch applies cleanly."
        '
  - name: optimizer-not-mutated
    depends_on: []
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          if ! git diff --exit-code onchain/src/OptimizerV3.sol; then
            echo "ERROR: onchain/src/OptimizerV3.sol has uncommitted mutations (likely left by batch-eval or inject.sh)." >&2
            exit 1
          fi
          echo "OptimizerV3.sol is clean."
        '
  - name: node-quality
    depends_on: [foundry-suite]
    image: registry.niovi.voyage/harb/node-ci:latest
    environment:
      CI: "true"
      NODE_OPTIONS: "--max-old-space-size=2048"
    commands:
      - |
        bash -c '
          set -euo pipefail
          npm config set fund false
          npm config set audit false
          ./scripts/build-kraiken-lib.sh
          # Root install links workspace packages (@harb/web3) + all workspace members
          npm install --no-audit --no-fund
          # Landing (workspace member — deps already installed by root)
          npm run lint --prefix landing
          npm run build --prefix landing
          # Web-app (workspace member)
          npm run lint --prefix web-app
          npm run test --prefix web-app -- --run
          npm run build --prefix web-app
          # Ponder (standalone — not a workspace member)
          npm install --prefix services/ponder --no-audit --no-fund
          npm run lint --prefix services/ponder
          npm run build --prefix services/ponder
          # TxnBot (standalone)
          npm install --prefix services/txnBot --no-audit --no-fund
          npm run lint --prefix services/txnBot
          npm run test --prefix services/txnBot
          npm run build --prefix services/txnBot
        '
--- a/.woodpecker/e2e.yml
+++ b/.woodpecker/e2e.yml
@ -0,0 +1,478 @@
 # E2E Testing Pipeline using Native Woodpecker Services
 # No Docker-in-Docker - uses pre-built images for fast startup
 kind: pipeline
 type: docker
 name: e2e
 when:
  event: pull_request
  path:
    exclude:
      - "tools/**"
      - "onchain/test/FitnessEvaluator*"
      - "docs/**"
      - "formulas/**"
      - "evidence/**"
      - ".codeberg/**"
      - "*.md"
 clone:
  git:
    image: woodpeckerci/plugin-git
    settings:
      depth: 50
      reference: /git-mirrors/harb.git
      netrc_machine: codeberg.org
      netrc_username: johba
      netrc_password:
        from_secret: codeberg_token
 # All background services - services get proper DNS resolution in Woodpecker
 # Note: Services can't depend on steps, so they wait internally for contracts.env
 services:
  # PostgreSQL for Ponder
  - name: postgres
    image: postgres:16-alpine
    environment:
      POSTGRES_USER: ponder
      POSTGRES_PASSWORD: ponder_local
      POSTGRES_DB: ponder_local
  # Anvil blockchain fork
  - name: anvil
    image: ghcr.io/foundry-rs/foundry:latest
    entrypoint:
      - anvil
      - --host=0.0.0.0
      - --port=8545
      - --fork-url=https://sepolia.base.org
      - --fork-block-number=20000000
      - --chain-id=31337
      - --accounts=10
      - --balance=10000
  # Ponder indexer - waits for contracts.env from bootstrap
  - name: ponder
    image: registry.niovi.voyage/harb/ponder-ci:latest
    commands:
      - |
        set -eu
        # Wait for contracts.env (bootstrap writes it after deploying)
        echo "=== Waiting for contracts.env ==="
        for i in $(seq 1 120); do
          if [ -f /woodpecker/src/contracts.env ]; then
            echo "Found contracts.env after $i attempts"
            break
          fi
          echo "Waiting for contracts.env... ($i/120)"
          sleep 3
        done
        if [ ! -f /woodpecker/src/contracts.env ]; then
          echo "ERROR: contracts.env not found after 6 minutes"
          exit 1
        fi
        # Source contract addresses from bootstrap
        . /woodpecker/src/contracts.env
        echo "=== Contract addresses ==="
        echo "KRAIKEN=$KRAIKEN"
        echo "STAKE=$STAKE"
        echo "START_BLOCK=$START_BLOCK"
        # Export env vars required by ponder
        export DATABASE_URL="$DATABASE_URL"
        export DATABASE_SCHEMA="ponder_ci_$START_BLOCK"
        export START_BLOCK="$START_BLOCK"
        export KRAIKEN_ADDRESS="$KRAIKEN"
        export STAKE_ADDRESS="$STAKE"
        export LM_ADDRESS="${LIQUIDITY_MANAGER:-0x0000000000000000000000000000000000000000}"
        export PONDER_NETWORK=BASE_SEPOLIA_LOCAL_FORK
        export PONDER_RPC_URL_BASE_SEPOLIA_LOCAL_FORK="$PONDER_RPC_URL_1"
        export PONDER_RPC_URL_1="$PONDER_RPC_URL_1"
        # Overlay kraiken-lib and ponder source from workspace
        # CI_WORKSPACE points to the repo checkout directory
        WS="${CI_WORKSPACE:-$(pwd)}"
        echo "=== Workspace: $WS ==="
        echo "=== Overlaying kraiken-lib from workspace ==="
        if [ -d "$WS/kraiken-lib/dist" ]; then
          cp -r "$WS/kraiken-lib/dist/." /app/kraiken-lib/dist/
          cp -r "$WS/kraiken-lib/src/." /app/kraiken-lib/src/
          echo "kraiken-lib updated from workspace (src + dist)"
        elif [ -d "$WS/kraiken-lib/src" ]; then
          cp -r "$WS/kraiken-lib/src/." /app/kraiken-lib/src/
          echo "kraiken-lib/src updated (dist not available — may need rebuild)"
        else
          echo "WARNING: kraiken-lib not found at $WS/kraiken-lib"
        fi
        echo "=== Overlaying ponder source from workspace ==="
        # Copy individual source files (not the directory itself) to avoid nested src/src/
        if [ -d "$WS/services/ponder/src" ]; then
          cp -r "$WS/services/ponder/src/." /app/services/ponder/src/
          echo "ponder/src files updated from workspace"
        fi
        for f in ponder.schema.ts ponder.config.ts; do
          if [ -f "$WS/services/ponder/$f" ]; then
            cp "$WS/services/ponder/$f" /app/services/ponder/"$f"
            echo "ponder/$f updated from workspace"
          fi
        done
        echo "=== Starting Ponder (pre-built image + workspace overlay) ==="
        cd /app/services/ponder
        {
          echo "DATABASE_URL=${DATABASE_URL}"
          echo "PONDER_RPC_URL_1=${PONDER_RPC_URL_1}"
          echo "DATABASE_SCHEMA=${DATABASE_SCHEMA}"
          echo "START_BLOCK=${START_BLOCK}"
        } > .env.local
        # Use 'start' mode in CI — 'dev' mode watches for file changes and causes
        # a hot-restart loop when workspace overlay modifies source files
        exec npm run start
  # Webapp - waits for contracts.env from bootstrap
  - name: webapp
    image: registry.niovi.voyage/harb/webapp-ci:latest
    environment:
      CI: "true"
    commands:
      - |
        set -eu
        # Wait for contracts.env (bootstrap writes it after deploying)
        echo "=== Waiting for contracts.env ==="
        for i in $(seq 1 120); do
          if [ -f /woodpecker/src/contracts.env ]; then
            echo "Found contracts.env after $i attempts"
            break
          fi
          echo "Waiting for contracts.env... ($i/120)"
          sleep 3
        done
        if [ ! -f /woodpecker/src/contracts.env ]; then
          echo "ERROR: contracts.env not found after 6 minutes"
          exit 1
        fi
        # Source contract addresses from bootstrap
        . /woodpecker/src/contracts.env
        # Export environment variables for Vite
        export VITE_KRAIKEN_ADDRESS="$KRAIKEN"
        export VITE_STAKE_ADDRESS="$STAKE"
        export VITE_DEFAULT_CHAIN_ID=31337
        export VITE_LOCAL_RPC_PROXY_TARGET=http://anvil:8545
        export VITE_LOCAL_GRAPHQL_PROXY_TARGET=http://ponder:42069
        # Default is the Sepolia SwapRouter; override via VITE_SWAP_ROUTER env var for other networks.
        export VITE_SWAP_ROUTER="${VITE_SWAP_ROUTER:-0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4}"
        export VITE_ENABLE_LOCAL_SWAP=true
        export VITE_BASE_PATH=/app/
        # Overlay kraiken-lib from workspace (may be newer than baked-in image)
        WS="${CI_WORKSPACE:-$(pwd)}"
        echo "=== Overlaying kraiken-lib from workspace ==="
        if [ -d "$WS/kraiken-lib/dist" ]; then
          cp -r "$WS/kraiken-lib/dist/." /app/kraiken-lib/dist/
          cp -r "$WS/kraiken-lib/src/." /app/kraiken-lib/src/
          echo "kraiken-lib updated from workspace (src + dist)"
        elif [ -d /app/kraiken-lib/src ]; then
          echo "kraiken-lib/src found in image (using baked-in version)"
        else
          echo "ERROR: kraiken-lib/src not found!"
          exit 1
        fi
        # Overlay webapp source from workspace (ensures CI tests current branch)
        echo "=== Overlaying webapp source from workspace ==="
        if [ -d "$WS/web-app/src" ]; then
          cp -r "$WS/web-app/src/." /app/web-app/src/
          echo "webapp/src updated from workspace"
        fi
        for f in vite.config.ts vite.config.js; do
          if [ -f "$WS/web-app/$f" ]; then
            cp "$WS/web-app/$f" /app/web-app/"$f"
            echo "webapp/$f updated from workspace"
          fi
        done
        # Overlay @harb/web3 shared package from workspace
        if [ -d "$WS/packages/web3" ]; then
          mkdir -p /app/packages/web3
          cp -r "$WS/packages/web3/." /app/packages/web3/
          # Link @harb/web3 into web-app node_modules
          mkdir -p /app/web-app/node_modules/@harb
          ln -sf /app/packages/web3 /app/web-app/node_modules/@harb/web3
          # Symlink wagmi/viem into packages dir so @harb/web3 can resolve them
          mkdir -p /app/packages/web3/node_modules
          ln -sf /app/web-app/node_modules/@wagmi /app/packages/web3/node_modules/@wagmi
          ln -sf /app/web-app/node_modules/viem /app/packages/web3/node_modules/viem
          echo "@harb/web3 linked with wagmi/viem deps"
        fi
        # Overlay @harb/utils shared package from workspace
        if [ -d "$WS/packages/utils" ]; then
          mkdir -p /app/packages/utils
          cp -r "$WS/packages/utils/." /app/packages/utils/
          # Link @harb/utils into web-app node_modules
          mkdir -p /app/web-app/node_modules/@harb
          ln -sf /app/packages/utils /app/web-app/node_modules/@harb/utils
          # Symlink viem into packages dir so @harb/utils can resolve it
          mkdir -p /app/packages/utils/node_modules
          ln -sf /app/web-app/node_modules/viem /app/packages/utils/node_modules/viem
          echo "@harb/utils linked with viem dep"
        fi
        # Overlay @harb/analytics shared package from workspace
        if [ -d "$WS/packages/analytics" ]; then
          mkdir -p /app/packages/analytics
          cp -r "$WS/packages/analytics/." /app/packages/analytics/
          mkdir -p /app/web-app/node_modules/@harb
          ln -sf /app/packages/analytics /app/web-app/node_modules/@harb/analytics
          echo "@harb/analytics linked for webapp"
        fi
        echo "=== Starting webapp (pre-built image + source overlay) ==="
        cd /app/web-app
        # Explicitly set CI=true to disable Vue DevTools in vite.config.ts
        # (prevents 500 errors from devtools path resolution in CI environment)
        export CI=true
        echo "CI=$CI (should be 'true' to disable Vue DevTools)"
        exec npm run dev -- --host 0.0.0.0 --port 5173 --base /app/
  # Landing page - no contracts needed, starts immediately
  - name: landing
    image: registry.niovi.voyage/harb/landing-ci:latest
    commands:
      - |
        set -eu
        # Overlay landing source from workspace
        WS="${CI_WORKSPACE:-$(pwd)}"
        if [ -d "$WS/landing/src" ]; then
          cp -r "$WS/landing/src/." /app/landing/src/
          echo "landing/src updated from workspace"
        fi
        for f in vite.config.ts vite.config.js; do
          if [ -f "$WS/landing/$f" ]; then
            cp "$WS/landing/$f" /app/landing/"$f"
            echo "landing/$f updated from workspace"
          fi
        done
        # Overlay @harb/web3 shared package
        if [ -d "$WS/packages/web3" ]; then
          mkdir -p /app/packages/web3
          cp -r "$WS/packages/web3/." /app/packages/web3/
          # Landing CI image doesn't have wagmi — install it
          cd /app/landing
          npm install --no-audit --no-fund @wagmi/vue viem 2>/dev/null || true
          # Link @harb/web3
          mkdir -p /app/landing/node_modules/@harb
          ln -sf /app/packages/web3 /app/landing/node_modules/@harb/web3
          # Symlink wagmi/viem into packages dir for resolution
          mkdir -p /app/packages/web3/node_modules
          ln -sf /app/landing/node_modules/@wagmi /app/packages/web3/node_modules/@wagmi 2>/dev/null || true
          ln -sf /app/landing/node_modules/viem /app/packages/web3/node_modules/viem 2>/dev/null || true
          echo "@harb/web3 linked for landing"
        fi
        # Overlay @harb/ui-shared shared package from workspace
        if [ -d "$WS/packages/ui-shared" ]; then
          mkdir -p /app/packages/ui-shared
          cp -r "$WS/packages/ui-shared/." /app/packages/ui-shared/
          # Link @harb/ui-shared into landing node_modules
          mkdir -p /app/landing/node_modules/@harb
          ln -sf /app/packages/ui-shared /app/landing/node_modules/@harb/ui-shared
          # Symlink vue into packages dir so @harb/ui-shared can resolve it
          mkdir -p /app/packages/ui-shared/node_modules
          ln -sf /app/landing/node_modules/vue /app/packages/ui-shared/node_modules/vue 2>/dev/null || true
          echo "@harb/ui-shared linked for landing"
        fi
        # Overlay @harb/analytics shared package from workspace
        if [ -d "$WS/packages/analytics" ]; then
          mkdir -p /app/packages/analytics
          cp -r "$WS/packages/analytics/." /app/packages/analytics/
          mkdir -p /app/landing/node_modules/@harb
          ln -sf /app/packages/analytics /app/landing/node_modules/@harb/analytics
          echo "@harb/analytics linked for landing"
        fi
        echo "=== Starting landing (pre-built image + source overlay) ==="
        cd /app/landing
        exec npm run dev -- --host 0.0.0.0 --port 5174
  # Caddy proxy - waits for contracts.env to ensure other services are starting
  - name: caddy
    image: caddy:2.8-alpine
    commands:
      - |
        # Wait briefly for other services to start
        echo "=== Waiting for contracts.env before starting Caddy ==="
        for i in $(seq 1 120); do
          if [ -f /woodpecker/src/contracts.env ]; then
            echo "Found contracts.env, starting Caddy..."
            break
          fi
          echo "Waiting for contracts.env... ($i/120)"
          sleep 3
        done
        printf '%s\n' ':8081 {' \
          '  route /app* {' \
          '    reverse_proxy webapp:5173' \
          '  }' \
          '  route /api/graphql* {' \
          '    uri strip_prefix /api' \
          '    reverse_proxy ponder:42069' \
          '  }' \
          '  route /api/rpc* {' \
          '    uri strip_prefix /api/rpc' \
          '    reverse_proxy anvil:8545' \
          '  }' \
          '  reverse_proxy landing:5174' \
          '}' > /etc/caddy/Caddyfile
        exec caddy run --config /etc/caddy/Caddyfile
 steps:
  # Step 0: Install dependencies for onchain compilation
  - name: install-deps
    image: node:20-alpine
    commands:
      - |
        set -eu
        apk add --no-cache git
        echo "=== Installing uni-v3-lib dependencies ==="
        git submodule update --init --recursive
        cd onchain/lib/uni-v3-lib
        npm install
  # Step 1: Wait for base services and deploy contracts
  # Uses pre-built node-ci image with Foundry pre-installed (saves ~60s)
  - name: bootstrap
    image: registry.niovi.voyage/harb/node-ci:latest
    depends_on:
      - install-deps
    commands:
      - |
        # Create a bootstrap wrapper that runs under bash
        # (Woodpecker uses /bin/sh which lacks 'source' and bash-isms)
        export ANVIL_RPC=http://anvil:8545
        export CONTRACT_ENV=/woodpecker/src/contracts.env
        export LOG_FILE=/dev/null
        export ONCHAIN_DIR="$PWD/onchain"
        export TXNBOT_FUND_VALUE=10ether
        export TXNBOT_ADDRESS=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
        export TXNBOT_PRIVATE_KEY=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
        exec bash scripts/ci-bootstrap.sh
  # Step 2: Wait for stack to be healthy (services run in background)
  - name: wait-for-stack
    image: alpine:3.20
    depends_on:
      - bootstrap
    commands:
      - |
        set -eu
        apk add --no-cache curl bash
        echo "=== Waiting for DNS resolution (Docker embedded DNS can be slow under load) ==="
        for svc in ponder webapp landing caddy; do
          for attempt in $(seq 1 60); do
            if getent hosts "$svc" >/dev/null 2>&1; then
              echo "[dns] $svc resolved after $attempt attempts"
              break
            fi
            echo "[dns] ($attempt/60) waiting for $svc DNS..."
            sleep 5
          done
        done
        echo "=== Waiting for stack to be healthy (max 7 min) ==="
        bash scripts/wait-for-service.sh http://ponder:42069/health   420 ponder
        # Wait for ponder to finish historical indexing (not just respond)
        # /ready returns 200 only when fully synced, 503 while indexing
        echo "=== Waiting for Ponder indexing to complete ==="
        for i in $(seq 1 120); do
          HTTP_CODE=$(curl -sf -o /dev/null -w '%{http_code}' --max-time 3 http://ponder:42069/ready 2>/dev/null || echo "000")
          if [ "$HTTP_CODE" = "200" ]; then
            echo "[wait] Ponder fully indexed after $((i * 3))s"
            break
          fi
          if [ "$i" = "120" ]; then
            echo "[wait] WARNING: Ponder not fully indexed after 360s, continuing anyway"
          fi
          echo "[wait] ($i/120) Ponder indexing... (HTTP $HTTP_CODE)"
          sleep 3
        done
        bash scripts/wait-for-service.sh http://webapp:5173/app/      420 webapp
        bash scripts/wait-for-service.sh http://landing:5174/         420 landing
        bash scripts/wait-for-service.sh http://caddy:8081/app/       420 caddy
        echo "=== Stack is healthy ==="
  # Step 3: Run E2E tests — cross-browser matrix
  # Chromium runs all specs (01-07), then Firefox/WebKit/mobile run read-only specs (03,06,07).
  # The matrix is defined in playwright.config.ts via `projects`.
  - name: run-e2e-tests
    image: mcr.microsoft.com/playwright:v1.55.1-jammy
    depends_on:
      - wait-for-stack
    timeout: 1800
    environment:
      STACK_BASE_URL: http://caddy:8081
      STACK_RPC_URL: http://caddy:8081/api/rpc
      STACK_WEBAPP_URL: http://caddy:8081
      STACK_GRAPHQL_URL: http://caddy:8081/api/graphql
      CI: "true"
    commands:
      - |
        set -eux
        echo "=== Checking system resources ==="
        free -h || true
        cat /proc/meminfo | grep -E 'MemTotal|MemAvail' || true
        echo "=== Verifying Playwright browsers ==="
        npx playwright install --dry-run 2>&1 || true
        ls -la /ms-playwright/ 2>/dev/null || echo "No /ms-playwright directory"
        echo "=== Installing test dependencies ==="
        npm config set fund false
        npm config set audit false
        npm ci --no-audit --no-fund
        echo "=== Running E2E tests — cross-browser matrix (workers=1 to limit memory) ==="
        npx playwright test --reporter=list --workers=1
  # Step 4: Collect artifacts
  - name: collect-artifacts
    image: alpine:3.20
    depends_on:
      - run-e2e-tests
    when:
      status:
        - success
        - failure
    commands:
      - |
        set -eu
        apk add --no-cache tar gzip
        mkdir -p artifacts
        if [ -d playwright-report ]; then
          tar -czf artifacts/playwright-report.tgz playwright-report
          echo "Playwright report archived"
        fi
        if [ -d test-results ]; then
          tar -czf artifacts/test-results.tgz test-results
          echo "Test results archived"
        fi
        ls -lh artifacts/ 2>/dev/null || echo "No artifacts"
--- a/.woodpecker/fuzz-nightly.yml
+++ b/.woodpecker/fuzz-nightly.yml
@ -0,0 +1,45 @@
 kind: pipeline
 type: docker
 name: fuzz-nightly
 when:
  event: cron
 steps:
  - name: bootstrap-deps
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          git submodule update --init --recursive
          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
        '
  - name: fuzz
    image: registry.niovi.voyage/harb/node-ci:latest
    commands:
      - |
        bash -c '
          set -euo pipefail
          if ! command -v bc >/dev/null 2>&1; then
            apt-get update
            apt-get install -y bc
          fi
          cd onchain
          export PATH=/root/.foundry/bin:$PATH
          forge --version
          ./analysis/run-fuzzing.sh BullMarketOptimizer runs=75
        '
  - name: package-results
    image: alpine:3.20
    when:
      status:
        - success
        - failure
    commands:
      - set -e
      - apk add --no-cache tar
      - mkdir -p artifacts
      - if [ -d onchain/analysis ]; then tar -czf artifacts/fuzz-results.tgz onchain/analysis; fi
--- a/.woodpecker/passthrough.yaml
+++ b/.woodpecker/passthrough.yaml
@ -0,0 +1,12 @@
 kind: pipeline
 type: docker
 name: passthrough
 when:
  - event: pull_request
 steps:
  - name: pass
    image: alpine
    commands:
      - echo "ok"
--- a/.woodpecker/release.yml
+++ b/.woodpecker/release.yml
@ -0,0 +1,177 @@
 kind: pipeline
 type: docker
 name: release
 when:
  event: tag
 steps:
  - name: version-check
    image: registry.niovi.voyage/harb/node-ci:latest
    when:
      event: tag
    commands:
      - |
          bash -c '
            set -euo pipefail
            git submodule update --init --recursive
          corepack enable
          yarn --cwd onchain/lib/uni-v3-lib install --frozen-lockfile
          export PATH=/root/.foundry/bin:$PATH
          forge build >/dev/null
            npm config set fund false
            npm config set audit false
            npm install --prefix kraiken-lib --no-audit --no-fund
            ./scripts/build-kraiken-lib.sh
            node <<\"NODE\"
            import fs from \"fs\";
            const sol = fs.readFileSync(\"onchain/src/Kraiken.sol\", \"utf8\");
            const lib = fs.readFileSync(\"kraiken-lib/src/version.ts\", \"utf8\");
            const contractVersionMatch = sol.match(/VERSION\\s*=\\s*(\\d+)/);
            if (!contractVersionMatch) {
              console.error(\"Unable to find VERSION constant in Kraiken.sol\");
              process.exit(1);
            }
            const contractVersion = Number(contractVersionMatch[1]);
            const libVersionMatch = lib.match(/KRAIKEN_LIB_VERSION\\s*=\\s*(\\d+)/);
            if (!libVersionMatch) {
              console.error(\"Unable to find KRAIKEN_LIB_VERSION in kraiken-lib/src/version.ts\");
              process.exit(1);
            }
            const libVersion = Number(libVersionMatch[1]);
            const compatMatch = lib.match(/COMPATIBLE_CONTRACT_VERSIONS\\s*=\\s*\\[([^\\]]*)\\]/);
            if (!compatMatch) {
              console.error(\"Unable to find COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts\");
              process.exit(1);
            }
            const compatibleVersions = compatMatch[1]
              .split(\",\")
              .map(v => v.trim())
              .filter(Boolean)
              .map(Number);
            if (contractVersion !== libVersion) {
              console.error(\"Contract VERSION (\" + contractVersion + \") and KRAIKEN_LIB_VERSION (\" + libVersion + \") differ\");
              process.exit(1);
            }
            if (!compatibleVersions.includes(contractVersion)) {
              console.error(\"Contract VERSION \" + contractVersion + \" missing from COMPATIBLE_CONTRACT_VERSIONS [\" + compatibleVersions.join(\", \") + \"]\");
              process.exit(1);
            }
            console.log(\"Version check passed for VERSION \" + contractVersion);
            NODE
          '
  - name: build-artifacts
    image: registry.niovi.voyage/harb/node-ci:latest
    depends_on:
      - version-check
    when:
      event: tag
    commands:
      - |
          bash -c '
            set -euo pipefail
            npm config set fund false
            npm config set audit false
          npm install --prefix kraiken-lib --no-audit --no-fund
          ./scripts/build-kraiken-lib.sh
          npm install --prefix landing --no-audit --no-fund
          npm install --prefix web-app --no-audit --no-fund
          npm install --prefix services/ponder --no-audit --no-fund
          npm install --prefix services/txnBot --no-audit --no-fund
          npm install --no-audit --no-fund
          export PATH=/root/.foundry/bin:$PATH
          forge --version
          (cd onchain && forge build)
            npm run build --prefix landing
            npm run build --prefix web-app
            npm run build --prefix services/ponder
            npm run build --prefix services/txnBot
            rm -rf release
            mkdir -p release/dist
            cp -r onchain/out release/dist/abi
            cp -r kraiken-lib/dist release/dist/kraiken-lib
            cp -r landing/dist release/dist/landing
            cp -r web-app/dist release/dist/web-app
            cp -r services/txnBot/dist release/dist/txn-bot
            if [ -d services/ponder/generated ]; then
              cp -r services/ponder/generated release/dist/ponder-generated
            fi
            tar -czf release-bundle.tgz -C release dist
          '
  - name: docker-publish
    image: registry.niovi.voyage/harb/playwright-ci:latest
    pull: true
    privileged: true
    depends_on:
      - build-artifacts
    when:
      event: tag
    environment:
      REGISTRY_SERVER:
        from_secret: registry_server
      REGISTRY_NAMESPACE:
        from_secret: registry_namespace
      REGISTRY_USERNAME:
        from_secret: registry_username
      REGISTRY_PASSWORD:
        from_secret: registry_password
    commands:
      - |
          bash -c '
            set -eo pipefail
            if [ -z "${CI_COMMIT_TAG:-}" ]; then
              echo "CI_COMMIT_TAG not set" >&2
              exit 1
            fi
            if [ -z "${REGISTRY_SERVER:-}" ] || [ -z "${REGISTRY_NAMESPACE:-}" ]; then
              echo "Registry server or namespace missing" >&2
              exit 1
            fi
            TAG=$(printf '%s' "$CI_COMMIT_TAG" | sed "s#^refs/tags/##")
            export TAG
            if [ -z "${COMPOSE_PROJECT_NAME:-}" ]; then
              COMPOSE_PROJECT_NAME=harb
            fi
            REGISTRY_ROOT="${REGISTRY_SERVER:-registry.niovi.voyage}"
            REGISTRY_NS="${REGISTRY_NAMESPACE:-harb}"
            REGISTRY_BASE="$REGISTRY_ROOT/$REGISTRY_NS"
            docker login "$REGISTRY_ROOT" -u "$REGISTRY_USERNAME" -p "$REGISTRY_PASSWORD"
            # Build and publish CI base images
            node_ci_tmp=harb-node-ci-build
            playwright_ci_tmp=harb-playwright-ci-build
            docker build -f docker/Dockerfile.node-ci -t "$node_ci_tmp" .
            docker tag "$node_ci_tmp" "$REGISTRY_BASE/node-ci:$TAG"
            docker push "$REGISTRY_BASE/node-ci:$TAG"
            docker tag "$REGISTRY_BASE/node-ci:$TAG" "$REGISTRY_BASE/node-ci:latest"
            docker push "$REGISTRY_BASE/node-ci:latest"
            docker build -f docker/Dockerfile.playwright-ci -t "$playwright_ci_tmp" .
            docker tag "$playwright_ci_tmp" "$REGISTRY_BASE/playwright-ci:$TAG"
            docker push "$REGISTRY_BASE/playwright-ci:$TAG"
            docker tag "$REGISTRY_BASE/playwright-ci:$TAG" "$REGISTRY_BASE/playwright-ci:latest"
            docker push "$REGISTRY_BASE/playwright-ci:latest"
            docker-compose build ponder webapp landing txn-bot
            for service in ponder webapp landing txn-bot; do
              image=$(docker image ls --filter "label=com.docker.compose.project=$COMPOSE_PROJECT_NAME" --filter "label=com.docker.compose.service=$service" --format "{{.Repository}}:{{ .Tag }}" | head -n1)
              if [ -z "$image" ]; then
                echo "Unable to find built image for $service" >&2
                exit 1
              fi
              target="$REGISTRY_BASE/$service"
              docker tag "$image" "$target:$TAG"
              docker push "$target:$TAG"
              docker tag "$target:$TAG" "$target:latest"
              docker push "$target:latest"
            done
          '
--- a/AGENTS.md
+++ b/AGENTS.md
@ -1,73 +1,94 @@
 <!-- last-reviewed: baa501fa46355f7b04bffdf386d397ad19f69298 -->
 # Agent Brief: Harb Stack
-## Core Concepts
+## What is KRAIKEN?
- KRAIKEN couples Harberger-tax staking with a dominant Uniswap V3 liquidity manager to create asymmetric slippage, sentiment-driven pricing, and VWAP "price memory" safeguards.
+KRAIKEN couples Harberger-tax staking with a dominant Uniswap V3 liquidity manager to create asymmetric slippage, sentiment-driven pricing, and VWAP "price memory" safeguards. Liquidity dominance is mission-critical; treat any regression that weakens the LiquidityManager's control as a priority incident.
 - Liquidity dominance is mission-critical; treat any regression that weakens the LiquidityManager's control as a priority incident.
 - Harberger staking supplies the sentiment oracle that drives Optimizer parameters, which in turn tune liquidity placement and supply expansion.
 ## User Journey
-1. **Buy** - Acquire KRAIKEN on Uniswap.
+1. **Buy** — Acquire KRAIKEN on Uniswap.
-2. **Stake** - Declare a tax rate on kraiken.org to earn from protocol growth.
+2. **Stake** — Declare a tax rate on kraiken.org to earn from protocol growth.
-3. **Compete** - Snatch undervalued positions to optimise returns.
+3. **Compete** — Snatch undervalued positions to optimise returns.
-## Operating the Stack
+## Directory Map
- Start everything with `nohup ./scripts/dev.sh start &` and stop via `./scripts/dev.sh stop`. Do not launch services individually.
+| Path | What | Guide |
- **Restart modes** for faster iteration:
+|------|------|-------|
-  - `./scripts/dev.sh restart --light` - Fast restart (~10-20s): only webapp + txnbot, preserves Anvil/Ponder state. Use for frontend changes.
+| `onchain/` | Solidity + Foundry contracts, deploy scripts, fuzzing | [onchain/AGENTS.md](onchain/AGENTS.md) |
-  - `./scripts/dev.sh restart --full` - Full restart (~3-4min): redeploys contracts, fresh state. Use for contract changes.
+| `services/ponder/` | Ponder indexer powering the GraphQL API | [services/ponder/AGENTS.md](services/ponder/AGENTS.md) |
- Supported environments: `BASE_SEPOLIA_LOCAL_FORK` (default Anvil fork), `BASE_SEPOLIA`, and `BASE`. Match contract addresses and RPCs accordingly.
+| `landing/` | Vue 3 marketing + staking interface | [landing/AGENTS.md](landing/AGENTS.md) |
- The stack boots Anvil, deploys contracts, seeds liquidity, starts Ponder, launches the landing site, and runs the txnBot. Wait for logs to settle before manual testing.
+| `web-app/` | Staking UI | [web-app/AGENTS.md](web-app/AGENTS.md) |
 | `kraiken-lib/` | Shared TypeScript helpers for clients and bots | [kraiken-lib/AGENTS.md](kraiken-lib/AGENTS.md) |
 | `services/txnBot/` | Automation bot for `recenter()` and `payTax()` upkeep | [services/txnBot/AGENTS.md](services/txnBot/AGENTS.md) |
 | `formulas/` | TOML pipeline definitions (sense/act) for the evaluator | [formulas/AGENTS.md](formulas/AGENTS.md) |
 | `scripts/` | `dev.sh`, bootstrap, build helpers; `harb-evaluator/` red-team agent | [scripts/harb-evaluator/AGENTS.md](scripts/harb-evaluator/AGENTS.md) |
 | `packages/analytics/` | `@harb/analytics` — self-hosted Umami wrapper for funnel tracking | — |
 | `tests/e2e/` | Playwright end-to-end tests — desktop + mobile viewports (iPhone 14, Pixel 7), Chromium + Firefox cross-browser matrix; includes conversion funnel spec (`07-conversion-funnel.spec.ts`) | — |
 | `docs/` | Architecture, product truth, environment, ops guides | — |
-## Component Guides
+## Quick Start
- `onchain/` - Solidity + Foundry contracts, deploy scripts, and fuzzing helpers ([details](onchain/AGENTS.md)).
+```bash
- `services/ponder/` - Ponder indexer powering the GraphQL API ([details](services/ponder/AGENTS.md)).
+./scripts/dev.sh start    # boots full stack (~3-6 min first time)
- `landing/` - Vue 3 marketing + staking interface ([details](landing/AGENTS.md)).
+./scripts/dev.sh health   # verify all services healthy
- `kraiken-lib/` - Shared TypeScript helpers for clients and bots ([details](kraiken-lib/AGENTS.md)).
+./scripts/dev.sh stop     # stop and clean up
- `services/txnBot/` - Automation bot for `recenter()` and `payTax()` upkeep ([details](services/txnBot/AGENTS.md)).
+```
 See [docs/dev-environment.md](docs/dev-environment.md) for restart modes, ports, Docker topology, and common pitfalls.
-## Testing & Tooling
+## Docker / LXD Notes
- Contracts: run `forge build`, `forge test`, and `forge snapshot` inside `onchain/`.
+- Containers require `security_opt: apparmor=unconfined` when running inside LXD to avoid permission denied errors on Unix socket creation (Anvil, Postgres).
- Fuzzing: scripts under `onchain/analysis/` (e.g., `./analysis/run-fuzzing.sh [optimizer] debugCSV`) generate replayable scenarios.
+- Umami analytics runs on **port 3001** (moved from 3000 to avoid conflict with Forgejo when running alongside the disinto factory stack).
 - Integration: after the stack boots, inspect Anvil logs, hit `http://localhost:8081/api/graphql` for Ponder, and poll `http://localhost:8081/api/txn/status` for txnBot health.
 - **E2E Tests**: Playwright-based full-stack tests in `tests/e2e/` verify complete user journeys (mint ETH → swap KRK → stake). Run with `npm run test:e2e` from repo root. Tests use mocked wallet provider with Anvil accounts and automatically start/stop the stack. See `INTEGRATION_TEST_STATUS.md` and `SWAP_VERIFICATION.md` for details.
-## Version Validation System
+## Red-team Agent Context
- **Contract VERSION**: `Kraiken.sol` exposes a `VERSION` constant (currently v1) that must be incremented for breaking changes to TAX_RATES, events, or core data structures.
+The red-team agent (`scripts/harb-evaluator/red-team.sh`) injects the following Solidity sources into the agent prompt so it can reason from exact contract logic:
- **Ponder Validation**: On startup, Ponder reads the contract VERSION and validates against `COMPATIBLE_CONTRACT_VERSIONS` in `kraiken-lib/src/version.ts`. Fails hard (exit 1) on mismatch to prevent indexing wrong data.
+- `LiquidityManager.sol` — three-position manager, recenter, floor formula
- **Frontend Check**: Web-app validates `KRAIKEN_LIB_VERSION` at runtime (currently placeholder; future: query Ponder GraphQL for full 3-way validation).
+- `ThreePositionStrategy.sol` — position lifecycle abstractions
- **CI Enforcement**: GitHub workflow validates that contract VERSION is in `COMPATIBLE_CONTRACT_VERSIONS` before merging PRs.
+- `Optimizer.sol` / `OptimizerV3.sol` — current candidate under test
- See `VERSION_VALIDATION.md` for complete architecture, workflows, and troubleshooting.
+- `VWAPTracker.sol` / `PriceOracle.sol` — price oracle and VWAP mechanics
 - `Kraiken.sol` — `outstandingSupply()`, KRK mint/burn, transfer mechanics
 - `Stake.sol` — `snatch()`, withdrawal, KRK exclusion from floor denominator
-## Podman Orchestration
+## Key Patterns
- **Dependency Management**: `podman-compose.yml` has NO `depends_on` declarations. All service ordering is handled in `scripts/dev.sh` via phased startup with explicit health checks.
+- **ES Modules everywhere**: The entire stack uses `"type": "module"` and `import` syntax.
- **Why**: Podman's dependency graph validator fails when containers have compose metadata dependencies, causing "container not found in input list" errors even when containers exist.
+- **`token0isWeth`**: Flips amount semantics; confirm ordering before seeding or interpreting liquidity.
- **Startup Phases**: (1) Create all containers, (2) Start anvil+postgres and wait for healthy, (3) Start bootstrap and wait for completion, (4) Start ponder and wait for healthy, (5) Start webapp/landing/txn-bot, (6) Start caddy.
+- **Price^2 (X96)**: VWAP, `ethScarcity`, and Optimizer outputs operate on price^2. Avoid "normalising" to sqrt inadvertently.
- If you see dependency graph errors, verify `depends_on` was not re-added to `podman-compose.yml`.
+- **LiquidityManager funding**: Fund with Base WETH (`0x4200...0006`) before expecting `recenter()` to succeed.
 - **Ponder state**: Stored in `.ponder/`; drop the directory if schema changes break migrations.
 - **Harberger staking** supplies the sentiment oracle that drives Optimizer parameters, which in turn tune liquidity placement and supply expansion.
 - **viem v2 slot0**: `slot0()` returns an array, not a record. `tick` is at index 1 (e.g. `slot0Response[1]`), not `slot0Response.tick`.
-## Guardrails & Tips
+## Engineering Principles
- `token0isWeth` flips amount semantics; confirm ordering before seeding or interpreting liquidity.
+These apply to infrastructure (Docker, scripts, startup/teardown) and test/scenario execution — NOT to frontend polling of HTTP APIs where caching is the correct solution.
- VWAP, `ethScarcity`, and Optimizer outputs operate on price^2 (X96). Avoid "normalising" to sqrt inadvertently.
+
- Fund the LiquidityManager with Base WETH (`0x4200...0006`) before expecting `recenter()` to succeed.
+1. **Never use fixed delays or `waitForTimeout`** — react to actual events instead. Use `eth_subscribe` (WebSocket) for on-chain push notifications, `eth_newFilter` + `eth_getFilterChanges` for on-chain polling, DOM mutation observers or Playwright's `waitForSelector`/`waitForURL` for UI changes, callback patterns for async flows. Even if event-driven code takes more effort, it is always the right answer.
- Ponder stores data in `.ponder/`; drop the directory if schema changes break migrations.
+2. **Never use hardcoded expectations** — dynamic systems change. React to actual state, not assumed state. Don't assert a specific block number, token amount, or address unless it's a protocol constant.
- Keep git clean before committing; never leave commented-out code or untested changes.
+3. **Event subscription > polling with timeout > fixed delay** — prefer true push subscriptions (`eth_subscribe`, WebSocket, observers). When push is unavailable (e.g. HTTP-only RPC), polling with a timeout and clear error is acceptable. A fixed `sleep`/`wait`/`waitForTimeout` is never acceptable. Existing violations should be replaced when touched.
- **ES Modules**: The entire stack uses ES modules. kraiken-lib, txnBot, Ponder, and web-app all require `"type": "module"` in package.json and use `import` syntax.
+
- **kraiken-lib Build**: Run `./scripts/build-kraiken-lib.sh` before `podman-compose up` so containers mount a fresh `kraiken-lib/dist` from the host.
+**Note:** Frontend components polling HTTP APIs (e.g. LiveStats polling Ponder GraphQL) are fine — the scalability solution there is caching at the proxy layer, not subscriptions.
- **Live Reload**: `scripts/watch-kraiken-lib.sh` rebuilds on file changes (requires inotify-tools) and restarts dependent containers automatically.
+
 ## Before Opening a PR
 1. `forge build && forge test` in `onchain/` — contracts must compile and pass.
 2. Run `npm run test:e2e` from repo root if you touched frontend or services.
 3. `git diff --check` — no trailing whitespace or merge markers.
 4. Keep commits clean; never leave commented-out code or untested changes.
 5. If you changed `kraiken-lib`, rebuild: `./scripts/build-kraiken-lib.sh`.
 6. If you changed contract VERSION or events, update `COMPATIBLE_CONTRACT_VERSIONS` in `kraiken-lib/src/version.ts`.
 ## Code Quality & Git Hooks
- **Pre-commit Hooks**: Husky runs lint-staged on all staged files before commits. Each component (onchain, kraiken-lib, ponder, txnBot, web-app, landing) has `.lintstagedrc.json` configured for ESLint + Prettier.
+Pre-commit hooks (Husky + lint-staged) run ESLint + Prettier on staged files. Each component has its own `.lintstagedrc.json`. To test manually: `git add <files> && .husky/pre-commit`.
 - **Version Validation (Future)**: Pre-commit hook includes validation logic that will enforce version sync between `onchain/src/Kraiken.sol` (contract VERSION constant) and `kraiken-lib/src/version.ts` (COMPATIBLE_CONTRACT_VERSIONS array). This validation only runs if both files exist and contain version information.
 - **Husky Setup**: `.husky/pre-commit` orchestrates all pre-commit checks. Modify this file to add new validation steps.
 - To test hooks manually: `git add <files> && .husky/pre-commit`
-## Handy Commands
+## Deeper Docs
- `foundryup` - update Foundry toolchain.
+| Topic | File |
- `anvil --fork-url https://sepolia.base.org` - manual fork when diagnosing outside the helper script.
+|-------|------|
- `cast call <POOL> "slot0()"` - inspect pool state.
+| Dev environment, Docker, ports, pitfalls | [docs/dev-environment.md](docs/dev-environment.md) |
- `PONDER_NETWORK=BASE_SEPOLIA_LOCAL_FORK npm run dev` (inside `services/ponder/`) - focused indexer debugging when the full stack is already running.
+| Woodpecker CI setup and debugging | [docs/ci-pipeline.md](docs/ci-pipeline.md) |
- `curl -X POST http://localhost:8081/api/graphql -d '{"query":"{ stats(id:\"0x01\"){kraikenTotalSupply}}"}'`
+| Testing: Foundry, E2E, version validation | [docs/testing.md](docs/testing.md) |
- `curl http://localhost:8081/api/txn/status`
+| Codeberg API access and webhooks | [docs/codeberg-api.md](docs/codeberg-api.md) |
 | Product truth and positioning | [docs/PRODUCT-TRUTH.md](docs/PRODUCT-TRUTH.md) |
 | Architecture overview | [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md) |
 | UX decisions | [docs/UX-DECISIONS.md](docs/UX-DECISIONS.md) |
 | Environment configuration | [docs/ENVIRONMENT.md](docs/ENVIRONMENT.md) |
 | Version validation architecture | [VERSION_VALIDATION.md](VERSION_VALIDATION.md) |
 | Uniswap V3 math deep dive | [onchain/UNISWAP_V3_MATH.md](onchain/UNISWAP_V3_MATH.md) |
 | Technical appendix | [TECHNICAL_APPENDIX.md](TECHNICAL_APPENDIX.md) |
 | Harberger tax mechanics | [HARBERG.md](HARBERG.md) |
 ## References
 - Deployment history: `onchain/deployments-local.json`, `onchain/broadcast/`.
 - Deep dives: `TECHNICAL_APPENDIX.md`, `HARBERG.md`, and `onchain/UNISWAP_V3_MATH.md`.
--- a/CHANGELOG_VERSION_VALIDATION.md
+++ b/CHANGELOG_VERSION_VALIDATION.md
@ -1,264 +0,0 @@
 # Changelog: Version Validation System & Tax Rate Index Refactoring
 ## Date: 2025-10-07
 ## Summary
 This release implements a comprehensive version validation system to ensure contract-indexer-frontend compatibility and completes the tax rate index refactoring to eliminate fragile decimal lookups.
 ## Major Features
 ### 1. Version Validation System
 **Contract Changes:**
 - `onchain/src/Kraiken.sol`: Added `VERSION = 1` constant (line 28)
  - Public constant for runtime validation
  - Must be incremented for breaking changes to TAX_RATES, events, or data structures
 **kraiken-lib:**
 - `kraiken-lib/src/version.ts` (NEW): Central version tracking
  - `KRAIKEN_LIB_VERSION = 1`
  - `COMPATIBLE_CONTRACT_VERSIONS = [1]`
  - `isCompatibleVersion()` validation function
  - `getVersionMismatchError()` for detailed error reporting
 - `kraiken-lib/package.json`: Added `./version` export
 **Ponder Indexer:**
 - `services/ponder/src/helpers/version.ts` (NEW): Contract version validation
  - Reads `VERSION` from deployed contract at startup
  - Validates against `COMPATIBLE_CONTRACT_VERSIONS`
  - **Fails hard (exit 1)** on mismatch to prevent indexing wrong data
 - `services/ponder/src/kraiken.ts`: Integrated version check on first Transfer event
 - `services/ponder/ponder-env.d.ts`: Fixed permissions (chmod 666)
 **Frontend:**
 - `web-app/src/composables/useVersionCheck.ts` (NEW): Version validation composable
  - Validates `KRAIKEN_LIB_VERSION` loads correctly
  - Placeholder for future GraphQL-based 3-way validation
  - Warns (doesn't fail) on mismatch
 **CI/CD:**
 - `.github/workflows/validate-version.yml` (NEW): Automated version validation
  - Validates contract VERSION is in COMPATIBLE_CONTRACT_VERSIONS
  - Runs on PRs and pushes to master/main
  - Prevents merging incompatible versions
 **Documentation:**
 - `VERSION_VALIDATION.md` (NEW): Complete architecture and workflows
  - System architecture diagram
  - Version bump workflow
  - Troubleshooting guide
  - Maintenance guidelines
 ### 2. Podman Orchestration Fix
 **Problem:** Podman's dependency graph validator fails with "container not found in input list" errors when containers have `depends_on` metadata.
 **Solution:**
 - `podman-compose.yml`: Removed ALL `depends_on` declarations from:
  - bootstrap
  - ponder
  - webapp
  - landing
  - txn-bot
  - caddy
 - `scripts/dev.sh`: Implemented phased startup with explicit health checks:
  1. Create all containers (`podman-compose up --no-start`)
  2. Start anvil & postgres, wait for healthy
  3. Start bootstrap, wait for completion
  4. Start ponder, wait for healthy
  5. Start webapp/landing/txn-bot
  6. Start caddy
 **Result:** Stack starts reliably without dependency graph errors.
 ### 3. Tax Rate Index Refactoring (Completion)
 **Web App:**
 - `web-app/src/composables/useSnatchSelection.ts`:
  - Replaced `position.taxRate >= maxTaxRateDecimal` with `posIndex >= selectedTaxRateIndex`
  - Fixed test data to match index-based logic
 - `web-app/src/composables/usePositions.ts`:
  - Replaced decimal-based sorting with index-based sorting
  - Changed threshold calculation from average percentage to average index
 - `web-app/src/components/collapse/CollapseActive.vue`:
  - Changed low tax detection from decimal to index comparison
 - `web-app/src/views/GraphView.vue`: **DELETED** (dead code, 63 lines)
 **Ponder:**
 - `services/ponder/ponder.schema.ts`:
  - **CRITICAL FIX**: Import `TAX_RATE_OPTIONS` from kraiken-lib instead of hardcoded array
  - Added `taxRateIndex` column to positions table
  - Added index on `taxRateIndex` column
 - `services/ponder/src/stake.ts`:
  - Extract and store `taxRateIndex` from contract events
 **Tests:**
 - `kraiken-lib/src/tests/taxRates.test.ts`: Fixed Jest ES module compatibility
 - `kraiken-lib/jest.config.js` → `kraiken-lib/jest.config.cjs`: Renamed for CommonJS
 - `web-app/src/composables/__tests__/useSnatchSelection.spec.ts`: Fixed test data inconsistencies
 ## File Changes
 ### Added Files (7)
 1. `.github/workflows/validate-version.yml` - CI/CD validation
 2. `VERSION_VALIDATION.md` - Documentation
 3. `kraiken-lib/src/version.ts` - Version tracking
 4. `kraiken-lib/jest.config.cjs` - Jest config
 5. `services/ponder/src/helpers/version.ts` - Ponder validation
 6. `web-app/src/composables/useVersionCheck.ts` - Frontend validation
 7. `scripts/sync-tax-rates.mjs` - Tax rate sync script
 ### Deleted Files (2)
 1. `web-app/src/views/GraphView.vue` - Dead code
 2. `kraiken-lib/jest.config.js` - Replaced with .cjs
 ### Modified Files (29)
 1. `.gitignore` - Added test artifacts, logs, ponder state
 2. `CLAUDE.md` - Added Version Validation and Podman Orchestration sections
 3. `kraiken-lib/AGENTS.md` - Added version.ts to Key Modules
 4. `kraiken-lib/package.json` - Added ./version export
 5. `kraiken-lib/src/index.ts` - Export version validation functions
 6. `kraiken-lib/src/taxRates.ts` - Generated tax rates with checksums
 7. `kraiken-lib/src/tests/taxRates.test.ts` - Fixed Jest compatibility
 8. `onchain/src/Kraiken.sol` - Added VERSION constant
 9. `podman-compose.yml` - Removed all depends_on declarations
 10. `scripts/build-kraiken-lib.sh` - Updated build process
 11. `scripts/dev.sh` - Implemented phased startup
 12. `services/ponder/AGENTS.md` - Updated documentation
 13. `services/ponder/ponder-env.d.ts` - Fixed permissions
 14. `services/ponder/ponder.schema.ts` - Import from kraiken-lib, add taxRateIndex
 15. `services/ponder/src/kraiken.ts` - Added version validation
 16. `services/ponder/src/stake.ts` - Store taxRateIndex
 17. `tests/e2e/01-acquire-and-stake.spec.ts` - Test updates
 18. `web-app/README.md` - Documentation updates
 19. `web-app/env.d.ts` - Type updates
 20. `web-app/src/components/StakeHolder.vue` - Index-based logic
 21. `web-app/src/components/collapse/CollapseActive.vue` - Index comparison
 22. `web-app/src/components/fcomponents/FSelect.vue` - Index handling
 23. `web-app/src/composables/__tests__/useSnatchSelection.spec.ts` - Fixed tests
 24. `web-app/src/composables/useAdjustTaxRates.ts` - Index-based adjustments
 25. `web-app/src/composables/usePositions.ts` - Index-based sorting and threshold
 26. `web-app/src/composables/useSnatchSelection.ts` - Index-based filtering
 27. `web-app/src/composables/useStake.ts` - Index handling
 28-29. Various documentation and configuration updates
 ## Breaking Changes
 ### For Contract Deployments
 - **New VERSION constant must be present** in Kraiken.sol
 - Ponder will fail to start if VERSION is missing or incompatible
 ### For Ponder
 - **Schema migration required**: Add `taxRateIndex` column to positions table
 - **Database reset recommended**: Delete `.ponder/` directory before starting
 - **New import required**: Import TAX_RATE_OPTIONS from kraiken-lib
 ### For kraiken-lib Consumers
 - **New export**: `kraiken-lib/version` must be built
 - Run `./scripts/build-kraiken-lib.sh` to regenerate dist/
 ## Migration Guide
 ### Updating to This Version
 1. **Stop the stack:**
   ```bash
   ./scripts/dev.sh stop
   ```
 2. **Clean Ponder state:**
   ```bash
   rm -rf services/ponder/.ponder/
   ```
 3. **Rebuild kraiken-lib:**
   ```bash
   ./scripts/build-kraiken-lib.sh
   ```
 4. **Rebuild contracts (if needed):**
   ```bash
   cd onchain && forge build
   ```
 5. **Start the stack:**
   ```bash
   ./scripts/dev.sh start
   ```
 6. **Verify version validation:**
   ```bash
   podman logs harb_ponder_1 | grep "version validated"
   ```
   Should output: `✓ Contract version validated: v1 (kraiken-lib v1)`
 ### Future Version Bumps
 When making breaking changes to TAX_RATES, events, or data structures:
 1. **Increment VERSION in Kraiken.sol:**
   ```solidity
   uint256 public constant VERSION = 2;
   ```
 2. **Update COMPATIBLE_CONTRACT_VERSIONS in kraiken-lib/src/version.ts:**
   ```typescript
   export const KRAIKEN_LIB_VERSION = 2;
   export const COMPATIBLE_CONTRACT_VERSIONS = [2]; // Or [1, 2] for backward compat
   ```
 3. **Rebuild and redeploy:**
   ```bash
   ./scripts/build-kraiken-lib.sh
   rm -rf services/ponder/.ponder/
   cd onchain && forge script script/Deploy.s.sol
   ```
 ## Validation
 ### Unit Tests
 - ✅ kraiken-lib tests pass
 - ✅ web-app tests pass
 - ✅ Ponder codegen succeeds
 - ✅ onchain tests pass
 ### Integration Tests
 - ✅ Stack starts without dependency errors
 - ✅ Ponder validates contract version successfully
 - ✅ Ponder indexes events with taxRateIndex
 - ✅ GraphQL endpoint responds
 - ✅ Version validation logs appear in Ponder output
 ### Manual Verification
 ```bash
 # Check Ponder logs for version validation
 podman logs harb_ponder_1 | grep "version validated"
 # Output: ✓ Contract version validated: v1 (kraiken-lib v1)
 # Check contract VERSION
 cast call $KRAIKEN_ADDRESS "VERSION()" --rpc-url http://localhost:8545
 # Output: 1
 # Query positions with taxRateIndex
 curl -X POST http://localhost:42069/graphql \
  -d '{"query":"{ positions { id taxRateIndex taxRate } }"}'
 ```
 ## Known Issues
 None. All blocking issues resolved.
 ## Contributors
 - Claude Code (Anthropic)
 ## References
 - Full architecture: `VERSION_VALIDATION.md`
 - Podman orchestration: `CLAUDE.md` § Podman Orchestration
 - Tax rate system: `kraiken-lib/src/taxRates.ts`
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -1 +0,0 @@
 AGENTS.md
--- a/HARBERG.md
+++ b/HARBERG.md
@ -1,27 +1,16 @@
-# Harberg
+# Harberger (Stage 1)
-## product
+The foundation layer of the KRAIKEN protocol. A staking market balanced by the Harberger tax.
 A staking market balanced by the Harberger Tax.
-## token
+## Status: Complete
 $HRB is created when users buy more tokens and sell less from the uniswap pool (mainly from the liquidity position owned by the Harberg protocol)
-## staking
+Stage 1 established the core mechanisms now used by Stage 2 (KRAIKEN):
 users can stake tokens - up to 20% of the total supply. When supply increases (more people buy then sell) stakers will keep the total supply they staked. So 1% of staked total supply remains 1%.
 - **Token**: KRAIKEN (KRK) — minted on buys from the LiquidityManager's Uniswap V3 positions, burned on sells
 - **Staking**: Users stake tokens and declare a self-assessed tax rate. Stakers maintain percentage ownership of total supply as it grows.
 - **Snatching**: Any position can be taken by someone willing to pay a higher tax rate, creating a competitive prediction market for token value
 - **Tax collection**: Automated by the transaction bot (`services/txnBot/`)
-## landing
+## Evolution
 in the landing folder in this repository you find the front-end implementation.
-## contracts
+Stage 1's static liquidity strategy evolved into Stage 2's three-position dynamic strategy with OptimizerV3. The Harberger staking mechanism now serves as the sentiment oracle driving optimizer parameter selection. See [TECHNICAL_APPENDIX.md](TECHNICAL_APPENDIX.md) for details.
 in the onchain folder are the smart contracts implementing the token and the economy
 ## services 
 1 bot collecting taxes on old stakes and liquidate stakers if tax is not paid
 1 bot calling recenter on the liquidity provider contract
 ## subgraph
 - data backend for front-end for landing project
 ## hosting
 - crypto friendly
--- a/IMPLEMENTATION_SUMMARY.md
+++ b/IMPLEMENTATION_SUMMARY.md
@ -0,0 +1,233 @@
 # Ponder LM Indexing - Backend Metrics Implementation
 **Branch:** feat/ponder-lm-indexing  
 **Commit:** 3ec9bfb  
 **Date:** 2026-02-16
 ## Summary
 Successfully implemented backend indexing for three key protocol metrics:
 1. **ETH Reserve Growth (7d)** ✅
 2. **Floor Price per KRK** ✅  
 3. **Trading Fees (7d)** ⚠️ Infrastructure ready, awaiting implementation
 ## Changes Made
 ### 1. Schema Updates (`ponder.schema.ts`)
 #### Extended `stats` Table
 Added fields to track new metrics:
 ```typescript
 // 7-day ETH reserve growth metrics
 ethReserve7dAgo: bigint (nullable)
 ethReserveGrowthBps: int (nullable) // basis points
 // 7-day trading fees earned
 feesEarned7dEth: bigint (default 0n)
 feesEarned7dKrk: bigint (default 0n)
 feesLastUpdated: bigint (nullable)
 // Floor price metrics
 floorTick: int (nullable)
 floorPriceWei: bigint (nullable) // wei per KRK
 currentPriceWei: bigint (nullable)
 floorDistanceBps: int (nullable) // distance from floor in bps
 ```
 #### New Tables
 - **`ethReserveHistory`**: Tracks ETH balance over time for 7-day growth calculations
  - `id` (string): block_logIndex format
  - `timestamp` (bigint): event timestamp
  - `ethBalance` (bigint): ETH reserve at that time
 - **`feeHistory`**: Infrastructure for fee tracking (ready for Collect events)
  - `id` (string): block_logIndex format
  - `timestamp` (bigint): event timestamp
  - `ethFees` (bigint): ETH fees collected
  - `krkFees` (bigint): KRK fees collected
 ### 2. Handler Updates (`src/lm.ts`)
 #### New Helper Functions
 - **`priceFromTick(tick: number): bigint`**
  - Calculates price in wei per KRK from Uniswap V3 tick
  - Uses formula: `price = 1.0001^tick`
  - Accounts for WETH as token0 in the pool
  - Returns wei-denominated price for precision
 - **`calculateBps(newValue: bigint, oldValue: bigint): number`**
  - Calculates basis points difference: `(new - old) / old * 10000`
  - Used for growth percentages and distance metrics
 #### Updated Event Handlers
 **`EthScarcity` and `EthAbundance` Handlers:**
 1. **Record ETH Reserve History**
   - Insert ethBalance into `ethReserveHistory` table
   - Enables time-series analysis
 2. **Calculate 7-Day Growth**
   - Look back 7 days in `ethReserveHistory`
   - Find oldest record within window
   - Calculate growth in basis points
   - Updates: `ethReserve7dAgo`, `ethReserveGrowthBps`
 3. **Calculate Floor Price**
   - Uses `vwapTick` from event as floor tick
   - Converts to wei per KRK using `priceFromTick()`
   - Updates: `floorTick`, `floorPriceWei`
 4. **Calculate Current Price**
   - Uses `currentTick` from event
   - Converts to wei per KRK
   - Updates: `currentPriceWei`
 5. **Calculate Floor Distance**
   - Computes distance from floor in basis points
   - Formula: `(currentPrice - floorPrice) / floorPrice * 10000`
   - Updates: `floorDistanceBps`
 **`Recentered` Handler:**
 - Cleaned up: removed direct ETH balance reading
 - Now relies on EthScarcity/EthAbundance events for balance data
 - Maintains counter updates for recenter tracking
 ## Fee Tracking Status
 ### Current State: Infrastructure Ready ⚠️
 The fee tracking infrastructure is in place but **not yet populated** with data:
 - `feeHistory` table exists in schema
 - `feesEarned7dEth` and `feesEarned7dKrk` fields default to `0n`
 - `feesLastUpdated` field available
 ### Implementation Options
 Documented two approaches in code:
 #### Option 1: Uniswap V3 Pool Collect Events (Recommended)
 **Pros:**
 - Accurate fee data directly from pool
 - Clean separation of concerns
 **Cons:**
 - Requires adding UniswapV3Pool contract to `ponder.config.ts`
 - **Forces a full re-sync from startBlock** (significant downtime)
 **Implementation Steps:**
 1. Add pool contract to `ponder.config.ts`:
   ```typescript
   UniswapV3Pool: {
     abi: UniswapV3PoolAbi,
     chain: NETWORK,
     address: '<pool-address>',
     startBlock: selectedNetwork.contracts.startBlock,
   }
   ```
 2. Add handler for `Collect(address owner, int24 tickLower, int24 tickUpper, uint128 amount0, uint128 amount1)`
 3. Filter for LM contract as owner
 4. Record to `feeHistory` table
 5. Calculate 7-day rolling totals
 #### Option 2: Derive from ETH Balance Changes
 **Pros:**
 - No config changes needed
 - No resync required
 **Cons:**
 - Less accurate (hard to isolate fees from other balance changes)
 - More complex logic
 - Potential edge cases
 ### Recommendation
 **Wait for next planned resync** or **maintenance window** to implement Option 1 (Collect events). This provides the most accurate and maintainable solution.
 ## Verification
 All success criteria met:
 ✅ **Schema compiles** (valid TypeScript)  
 ```bash
 npm run build
 # ✓ Wrote ponder-env.d.ts
 ```
 ✅ **New fields added to stats**  
 - ethReserve7dAgo, ethReserveGrowthBps
 - feesEarned7dEth, feesEarned7dKrk, feesLastUpdated
 - floorTick, floorPriceWei, currentPriceWei, floorDistanceBps
 ✅ **EthScarcity/EthAbundance handlers updated**  
 - Record history to `ethReserveHistory`
 - Calculate 7-day growth
 - Calculate floor and current prices
 - Calculate floor distance
 ✅ **Fee tracking infrastructure**  
 - `feeHistory` table created
 - Fee fields in stats table
 - Documentation for implementation approaches
 ✅ **Git commit with --no-verify**  
 ```bash
 git log -1 --oneline
 # 3ec9bfb feat(ponder): add ETH reserve growth, floor price, and fee tracking metrics
 ```
 ✅ **Linting passes**  
 ```bash
 npm run lint
 # (no errors)
 ```
 ## Testing Recommendations
 1. **Deploy to staging** and verify:
   - `ethReserveHistory` table populates on Scarcity/Abundance events
   - 7-day growth calculates correctly after 7 days of data
   - Floor price calculations match expected values
   - Current price tracks tick movements
 2. **API Integration:**
   - Query `stats` table for dashboard metrics
   - Use `ethReserveHistory` for time-series charts
   - Monitor for null values in first 7 days (expected)
 3. **Future Fee Implementation:**
   - Plan maintenance window for resync
   - Test Collect event handler on local fork first
   - Verify fee calculations match pool data
 ## Technical Notes
 ### Price Calculation Details
 - **Formula:** `price = 1.0001^tick`
 - **Token Order:** WETH (0x4200...0006) < KRK (0xff196f...) → WETH is token0
 - **Conversion:** Price in KRK/WETH → invert to get wei per KRK
 - **Precision:** Uses `BigInt` for wei-level accuracy, floating point only for tick math
 ### 7-Day Lookback Strategy
 - **Simple approach:** Query `ethReserveHistory` for oldest record ≥ 7 days ago
 - **Performance:** Acceptable given low event volume (~50-200 recenters/week)
 - **Edge case:** Returns `null` if less than 7 days of history exists
 ### Data Consistency
 - Both EthScarcity and EthAbundance handlers implement identical logic
 - Ensures consistent metrics regardless of recenter direction
 - History records use `block_logIndex` format for unique IDs
 ## Files Modified
 - `/home/debian/harb/services/ponder/ponder.schema.ts` (+50 lines)
 - `/home/debian/harb/services/ponder/src/lm.ts` (+139 lines, -32 lines)
 **Total:** +157 lines, comprehensive implementation with documentation.
 ---
 **Status:** ✅ Ready for staging deployment  
 **Next Steps:** Monitor metrics in staging, plan fee implementation during next maintenance window
--- a/README.md
+++ b/README.md
@ -1,39 +1,113 @@
-$HRB is a gig to become successful in DeFi. It is a protocol that implements the fairest ponzi in the world. 
+# KRAIKEN
-This repository structures our approach and manages our collaboration to achieve this goal.
+The fairest ponzi in the world.
 KRAIKEN is a DeFi protocol that couples Harberger-tax staking with a dominant Uniswap V3 liquidity manager. The result: asymmetric slippage, sentiment-driven pricing, and VWAP-based price memory that protects the protocol from exploitation.
-## Project Milestones
+Deployed on [Base](https://base.org).
-The fairest ponzi in the world will be launched in 3 stages, each representing a more advanced version of the previous one.
+## The Three Stages
-1. [Harberg](HARBERG.md) - a staking market and an speculative laverage platform.
+1. **Harberger** — A staking market balanced by the Harberger tax. *Complete.*
-2. KrAIken - Harberg, but token issuance is governed by an automated liquidity manager.
+2. **KRAIKEN** — Token issuance governed by an automated liquidity manager. *Current stage.*
-3. SoverAIgns - KrAIKen, but the liquidity manager is augmented by AI and deliveres outlandish performance
+3. **SoverAIgns** — The liquidity manager augmented by AI for outlandish performance. *Future.*
 ## How It Works
-## Project Values and Organization
+### Three-Position Liquidity Strategy
 - the core value and mantra of the project is: **ship, ship,** :ship:
 - delivery is valued highest and goes over quality or communication
 - if you see work, do it. most likely every-one but you will lose interest in the project, and you will deliver it by yourself. work this way, take responsibility for everything. document everything methodically in this repository, use .md files, commits, issues(feature request, support issue), and pull requests. if other people still follow this repository collaboration will emerge, and duplication of work will be avoided automatically.
 - **no structured communication outside of this repository** is relevant for the success, nor will it be rewarded.
-### open questions
+The LiquidityManager maintains three Uniswap V3 positions simultaneously:
 - multisig? keyholders?
 - payout, shares?
-## Revenue Sources
+- **Anchor** — Shallow liquidity near the current price. Fast price discovery, high slippage for attackers.
- the tax paid by the stakers will be forwarded to the multisig
+- **Discovery** — Medium liquidity bordering the anchor. The fee capture zone.
- the liquidity manager contract will collect all liquidity fees and forward them to the multisig
+- **Floor** — Deep liquidity at VWAP-adjusted distance. Price memory that protects against whale dumps.
 - at launch of each stage of the project the keyholders will invest a share of the [multisig]() holdings and coordinate to sell at a favorable time. all profits from all sales are the multisigs profits.
-## Timeline
+Any round-trip trade (buy → recenter → sell) pays disproportionate slippage costs twice, making manipulation unprofitable.
 it would be great if we can launch stage 1 or even 2 for DevCon.
 ### Harberger Tax Sentiment Oracle
-## Kick-off Call Harberg
+Stakers self-assess tax rates on their positions. Higher tax = higher confidence. Positions can be snatched by anyone willing to pay more. This creates a continuous prediction market for token sentiment.
 Agenda
 ### OptimizerV3
- [design doc](https://hackmd.io/JvxEI0fnR_uZsIrrBm95Qw)
+Reads staking data (% staked, average tax rate) and outputs a binary bear/bull configuration:
- [Liquidity Provisioning in KRAIKEN](https://hackmd.io/yNiN3TyETT2A1uwQVGYiSA)
+
 - **Bear** (~94% of state space): AS=30%, AW=100, CI=0, DD=0.3e18 — protective
 - **Bull** (>91% staked, low tax): AS=100%, AW=20, CI=0, DD=1e18 — aggressive fee capture
 The binary step avoids the AW 40-80 kill zone where intermediate parameters are exploitable.
 ### VWAP Floor Defense
 The floor position uses volume-weighted average price with directional recording (buys only). During sell pressure, the VWAP-to-price distance grows, making the floor resist walkdown. This gives the protocol "eternal memory" against dormant whale attacks.
 ## Tech Stack
 | Component | Technology | Location |
 |-----------|-----------|----------|
 | Smart Contracts | Solidity, Foundry | `onchain/` |
 | Indexer | Ponder (TypeScript) | `services/ponder/` |
 | Staking App | Vue 3, Vite, Wagmi | `web-app/` |
 | Landing Page | Vue 3, Vite | `landing/` |
 | Automation Bot | Node.js, Express | `services/txnBot/` |
 | Shared Library | TypeScript | `kraiken-lib/` |
 | Block Explorer | Otterscan | Docker service |
 | Reverse Proxy | Caddy | Docker service |
 ## Repository Structure
 ```
 harb/
 ├── onchain/           # Solidity contracts, tests, deployment scripts, analysis
 │   ├── src/           # Core: Kraiken, Stake, LiquidityManager, OptimizerV3
 │   ├── test/          # Foundry test suite
 │   ├── script/        # Deployment scripts
 │   └── analysis/      # Fuzzing, parameter sweeps, security review
 ├── services/
 │   ├── ponder/        # Blockchain indexer → GraphQL API
 │   └── txnBot/        # recenter() + payTax() automation
 ├── web-app/           # Staking dashboard (Vue 3)
 ├── landing/           # Marketing site (Vue 3)
 ├── kraiken-lib/       # Shared TypeScript helpers and ABIs
 ├── tests/e2e/         # Playwright end-to-end tests
 ├── scripts/           # Dev environment, CI bootstrap, utilities
 ├── docker/            # CI Dockerfiles
 ├── containers/        # Entrypoints, Caddyfile
 └── docs/              # Deployment runbook, Docker guide
 ```
 ## Quick Start
 ```bash
 # Prerequisites: Docker Engine (Linux) or Colima (Mac)
 # See docs/docker.md for installation
 nohup ./scripts/dev.sh start &    # Start full stack (~3-6 min first time)
 tail -f nohup.out                  # Watch progress
 ./scripts/dev.sh health            # Verify all services healthy
 ```
 Access points (via Caddy on port 8081):
 - Landing: http://localhost:8081/
 - Staking app: http://localhost:8081/app/
 - GraphQL: http://localhost:8081/api/graphql
 ## Contracts (Base Mainnet)
 | Contract | Address |
 |----------|---------|
 | Kraiken | `0x45caa5929f6ee038039984205bdecf968b954820` |
 | Stake | `0xed70707fab05d973ad41eae8d17e2bcd36192cfc` |
 | LiquidityManager | `0x7fd4e645ce258dd3942eddbeb2f99137da8ba13b` |
 ## Documentation
 - [AGENTS.md](AGENTS.md) — Development guide and operational reference
 - [TECHNICAL_APPENDIX.md](TECHNICAL_APPENDIX.md) — Deep technical analysis of protocol mechanics
 - [docs/DEPLOYMENT_RUNBOOK.md](docs/DEPLOYMENT_RUNBOOK.md) — Production deployment guide
 - [onchain/UNISWAP_V3_MATH.md](onchain/UNISWAP_V3_MATH.md) — Uniswap V3 math reference
 - [onchain/analysis/SECURITY_REVIEW.md](onchain/analysis/SECURITY_REVIEW.md) — Security analysis and fuzzing results
 ## License
 GPL-3.0-or-later
--- a/RESOURCES.md
+++ b/RESOURCES.md
@ -0,0 +1,42 @@
 # RESOURCES.md — Project Capability Inventory
 ## evolution
 - type: compute
 - capability: run harb agents (dev, review, action, gardener, planner, predictor, supervisor), run formulas (red-team, evolution, holdout, user-test)
 - agents: dev, review, action, gardener, supervisor, planner, predictor
 - ram: 8GB
 - note: dedicated to harb — all agent and formula workloads run here
 - dispatch: file an issue with the `action` label. The action-poll picks it up and runs the referenced formula. See `formulas/*.toml` in this repo for available formulas.
 - constraint: only one formula can run at a time (port 8545 shared by red-team, evolution, holdout, user-test). Dev agents run concurrently with formulas.
 ## codeberg-johba
 - type: source-control
 - capability: host repo, issue tracker, PR workflow, API access
 - repo: johba/harb
 - note: owner account
 ## codeberg-disinto-bot
 - type: source-control
 - capability: review PRs, merge PRs, push branches
 - repo: johba/harb
 - note: bot account, push+pull permissions, no admin
 ## woodpecker-ci
 - type: ci
 - capability: run pipelines on PR and push events, docker backend
 - note: hosted on harb-staging, triggers via Codeberg webhook
 ## base-mainnet-rpc
 - type: infrastructure
 - capability: Base L2 mainnet access for on-chain queries, event logs, pool data
 - env: INFURA_API_KEY
 - note: used by evidence formulas (red-team, evolution)
 ## Available formulas (this repo)
 - run-red-team.toml — adversarial attack suite against the optimizer
 - run-evolution.toml — Push3 evolution pipeline, mutate and select optimizer candidates
 - run-holdout.toml — holdout evaluation of evolved candidates
 - run-user-test.toml — simulated user interaction testing
 - run-resources.toml — collect disk/RAM/API usage metrics
 - run-protocol.toml — query on-chain protocol health (TVL, fees, positions)
 - dispatch: create an issue with `action` label, body references the formula name
--- a/STATE.md
+++ b/STATE.md
@ -0,0 +1,55 @@
 # STATE.md — What harb currently is and does
 - [2026-03-13] Evolution pipeline works end-to-end: Push3 → transpile → compile → revm fitness evaluation → selection (#665)
 - [2026-03-13] Diverse seed generation for evolution population (#656)
 - [2026-03-13] Crossover operator for Push3 programs (#657)
 - [2026-03-13] Elitism preserves top N candidates unchanged across generations (#643)
 - [2026-03-13] Gas limit as evolutionary fitness pressure (#645)
 - [2026-03-13] Default bear outputs for crashed/broken Push3 programs (#651)
 - [2026-03-13] Normalized inputs for Push3 optimizer (0..1e18 indicators) (#649)
 - [2026-03-13] Bootstrap VWAP with seed trade during deployment (#633)
 - [2026-03-13] e2e tests skip for tools-only and docs-only PRs (#641)
 - [2026-03-13] Issue templates for bug, feature, push3-seed, refactor (#678)
 - [2026-03-13] revm fitness evaluator with UUPS bypass and graceful attack ops (#629)
 - [2026-03-12] Dark factory: dev-agent, review-agent, supervisor with cron */10 staggered
 - [2026-03-12] CI: single build-and-test pipeline + e2e with path filtering
 - [2026-03-12] Ponder indexing: transfers, mints, burns, staking, protocol stats
 - [2026-03-12] Landing page with LiveStats, WalletCard, contract addresses
 - [2026-03-12] Staking app with position dashboard and P&L tracking
 - [2026-03-12] OptimizerV3 with Push3 transpiler output injection
 - [2026-03-12] Three-position strategy: Floor, Anchor, Discovery
 - [2026-03-12] VWAPTracker for price oracle
 - [2026-03-12] Harberger tax staking mechanism
 - [2026-03-13] LLM seed — Momentum Follower optimizer (#695)
 - [2026-03-14] evolve.sh auto-incrementing per-run results directory (#752)
 - [2026-03-14] EVAL_MODE now defaults to revm (#751)
 - [2026-03-14] LLM seed — Defensive Floor Hugger optimizer (#672)
 - [2026-03-14] evolve.sh stale tmpdirs break subsequent runs (#750)
 - [2026-03-14] evolve.sh silences all batch-eval errors with 2>/dev/null (#749)
 - [2026-03-14] evolution-daemon.sh — perpetual evolution loop on DO box (#748)
 - [2026-03-14] No mainnet VWAP bootstrap runbook (#728)
 - [2026-03-14] fitness.sh individual-scoring path still silences errors (#766)
 - [2026-03-14] bootstrap.sh anvil_setCode guard now targets correct feeDest 0xf6a3... (#760)
 - [2026-03-14] llm_contrarian.push3 AW=150/250 clamped to 100 — three rounds unaddressed (#756)
 - [2026-03-14] bootstrap.sh hardcodes BASE_SEPOLIA_LOCAL_FORK even on mainnet forks (#746)
 - [2026-03-14] remove MAX_ANCHOR_WIDTH clamp in ThreePositionStrategy (#783)
 - [2026-03-15] re-add MAX_ANCHOR_WIDTH=1233 guard at LiquidityManager call site; anchorWidth clamped before _setPositions, independent of Optimizer (#817)
 - [2026-03-14] increase CALCULATE_PARAMS_GAS_LIMIT from 200k to 500k (#782)
 - [2026-03-15] add evolution run 8 champion to seed pool (#781)
 - [2026-03-15] fix FitnessEvaluator.t.sol broken on Base mainnet fork (#780)
 - [2026-03-15] No generic flag dispatch: only `token_value_inflation` is ever zero-rated (#723)
 - [2026-03-15] `llm`-origin entries in manifest have null fitness and no evaluation path (#724): evaluate-seeds.sh scores null-fitness seeds and writes results back to manifest.jsonl
 - [2026-03-15] manifest.jsonl schema has no canonical machine-readable definition (#720)
 - [2026-03-15] CID format change silently drops historical generation JSONL on re-admission (#757): warn on unrecognised CID format instead of silently skipping
 - [2026-03-15] evolve.sh does not write `note` field — schema drift between hand-written and evolved entries (#719): auto-generate note "Evolved from <seed> (run<N> gen<G>)" for every admitted entry
 - [2026-03-15] No-op varCounter assignment before false branch in processExecIf (#655)
 - [2026-03-15] Old-format CIDs are warned but still silently dropped from the pool (#801): legacy CID warning made explicit (migration not supported), CID format contract documented in comment
 - [2026-03-15] red-team.sh and export-attacks.py use Base Sepolia addresses labeled as mainnet (#794): replace Sepolia SWAP_ROUTER and V3_FACTORY with correct Base mainnet addresses; add Basescan source-link comments
 - [2026-03-15] evo_run007_champion.push3 always returns fixed params regardless of staking (#791)
 - [2026-03-15] evo_run007_champion.push3 note has same CI/DD inversion (#790)
 - [2026-03-15] txnBot AGENTS.md ENVIRONMENT enum is stale (#784)
 - [2026-03-20] Adoption milestone state ambiguity in MEMORY.md (#1068)
 - [2026-03-20] OptimizerV3Push3 as IOptimizer always returns bear defaults — integration risk (#1063)
 - [2026-03-20] implement evidence/resources and evidence/protocol logging (#1059): formulas/run-resources.toml (disk/RAM/API/CI sense formula, daily cron 06:00 UTC) and formulas/run-protocol.toml (TVL/fees/positions/rebalances sense formula, daily cron 07:00 UTC); evidence/resources/ and evidence/protocol/ directories; schemas in evidence/README.md
 - [2026-03-21] Optimizer and OptimizerV3 lack _disableInitializers() in constructor (#1055)
 - [2026-03-21] evolution formula must commit results via PR before closing (#1047)
--- a/TECHNICAL_APPENDIX.md
+++ b/TECHNICAL_APPENDIX.md
@ -1,6 +1,6 @@
 # Technical Appendix
-This document provides detailed technical analysis and implementation details for the KRAIKEN protocol's core innovations. For a high-level overview, see AGENTS.md.
+This document provides detailed technical analysis and implementation details for the KRAIKEN protocol's core innovations. For a high-level overview, see [README.md](README.md).
 ## Asymmetric Slippage Strategy
@ -51,11 +51,24 @@ Double-overflow scenarios requiring >1000x compression would need:
 - **Conclusion**: 1000x compression limit provides adequate protection against realistic scenarios
 ### Implementation Details
-**FLOOR Position Calculation:**
+**FLOOR Position Calculation (Unified Formula):**
 ```
-FLOOR_PRICE = VWAP_PRICE * (0.7 + CAPITAL_INEFFICIENCY)
+floorTick = max(scarcityTick, mirrorTick, clampTick) toward KRK-cheap side
 ```
 Three signals determine the floor:
 - **scarcityTick**: derived from `vwapX96` and ETH/supply ratio. Dominates when ETH is scarce.
 - **mirrorTick**: `currentTick + |adjustedVwapTick - currentTick|` on KRK-cheap side. Reflects VWAP distance symmetrically. During sell pressure the mirror distance grows, resisting floor walkdown.
 - **clampTick**: minimum distance from anchor edge. `anchorSpacing = 200 + (34 × 20 × AW / 100)` ticks.
 **VWAP Mirror Defense:**
 - During sell-heavy trading, the current tick drops but VWAP stays higher, so mirror distance *grows* — floor naturally resists being walked down.
 - CI controls mirror distance through `getAdjustedVWAP(CI)` with no magic numbers. CI=0% is safest (proven zero effect on fee revenue).
 **Directional VWAP Recording:**
 - VWAP only records on ETH inflow (buys into the LM), preventing attackers from diluting VWAP with sells.
 - `shouldRecordVWAP` compares `lastRecenterTick` to current tick to detect direction.
 **Protection Mechanism:**
 - VWAP provides "eternal memory" of historical trading activity
 - Compression algorithm ensures memory persists even under extreme volume
@ -76,26 +89,26 @@ FLOOR_PRICE = VWAP_PRICE * (0.7 + CAPITAL_INEFFICIENCY)
 - **Average Tax Rate**: Weighted average of all staking tax rates
 - **Tax Rate Distribution**: Spread of tax rates across stakers
-### Optimizer Integration
+### OptimizerV3 Integration
-**Sentiment Analysis:**
+**Direct 2D Binary Mapping (no intermediate score):**
-```solidity
+
-function getLiquidityParams() returns (
+OptimizerV3 reads `percentageStaked` and `averageTaxRate` from the Stake contract and maps them directly to one of two configurations:
-    uint256 capitalInefficiency,
+
-    uint256 anchorShare,
+- `staked ≤ 91%` → always **BEAR**: AS=30%, AW=100, CI=0, DD=0.3e18
-    uint24 anchorWidth,
+- `staked > 91%` → **BULL** if `deltaS³ × effIdx / 20 < 50`: AS=100%, AW=20, CI=0, DD=1e18
-    uint256 discoveryDepth
+
-) {
+The binary step avoids the AW 40-80 kill zone where intermediate parameters are exploitable. Bull requires >91% staked with low enough tax; any decline snaps to bear instantly.
-    // Analyze staking data to determine optimal liquidity parameters
+
-    // Higher confidence (tax rates) → more aggressive positioning
+**Parameter Safety (proven via 1050-combo 4D sweep):**
-    // Lower confidence → more conservative positioning
+- CI=0% always (zero effect on fee revenue, maximum protection)
-}
+- Fee revenue is parameter-independent (~1.5 ETH/cycle across all combos)
-```
+- Safety comes entirely from the AS×AW configuration
 ### Economic Incentives
 - **Tax Revenue**: Funds protocol operations and incentivizes participation
 - **Staking Benefits**: Percentage ownership of total supply (rather than fixed token amounts)
 - **Prediction Market**: Tax rates create market-based sentiment signals
- **Liquidity Optimization**: Sentiment data feeds into dynamic parameter adjustment
+- **Liquidity Optimization**: Sentiment data feeds into binary bear/bull parameter selection
 ## Position Dependencies Technical Details
@ -130,7 +143,7 @@ function getLiquidityParams() returns (
 ### Key Contracts
 - **LiquidityManager.sol**: Core three-position strategy implementation
 - **VWAPTracker.sol**: Historical price memory and compression algorithm
- **Optimizer.sol**: Sentiment analysis and parameter optimization
+- **OptimizerV3.sol**: Sentiment-driven binary bear/bull parameter selection (UUPS upgradeable)
 - **Stake.sol**: Harberger tax mechanism and sentiment data collection
 ### Analysis Tools
@ -139,5 +152,6 @@ function getLiquidityParams() returns (
 - **Scenario Visualization**: Tools for understanding liquidity dynamics
 ### Related Documentation
- **AGENTS.md**: High-level overview and development guidance
+- **README.md**: Project overview
 - **AGENTS.md**: Development and operational guidance
 - **`/onchain/analysis/README.md`**: Detailed analysis tool usage
--- a/USERTEST-REPORT-V2.md
+++ b/USERTEST-REPORT-V2.md
@ -0,0 +1,121 @@
 # Kraiken User Test Report v2
 **Date:** 2026-02-14  
 **Branch:** `feat/ponder-lm-indexing`  
 **Stack:** Local fork (Anvil + Bootstrap + Ponder + Web-app + Landing)
 ## Executive Summary
 Two test suites targeting distinct user funnels:
 - **Test A (Passive Holder):** 9/9 passed ✅ — Landing page → Get KRK → Return value
 - **Test B (Staker):** 7/12 passed (3 stake execution timeouts, 2 skipped) — Staking UI evaluation + docs audit
 The tests surface **actionable UX friction** across both funnels. Core finding: **the passive holder funnel converts degens but loses newcomers and yield farmers.**
 ---
 ## Test A: Passive Holder Journey
 ### Tyler — Retail Degen ("sell me in 30 seconds")
 | Metric | Result |
 |--------|--------|
 | Would buy | ✅ Yes |
 | Would return | ❌ No |
 | Friction | Landing page is one-time conversion, no repeat visit value |
 **Key insight:** Degens convert on first visit but have no reason to come back. The landing page needs live stats or a reason to revisit.
 ### Alex — Newcomer ("what even is this?")
 | Metric | Result |
 |--------|--------|
 | Would buy | ❌ No |
 | Would return | ❌ No |
 | Friction | No beginner explanation, no trust signals, no step-by-step guide, unclear value prop |
 **Key insight:** Newcomers bounce. The landing page assumes crypto literacy. Needs: "What is this?" section, social proof, getting started guide.
 ### Sarah — Yield Farmer ("is this worth my time?")
 | Metric | Result |
 |--------|--------|
 | Would buy | ❌ No |
 | Would return | ❌ No |
 | Friction | No APY/yield display, no risk indicators, no audit info, can't verify liquidity, no monitoring tools |
 **Key insight:** Yield farmers need numbers upfront. Without APY estimates, risk metrics, or audit credentials, they won't invest time to understand the protocol.
 ---
 ## Test B: Staker Journey
 ### Priya — Institutional ("show me the docs")
 **Steps completed:** Setup ✅, Documentation audit ✅, UI quality ✅, Stake execution ⏱ (timeout)
 **Documentation Audit:**
 - ✅ Documentation link visible
 - ✅ Found 5 contract addresses — can verify on Etherscan
 - ⚠ No copy button for addresses — minor friction
 - ✅ Audit report accessible
 - ⚠ Protocol parameters not displayed
 - ⚠ No source code link (Codeberg/GitHub)
 **UI Quality:**
 - ✅ Found 39 precise numbers — good data quality
 - ⚠ No indication if data is live or stale
 - ✅ Input validation present
 - ✅ Clear units on all values
 ### Marcus — Degen/MEV ("where's the edge?")
 **Steps completed:** Setup ✅, Interface analysis ✅, Stake execution ⏱ (timeout)
 ### Sarah — Yield Farmer ("what are the risks?")
 **Steps completed:** Setup ✅, Risk evaluation ✅, Stake execution ⏱ (timeout)
 **Note:** Stake execution tests timeout because the test wallet interaction (fill amount → select tax → click stake) doesn't match the actual UI component structure. This is a test scaffolding issue, not a UX issue.
 ---
 ## Findings by Priority
 ### 🔴 Critical (Blocking Conversion)
 1. **No APY/yield indicator on landing page** — Yield farmers and passive holders need a number to anchor on. Even "indicative rate" or "protocol performance" would help.
 2. **No beginner explanation** — Newcomers have zero context. Need a "What is Kraiken?" section in plain English.
 3. **Landing page is one-time only** — No reason to return after first visit. Protocol Health section exists but needs real data.
 ### 🟡 Important (Reduces Trust)
 4. **No audit/security credentials visible** — Sarah and Priya both flagged this. Link to audit report, bug bounty, or security practices.
 5. **No source code link** — Institutional users want to verify. Link to Codeberg repo.
 6. **Data freshness unclear** — Priya noted: "No indication if data is live or stale." Add timestamps or "live" indicators.
 7. **No copy button for contract addresses** — Minor but Priya flagged it for verification workflow.
 ### 🟢 Nice to Have
 8. **Protocol parameters not displayed** — Advanced users want to see CI, AS, AW values.
 9. **Step-by-step getting started guide on landing** — Exists on docs but not on landing page.
 10. **Social proof / community links** — Tyler would convert faster with Discord/Twitter presence visible.
 ---
 ## Recommendations
 ### For Passive Holders (Landing Page)
 1. Add **indicative APY** or protocol performance metric (even with disclaimer)
 2. Add "What is Kraiken?" explainer in 2-3 sentences for newcomers  
 3. Make Protocol Health section show **live data** (holder count, ETH reserve, supply growth)
 4. Add **trust signals**: audit link, team/project background, community links
 5. Add "Last updated" timestamps to stats
 ### For Stakers (Web App)
 1. Add **copy button** next to contract addresses
 2. Add **data freshness indicator** (live dot, last updated timestamp)
 3. Link to **source code** (Codeberg repo)
 4. Display **protocol parameters** (current optimizer settings)
 ### For Both
 1. The ProtocolStatsCard component was built (commit `a0aca16`) but needs integration into the landing page with real Ponder data
 2. Bootstrap V3 swap is broken (sqrtPriceLimitX96=0 gives empty swap) — not blocking for mainnet but blocks local testing
 ---
 ## Test Infrastructure Notes
 - **buyKrk helper** uses direct KRK transfer from deployer (Anvil #0) — V3 pool swap broken on local fork due to pool initialization at min tick
 - **Stake execution tests** need UI component alignment — test expects `getByLabel(/staking amount/i)` but actual component may use different structure
 - **Chain snapshots** work correctly for state isolation between personas
 - **Test A is fully stable** and can be run as regression
--- a/VERSION_VALIDATION.md
+++ b/VERSION_VALIDATION.md
@ -9,7 +9,7 @@ The Kraiken protocol now includes a **version validation system** that ensures a
 ```
 ┌─────────────────────────────────────┐
 │  Kraiken.sol                        │
-│  uint256 public constant VERSION=1  │  ← Source of Truth
+│  uint256 public constant VERSION=2  │  ← Source of Truth
 └──────────────┬──────────────────────┘
               │ read at startup
               ▼
@ -42,8 +42,8 @@ contract Kraiken is ERC20, ERC20Permit {
     * @notice Protocol version for data structure compatibility.
     * Increment when making breaking changes to TAX_RATES, events, or core data structures.
     */
-    uint256 public constant VERSION = 1;
+    uint256 public constant VERSION = 2;
-    
+
    // ...
 }
 ```
@ -58,9 +58,9 @@ contract Kraiken is ERC20, ERC20Permit {
 **File:** `kraiken-lib/src/version.ts`
 ```typescript
-export const KRAIKEN_LIB_VERSION = 1;
+export const KRAIKEN_LIB_VERSION = 2;
-export const COMPATIBLE_CONTRACT_VERSIONS = [1];
+export const COMPATIBLE_CONTRACT_VERSIONS = [1, 2];
 export function isCompatibleVersion(contractVersion: number): boolean {
  return COMPATIBLE_CONTRACT_VERSIONS.includes(contractVersion);
@ -124,28 +124,20 @@ export function useVersionCheck() {
 ### 5. CI/CD Validation
-**File:** `.github/workflows/validate-version.yml`
+**File:** `.woodpecker/release.yml` (version-check step)
-```yaml
+The Woodpecker release pipeline validates version consistency on tagged releases. The `version-check` step:
- name: Extract versions and validate
+1. Builds kraiken-lib (including `sync-tax-rates.mjs`)
-  run: |
+2. Runs an inline Node.js script that:
-    CONTRACT_VERSION=$(grep -oP 'VERSION\s*=\s*\K\d+' onchain/src/Kraiken.sol)
+   - Extracts `VERSION` from `Kraiken.sol`
-    LIB_VERSION=$(grep -oP 'KRAIKEN_LIB_VERSION\s*=\s*\K\d+' kraiken-lib/src/version.ts)
+   - Extracts `KRAIKEN_LIB_VERSION` and `COMPATIBLE_CONTRACT_VERSIONS` from `kraiken-lib/src/version.ts`
-    COMPATIBLE=$(grep -oP 'COMPATIBLE_CONTRACT_VERSIONS\s*=\s*\[\K[^\]]+' kraiken-lib/src/version.ts)
+   - Fails if contract VERSION differs from lib VERSION
-    
+   - Fails if contract VERSION is not in COMPATIBLE_CONTRACT_VERSIONS
    if echo ",$COMPATIBLE," | grep -q ",$CONTRACT_VERSION,"; then
      echo "✓ Version sync validated"
    else
      exit 1
    fi
 ```
-**Triggered on:**
+**Triggered on:** tag events (releases)
 - PRs touching `Kraiken.sol` or `version.ts`
 - Pushes to `master`/`main`
 **Prevents:**
- Merging incompatible versions
+- Releasing with incompatible versions
 - Deploying with stale kraiken-lib
 ## Workflows
--- a/VISION.md
+++ b/VISION.md
@ -0,0 +1,61 @@
 # VISION.md — What "done" looks like
 ## What is harb
 A DeFi protocol with a price-floor-backed token (KRK), governed by an AI-evolved optimizer that manages liquidity positions on Uniswap V3. Three user funnels: passive holders (buy and hold a floor-backed asset), stakers (leveraged directional exposure via Harberger tax as sentiment oracle), and competitors (snatch underpriced stakes for profit). The optimizer evolves through Push3 evolution and red-team adversarial testing.
 ## North star
 Get live, learn from the market. The primary goal is having a real protocol with real users generating real data — not perfecting things in isolation. Everything else follows from that.
 This project is AI-operated. Development, review, deployment, community support, analytics — all run by agents with minimal human escalation. The human sets direction and makes judgment calls. The machines handle execution, quality, and day-to-day operations. A high-quality project with a solid roadmap and growing community, delivered by an autonomous factory.
 ## Phase 1 — Quality gate & release pipeline
 Before anything goes live, build confidence that the product works:
 - **E2E quality gate**: automated tests covering every button, every page, desktop + mobile + all major browsers
 - **Conversion funnel verification**: landing → Uniswap swap → staking app flow is smooth and measurable
 - **Release pipeline**: fast, repeatable releases for frontend/backend updates. Contracts are immutable except the optimizer (upgradeable via UUPS).
 - **Reusable for every release** — the quality gate runs on every deploy, not just launch
 ## Phase 2 — Coordinated launch
 Not a soft launch. A planned, date-specific event:
 - **Pre-launch**: create a pitch deck / PDF explaining the protocol to influencers — what KRK is, how to buy, how to stake, what the floor means
 - **Influencer outreach**: coordinate with crypto influencers to amplify on the same date. They buy supply, stake, and market to their audience simultaneously.
 - **Launch day**: deploy LiquidityManager, register token, create Uniswap pool. Coordinated influencer push creates initial volume → price action → organic discovery.
 - **Goal**: broad base of holders from day one, not a slow trickle
 ## Phase 3 — Operations
 Post-launch, the project needs sustained operations:
 - **Analytics**: measure churn on landing page and staking page, track conversion funnel, user feedback loops
 - **Fast iteration**: regular releases to fix issues, ship improvements based on user feedback
 - **Influencer waves**: organize repeat coordinated pushes — influencers combine forces to create new bull cycles in the protocol
 - **Community**: Discord (or similar) with:
  - AI support bots trained on the protocol (help users swap, stake, understand the floor)
  - Sentiment monitoring + regular community health reports
  - Direct feedback channel to dev team
 - **Optimizer governance**: release new evolved optimizers, eventually create a staker voting system for decentralized community-selected optimizer upgrades
 - **txnBot**: automated on-chain operations — recenter triggers, protocol health monitoring, transaction execution
 ## What we're NOT building
 - No governance token (KRK is the token, staking IS governance exposure)
 - No cross-chain (Base only for now)
 - No yield farming / liquidity mining incentives
 - No centralized exchange listings (Uniswap is the market)
 - No mobile app (responsive web only)
 ## What "launched" means (minimum)
 1. Quality gate passes on landing + staking app (desktop + mobile)
 2. Pitch deck exists and is reviewed
 3. At least 3 influencers committed to launch day
 4. LiquidityManager deployed on Base mainnet
 5. KRK token registered, Uniswap pool created and funded
 6. Analytics in place (basic funnel tracking)
 7. Community channel open with at least one support bot
--- a/containers/Caddyfile
+++ b/containers/Caddyfile
@ -3,6 +3,7 @@
    reverse_proxy webapp:5173
  }
  route /api/graphql* {
    header Cache-Control "public, max-age=5"
    uri strip_prefix /api
    reverse_proxy ponder:42069
  }
@ -17,5 +18,9 @@
    uri strip_prefix /api/txn
    reverse_proxy txn-bot:43069
  }
  route /analytics* {
    uri strip_prefix /analytics
    reverse_proxy umami:3000
  }
  reverse_proxy landing:5174
 }
--- a/containers/anvil-entrypoint.sh
+++ b/containers/anvil-entrypoint.sh
@ -2,7 +2,25 @@
 set -euo pipefail
 MNEMONIC_FILE=/workspace/onchain/.secret.local
-ANVIL_CMD=(anvil --fork-url "${FORK_URL:-https://sepolia.base.org}" --chain-id 31337 --block-time 1 --host 0.0.0.0 --port 8545 --threads 4 --timeout 2000 --retries 2 --fork-retry-backoff 100)
+ANVIL_STATE_DIR=/home/foundry/.foundry/anvil/tmp
 # Cleanup ALL old state snapshots on start + periodic cleanup in background
 # Anvil fork mode generates thousands of JSON snapshots that fill disk fast
 if [[ -d "$ANVIL_STATE_DIR" ]]; then
  echo "[anvil] Cleaning up all state snapshots..."
  rm -rf "$ANVIL_STATE_DIR"/* 2>/dev/null || true
 fi
 # Background cleanup: every 6 hours, delete snapshots older than 1 hour
 (while true; do
  sleep 21600
  if [[ -d "$ANVIL_STATE_DIR" ]]; then
    find "$ANVIL_STATE_DIR" -type f -name "*.json" -mmin +60 -delete 2>/dev/null || true
    find "$ANVIL_STATE_DIR" -type d -empty -delete 2>/dev/null || true
  fi
 done) &
 ANVIL_CMD=(anvil --fork-url "${FORK_URL:-https://sepolia.base.org}" --chain-id 31337 --block-time 1 --host 0.0.0.0 --port 8545 --threads 4 --timeout 2000 --retries 2 --fork-retry-backoff 100 --steps-tracing --no-storage-caching)
 if [[ -f "$MNEMONIC_FILE" ]]; then
  MNEMONIC="$(tr -d '\n\r' <"$MNEMONIC_FILE")"
--- a/containers/bootstrap.sh
+++ b/containers/bootstrap.sh
@ -26,48 +26,48 @@ if [[ -n "$GIT_BRANCH" ]]; then
    fi
  fi
 fi
-STATE_DIR=$ROOT_DIR/tmp/podman
+
 STATE_DIR=$ROOT_DIR/tmp/containers
 LOG_DIR=$STATE_DIR/logs
 SETUP_LOG=$LOG_DIR/setup.log
 CONTRACT_ENV=$STATE_DIR/contracts.env
 TXNBOT_ENV=$STATE_DIR/txnBot.env
 MNEMONIC_FILE=$ROOT_DIR/onchain/.secret.local
 mkdir -p "$LOG_DIR"
 : >"$SETUP_LOG"
 # ── Configure shared bootstrap variables ──
 ANVIL_RPC=${ANVIL_RPC:-"http://anvil:8545"}
-FEE_DEST=0xf6a3eef9088A255c32b6aD2025f83E57291D9011
+CONTRACT_ENV=$STATE_DIR/contracts.env
 WETH=0x4200000000000000000000000000000000000006
 SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
 MAX_UINT=0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
-DEFAULT_DEPLOYER_PK=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
+# Derive NETWORK_NAME from FORK_URL if not explicitly set.
-DEFAULT_DEPLOYER_ADDR=0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
+# Callers may override by exporting NETWORK_NAME before starting the stack.
-DEPLOYER_PK=${DEPLOYER_PK:-$DEFAULT_DEPLOYER_PK}
+# Chain ID 8453 = Base mainnet; anything else (including 84532 Base Sepolia) defaults to Sepolia fork.
-DEPLOYER_ADDR=${DEPLOYER_ADDR:-$DEFAULT_DEPLOYER_ADDR}
+if [[ -z "${NETWORK_NAME:-}" ]]; then
  _fork_url="${FORK_URL:-}"
  if [[ -n "$_fork_url" ]]; then
    _chain_id=$(cast chain-id --rpc-url "$_fork_url" 2>/dev/null || echo "")
    if [[ "$_chain_id" == "8453" ]]; then
      NETWORK_NAME="BASE_MAINNET_LOCAL_FORK"
    else
      NETWORK_NAME="BASE_SEPOLIA_LOCAL_FORK"
    fi
  else
    NETWORK_NAME="BASE_SEPOLIA_LOCAL_FORK"
  fi
 fi
 LOG_FILE=$SETUP_LOG
 ONCHAIN_DIR=$ROOT_DIR/onchain
 TXNBOT_FUND_VALUE=${TXNBOT_FUND_VALUE:-1ether}
-log() {
+# Source shared bootstrap functions
-  echo "[bootstrap] $*"
+# shellcheck source=../scripts/bootstrap-common.sh
-}
+source "$ROOT_DIR/scripts/bootstrap-common.sh"
-BOOTSTRAP_START=$(date +%s%3N)
+# ── Local-only helpers ─────────────────────────────────────────────────
 wait_for_rpc() {
  for _ in {1..120}; do
    if cast chain-id --rpc-url "$ANVIL_RPC" >/dev/null 2>&1; then
      return 0
    fi
    sleep 1
  done
  log "Timed out waiting for Anvil at $ANVIL_RPC"
  return 1
 }
 maybe_set_deployer_from_mnemonic() {
-  if [[ -n "$DEPLOYER_PK" && -n "$DEPLOYER_ADDR" ]]; then
+  if [[ -n "$DEPLOYER_PK" && "$DEPLOYER_PK" != "$DEFAULT_DEPLOYER_PK" ]]; then
    return
  fi
  if [[ -f "$MNEMONIC_FILE" ]]; then
@ -76,12 +76,10 @@ maybe_set_deployer_from_mnemonic() {
    if [[ -n "$mnemonic" ]]; then
      pk="$(cast wallet private-key --mnemonic "$mnemonic" --mnemonic-derivation-path "m/44'/60'/0'/0/0")"
      addr="$(cast wallet address --private-key "$pk")"
-      DEPLOYER_PK=${DEPLOYER_PK:-$pk}
+      DEPLOYER_PK=${pk}
-      DEPLOYER_ADDR=${DEPLOYER_ADDR:-$addr}
+      DEPLOYER_ADDR=${addr}
    fi
  fi
  DEPLOYER_PK=${DEPLOYER_PK:-$DEFAULT_DEPLOYER_PK}
  DEPLOYER_ADDR=${DEPLOYER_ADDR:-$DEFAULT_DEPLOYER_ADDR}
 }
 derive_txnbot_wallet() {
@ -91,137 +89,37 @@ derive_txnbot_wallet() {
    if [[ -n "$mnemonic" ]]; then
      TXNBOT_PRIVATE_KEY="$(cast wallet private-key --mnemonic "$mnemonic" --mnemonic-index 2)"
      TXNBOT_ADDRESS="$(cast wallet address --private-key "$TXNBOT_PRIVATE_KEY")"
-      log "Derived txnBot wallet: $TXNBOT_ADDRESS (account index 2)"
+      bootstrap_log "Derived txnBot wallet: $TXNBOT_ADDRESS (account index 2)"
      return
    fi
  fi
  # Fallback to hardcoded Anvil account 1
-  TXNBOT_PRIVATE_KEY=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
+  TXNBOT_PRIVATE_KEY=$DEFAULT_TXNBOT_PK
-  TXNBOT_ADDRESS=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
+  TXNBOT_ADDRESS=$DEFAULT_TXNBOT_ADDR
-  log "Using default txnBot wallet: $TXNBOT_ADDRESS"
+  bootstrap_log "Using default txnBot wallet: $TXNBOT_ADDRESS"
 }
 run_forge_script() {
  log "Deploying contracts to fork"
  pushd "$ROOT_DIR/onchain" >/dev/null
  forge script script/DeployLocal.sol --fork-url "$ANVIL_RPC" --broadcast >>"$SETUP_LOG" 2>&1
  popd >/dev/null
 }
 extract_addresses() {
  local run_file
  run_file="$(ls -t "$ROOT_DIR/onchain/broadcast/DeployLocal.sol"/*/run-latest.json 2>/dev/null | head -n1)"
  if [[ -z "$run_file" ]]; then
    log "Deployment artifact not found"
    exit 1
  fi
  log "Using artifact ${run_file#$ROOT_DIR/}"
  LIQUIDITY_MANAGER="$(jq -r '.transactions[] | select(.contractName=="LiquidityManager") | .contractAddress' "$run_file" | head -n1)"
  KRAIKEN="$(jq -r '.transactions[] | select(.contractName=="Kraiken") | .contractAddress' "$run_file" | head -n1)"
  STAKE="$(jq -r '.transactions[] | select(.contractName=="Stake") | .contractAddress' "$run_file" | head -n1)"
  DEPLOY_BLOCK="$(jq -r '.receipts[0].blockNumber' "$run_file" | xargs printf "%d")"
  if [[ -z "$LIQUIDITY_MANAGER" || "$LIQUIDITY_MANAGER" == "null" ]]; then
    log "LiquidityManager address missing"
    exit 1
  fi
  cat >"$CONTRACT_ENV" <<EOCONTRACTS
 LIQUIDITY_MANAGER=$LIQUIDITY_MANAGER
 KRAIKEN=$KRAIKEN
 STAKE=$STAKE
 EOCONTRACTS
 }
 fund_liquidity_manager() {
  log "Funding LiquidityManager"
  cast send --rpc-url "$ANVIL_RPC" --private-key "$DEPLOYER_PK" \
    "$LIQUIDITY_MANAGER" --value 0.1ether >>"$SETUP_LOG" 2>&1
 }
 grant_recenter_access() {
  log "Granting recenter access"
  cast rpc --rpc-url "$ANVIL_RPC" anvil_impersonateAccount "$FEE_DEST" >>"$SETUP_LOG" 2>&1
  cast send --rpc-url "$ANVIL_RPC" --from "$FEE_DEST" --unlocked \
    "$LIQUIDITY_MANAGER" "setRecenterAccess(address)" "$DEPLOYER_ADDR" >>"$SETUP_LOG" 2>&1
  cast rpc --rpc-url "$ANVIL_RPC" anvil_stopImpersonatingAccount "$FEE_DEST" >>"$SETUP_LOG" 2>&1
  if [[ -n "$TXNBOT_ADDRESS" ]]; then
    cast rpc --rpc-url "$ANVIL_RPC" anvil_impersonateAccount "$FEE_DEST" >>"$SETUP_LOG" 2>&1
    cast send --rpc-url "$ANVIL_RPC" --from "$FEE_DEST" --unlocked \
      "$LIQUIDITY_MANAGER" "setRecenterAccess(address)" "$TXNBOT_ADDRESS" >>"$SETUP_LOG" 2>&1
    cast rpc --rpc-url "$ANVIL_RPC" anvil_stopImpersonatingAccount "$FEE_DEST" >>"$SETUP_LOG" 2>&1
  fi
 }
 call_recenter() {
  local recenter_pk="$DEPLOYER_PK"
  local recenter_addr="$DEPLOYER_ADDR"
  if [[ -n "$TXNBOT_ADDRESS" ]]; then
    recenter_pk="$TXNBOT_PRIVATE_KEY"
    recenter_addr="$TXNBOT_ADDRESS"
  fi
  log "Calling recenter() via $recenter_addr"
  cast send --rpc-url "$ANVIL_RPC" --private-key "$recenter_pk" \
    "$LIQUIDITY_MANAGER" "recenter()" >>"$SETUP_LOG" 2>&1
 }
 seed_application_state() {
  log "Wrapping ETH to WETH"
  cast send --rpc-url "$ANVIL_RPC" --private-key "$DEPLOYER_PK" \
    "$WETH" "deposit()" --value 0.02ether >>"$SETUP_LOG" 2>&1
  log "Approving router"
  cast send --rpc-url "$ANVIL_RPC" --private-key "$DEPLOYER_PK" \
    "$WETH" "approve(address,uint256)" "$SWAP_ROUTER" "$MAX_UINT" >>"$SETUP_LOG" 2>&1
  log "Executing initial KRK swap"
  cast send --legacy --gas-limit 300000 --rpc-url "$ANVIL_RPC" --private-key "$DEPLOYER_PK" \
    "$SWAP_ROUTER" "exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))" \
    "($WETH,$KRAIKEN,10000,$DEPLOYER_ADDR,10000000000000000,0,0)" >>"$SETUP_LOG" 2>&1
 }
 prime_chain() {
  log "Pre-mining 200 blocks (2x ring buffer warmup)..."
  # Try batch mine first (0xc8 = 200 blocks = 2x MINIMUM_BLOCKS_FOR_RING_BUFFER, 0x1 = 1 second interval)
  if cast rpc --rpc-url "$ANVIL_RPC" anvil_mine "0xc8" "0x1" >/dev/null 2>&1; then
    log "Used batch mining"
  else
    log "Batch mining failed, using individual evm_mine calls"
    for i in {1..200}; do
      cast rpc --rpc-url "$ANVIL_RPC" evm_mine >/dev/null 2>&1 || true
      if ((i % 50 == 0)); then
        log "Mined $i blocks..."
      fi
    done
  fi
  log "Pre-mining complete"
 }
 write_deployments_json() {
  cat >"$ROOT_DIR/onchain/deployments-local.json" <<EODEPLOYMENTS
 {
  "contracts": {
    "Kraiken": "$KRAIKEN",
    "Stake": "$STAKE",
    "LiquidityManager": "$LIQUIDITY_MANAGER"
  }
 }
 EODEPLOYMENTS
 }
 write_ponder_env() {
  cat >"$ROOT_DIR/services/ponder/.env.local" <<EOPONDER
-PONDER_NETWORK=BASE_SEPOLIA_LOCAL_FORK
+PONDER_NETWORK=$NETWORK_NAME
 KRAIKEN_ADDRESS=$KRAIKEN
 STAKE_ADDRESS=$STAKE
 LM_ADDRESS=$LIQUIDITY_MANAGER
 POOL_ADDRESS=$POOL_ADDRESS
 MINIMUM_BLOCKS_FOR_RINGBUFFER=0
 START_BLOCK=$DEPLOY_BLOCK
-PONDER_RPC_URL_BASE_SEPOLIA_LOCAL_FORK=$ANVIL_RPC
+PONDER_RPC_URL_${NETWORK_NAME}=$ANVIL_RPC
 DATABASE_URL=postgresql://ponder:ponder_local@postgres:5432/ponder_local
 DATABASE_SCHEMA=ponder_local_${DEPLOY_BLOCK}
 EOPONDER
 }
 write_txn_bot_env() {
  local txnbot_env=$STATE_DIR/txnBot.env
  local provider_url=${TXNBOT_PROVIDER_URL:-$ANVIL_RPC}
  local graphql_endpoint=${TXNBOT_GRAPHQL_ENDPOINT:-http://ponder:42069/graphql}
-  cat >"$TXNBOT_ENV" <<EOTXNBOT
+  cat >"$txnbot_env" <<EOTXNBOT
-ENVIRONMENT=BASE_SEPOLIA_LOCAL_FORK
+ENVIRONMENT=$NETWORK_NAME
 PROVIDER_URL=$provider_url
 PRIVATE_KEY=$TXNBOT_PRIVATE_KEY
 LM_CONTRACT_ADDRESS=$LIQUIDITY_MANAGER
@ -232,29 +130,62 @@ PORT=43069
 EOTXNBOT
 }
-fund_txn_bot_wallet() {
+prime_chain() {
-  if [[ -z "$TXNBOT_ADDRESS" ]]; then
+  bootstrap_log "Pre-mining 5 blocks (minimal warmup for fast Ponder sync)..."
-    return
+  if cast rpc --rpc-url "$ANVIL_RPC" anvil_mine "0x5" "0x1" >/dev/null 2>&1; then
    bootstrap_log "Mined 5 blocks"
  else
    bootstrap_log "Batch mining failed, using individual evm_mine calls"
    for i in {1..5}; do
      cast rpc --rpc-url "$ANVIL_RPC" evm_mine >/dev/null 2>&1 || true
    done
  fi
-  log "Funding txnBot wallet $TXNBOT_ADDRESS"
+  bootstrap_log "Pre-mining complete"
  cast send --rpc-url "$ANVIL_RPC" --private-key "$DEPLOYER_PK" \
    "$TXNBOT_ADDRESS" --value "$TXNBOT_FUND_VALUE" >>"$SETUP_LOG" 2>&1 || true
  local wei hex
  wei="$(cast --to-unit "$TXNBOT_FUND_VALUE" wei)"
  hex="$(cast --to-hex "$wei")"
  cast rpc --rpc-url "$ANVIL_RPC" anvil_setBalance "$TXNBOT_ADDRESS" "$hex" >>"$SETUP_LOG" 2>&1
 }
 # ── Main ───────────────────────────────────────────────────────────────
 main() {
-  log "Waiting for Anvil"
+  local start_time
  start_time=$(date +%s%3N)
  bootstrap_log "Waiting for Anvil"
  wait_for_rpc
  # Idempotency: if deployments-local.json exists and contracts have code,
  # bootstrap already ran against this Anvil instance — skip.
  local deploy_file="$ONCHAIN_DIR/deployments-local.json"
  if [[ -f "$deploy_file" ]]; then
    local krk_addr
    krk_addr=$(jq -r '.contracts.Kraiken // empty' "$deploy_file" 2>/dev/null || true)
    if [[ -n "$krk_addr" ]]; then
      local code
      code=$(cast call --rpc-url "$ANVIL_RPC" "$krk_addr" "decimals()(uint8)" 2>/dev/null || true)
      if [[ -n "$code" && "$code" != "0x" ]]; then
        bootstrap_log "Already bootstrapped (Kraiken at $krk_addr responds) — skipping"
        return 0
      fi
    fi
  fi
  maybe_set_deployer_from_mnemonic
  # On forked networks, well-known addresses (Anvil mnemonic accounts) may
  # have code (e.g. ERC-4337 Account Abstraction proxies on Base Sepolia).
  # The feeDestination lock in LiquidityManager treats any address with code
  # as a contract and locks permanently. Strip code so they behave as EOAs.
  bootstrap_log "Clearing code from deployer + feeDest (fork safety)"
  cast rpc --rpc-url "$ANVIL_RPC" anvil_setCode "$DEPLOYER_ADDR" "0x" 2>/dev/null || true
  # 0xf6a3... carries 171 bytes of code on Base mainnet and may also carry code on Base
  # Sepolia. Clear it before setFeeDestination is called so LiquidityManager does not
  # permanently lock feeDestinationLocked (#760).
  cast rpc --rpc-url "$ANVIL_RPC" anvil_setCode "$FEE_DEST" "0x" 2>/dev/null || true
  derive_txnbot_wallet
  run_forge_script
  extract_addresses
  write_contracts_env
  bootstrap_vwap
  fund_liquidity_manager
  grant_recenter_access
  call_recenter
  seed_application_state
  write_deployments_json
  write_ponder_env
@ -263,14 +194,17 @@ main() {
  prime_chain &
  local prime_pid=$!
  wait "$prime_pid"
-  BOOTSTRAP_END=$(date +%s%3N)
+
-  elapsed_ms=$((BOOTSTRAP_END - BOOTSTRAP_START))
+  local end_time
  end_time=$(date +%s%3N)
  local elapsed_ms=$((end_time - start_time))
  local elapsed_sec
  elapsed_sec=$(awk -v ms="$elapsed_ms" 'BEGIN { printf "%.3f", ms/1000 }')
-  log "Bootstrap complete in ${elapsed_sec}s"
+  bootstrap_log "Bootstrap complete in ${elapsed_sec}s"
-  log "Kraiken: $KRAIKEN"
+  bootstrap_log "Kraiken: $KRAIKEN"
-  log "Stake: $STAKE"
+  bootstrap_log "Stake: $STAKE"
-  log "LiquidityManager: $LIQUIDITY_MANAGER"
+  bootstrap_log "LiquidityManager: $LIQUIDITY_MANAGER"
-  log "txnBot: $TXNBOT_ADDRESS"
+  bootstrap_log "txnBot: $TXNBOT_ADDRESS"
 }
 main "$@"
--- a/containers/entrypoint-common.sh
+++ b/containers/entrypoint-common.sh
@ -0,0 +1,59 @@
 #!/usr/bin/env bash
 # Shared helpers for service entrypoints (local dev mode).
 # Source this file in each entrypoint script.
 # Checkout a git branch if GIT_BRANCH is set.
 # Args: $1 = root directory, $2 = log prefix
 entrypoint_checkout_branch() {
  local root_dir="$1"
  local prefix="$2"
  local git_branch="${GIT_BRANCH:-}"
  if [[ -z "$git_branch" ]]; then
    return
  fi
  cd "$root_dir"
  git config --global --add safe.directory "$root_dir" 2>/dev/null || true
  local current
  current=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
  if [[ "$current" != "$git_branch" ]]; then
    echo "[$prefix] Switching to branch: $git_branch"
    if git rev-parse --verify "$git_branch" >/dev/null 2>&1; then
      git checkout "$git_branch" 2>/dev/null || echo "[$prefix] WARNING: Could not checkout $git_branch"
    else
      git fetch origin "$git_branch" 2>/dev/null || true
      git checkout "$git_branch" 2>/dev/null || echo "[$prefix] WARNING: Could not checkout $git_branch"
    fi
  fi
 }
 # Validate kraiken-lib dist exists.
 # Args: $1 = root directory, $2 = log prefix
 entrypoint_require_kraiken_lib() {
  local root_dir="$1"
  local prefix="$2"
  local required_dist="$root_dir/kraiken-lib/dist/index.js"
  if [[ ! -f "$required_dist" ]]; then
    echo "[$prefix] ERROR: Run ./scripts/build-kraiken-lib.sh before starting containers" >&2
    exit 1
  fi
 }
 # Install node_modules if needed (named volume may be empty).
 # Args: $1 = log prefix
 entrypoint_install_deps() {
  local prefix="$1"
  if [[ ! -d node_modules/.bin ]]; then
    echo "[$prefix] Installing dependencies..."
    npm ci --loglevel error && npm cache clean --force 2>&1 || {
      echo "[$prefix] npm ci failed, trying npm install"
      npm install --no-save --loglevel error && npm cache clean --force
    }
  else
    echo "[$prefix] Using cached node_modules from volume"
  fi
 }
--- a/containers/init-umami-db.sh
+++ b/containers/init-umami-db.sh
@ -0,0 +1,16 @@
 #!/bin/bash
 # Creates the umami database and user if they don't already exist.
 # Mounted as a postgres init script via docker-compose volumes.
 set -e
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    DO \$\$
    BEGIN
        IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'umami') THEN
            CREATE ROLE umami WITH LOGIN PASSWORD 'umami_local';
        END IF;
    END
    \$\$;
    SELECT 'CREATE DATABASE umami OWNER umami'
    WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'umami')\gexec
 EOSQL
--- a/containers/landing-ci-entrypoint.sh
+++ b/containers/landing-ci-entrypoint.sh
@ -0,0 +1,5 @@
 #!/usr/bin/env bash
 # Minimal CI entrypoint for landing — just starts the dev server.
 set -euo pipefail
 cd /app/landing
 exec npm run dev -- --host 0.0.0.0 --port 5174
--- a/containers/landing-dev-entrypoint.sh
+++ b/containers/landing-dev-entrypoint.sh
@ -1,50 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 ROOT_DIR=/workspace
 GIT_BRANCH="${GIT_BRANCH:-}"
 # Checkout branch if specified
 if [[ -n "$GIT_BRANCH" ]]; then
  cd "$ROOT_DIR"
  git config --global --add safe.directory "$ROOT_DIR" 2>/dev/null || true
  CURRENT=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
  if [[ "$CURRENT" != "$GIT_BRANCH" ]]; then
    echo "[landing-entrypoint] Switching to branch: $GIT_BRANCH"
    # Try local branch first, then remote
    if git rev-parse --verify "$GIT_BRANCH" >/dev/null 2>&1; then
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[landing-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    else
      git fetch origin "$GIT_BRANCH" 2>/dev/null || true
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[landing-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    fi
  fi
 fi
 LANDING_DIR=$ROOT_DIR/landing
 REQUIRED_DIST="$ROOT_DIR/kraiken-lib/dist/index.js"
 if [[ ! -f "$REQUIRED_DIST" ]]; then
  echo "[landing-entrypoint] ERROR: Run ./scripts/build-kraiken-lib.sh before starting containers" >&2
  exit 1
 fi
 cd "$LANDING_DIR"
 DEPS_MARKER="/tmp/.landing-deps-installed"
 if [[ ! -d node_modules || ! -f "$DEPS_MARKER" ]]; then
  echo "[landing-entrypoint] Installing dependencies..."
  npm install --no-save --loglevel error 2>&1 || {
    echo "[landing-entrypoint] npm install failed, trying with --force"
    npm install --force --no-save --loglevel error
  }
  touch "$DEPS_MARKER" || true
 else
  echo "[landing-entrypoint] Using cached node_modules"
 fi
 export CHOKIDAR_USEPOLLING=${CHOKIDAR_USEPOLLING:-1}
 export HOST=0.0.0.0
 export PORT=${PORT:-5174}
 exec npm run dev -- --host 0.0.0.0 --port 5174
--- a/containers/landing-entrypoint.sh
+++ b/containers/landing-entrypoint.sh
@ -0,0 +1,32 @@
 #!/usr/bin/env bash
 set -euo pipefail
 ROOT_DIR=/workspace
 # shellcheck source=entrypoint-common.sh
 source "$ROOT_DIR/containers/entrypoint-common.sh"
 entrypoint_checkout_branch "$ROOT_DIR" "landing-entrypoint"
 entrypoint_require_kraiken_lib "$ROOT_DIR" "landing-entrypoint"
 cd "$ROOT_DIR/landing"
 entrypoint_install_deps "landing-entrypoint"
 export CHOKIDAR_USEPOLLING=${CHOKIDAR_USEPOLLING:-1}
 export HOST=0.0.0.0
 export PORT=${PORT:-5174}
 # Source contract addresses from bootstrap output
 CONTRACTS_ENV="$ROOT_DIR/tmp/containers/contracts.env"
 if [[ -f "$CONTRACTS_ENV" ]]; then
  source "$CONTRACTS_ENV"
  export VITE_KRAIKEN_ADDRESS="${KRAIKEN:-}"
  export VITE_STAKE_ADDRESS="${STAKE:-}"
  echo "[landing-entrypoint] Contract addresses loaded: KRK=${KRAIKEN:-unset} STAKE=${STAKE:-unset}"
 fi
 export VITE_UMAMI_URL="${VITE_UMAMI_URL:-}"
 export VITE_UMAMI_WEBSITE_ID="${VITE_UMAMI_WEBSITE_ID:-}"
 exec npm run dev -- --host 0.0.0.0 --port 5174
--- a/containers/node-dev.Containerfile
+++ b/containers/node-dev.Containerfile
@ -5,7 +5,10 @@ RUN apk add --no-cache \
    git \
    bash \
    postgresql-client \
-    wget
+    wget \
    python3 \
    make \
    g++
 USER node
 WORKDIR /workspace
--- a/containers/ponder-dev-entrypoint.sh
+++ b/containers/ponder-dev-entrypoint.sh
@ -1,28 +1,43 @@
 #!/usr/bin/env bash
 set -euo pipefail
-ROOT_DIR=/workspace
+if [[ "${CI:-}" == "true" ]]; then
-GIT_BRANCH="${GIT_BRANCH:-}"
+  # ── CI path ────────────────────────────────────────────────────────
  cd /app/services/ponder
-# Checkout branch if specified
+  echo "[ponder-ci] Starting Ponder indexer..."
 if [[ -n "$GIT_BRANCH" ]]; then
  cd "$ROOT_DIR"
  git config --global --add safe.directory "$ROOT_DIR" 2>/dev/null || true
  CURRENT=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
-  if [[ "$CURRENT" != "$GIT_BRANCH" ]]; then
+  : "${DATABASE_URL:?DATABASE_URL is required}"
-    echo "[ponder-entrypoint] Switching to branch: $GIT_BRANCH"
+  : "${PONDER_RPC_URL_1:?PONDER_RPC_URL_1 is required}"
-    # Try local branch first, then remote
+
-    if git rev-parse --verify "$GIT_BRANCH" >/dev/null 2>&1; then
+  export PONDER_RPC_TIMEOUT=${PONDER_RPC_TIMEOUT:-20000}
-      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[ponder-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
+  export HOST=${HOST:-0.0.0.0}
-    else
+  export PORT=${PORT:-42069}
-      git fetch origin "$GIT_BRANCH" 2>/dev/null || true
+
-      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[ponder-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
+  cat > .env.local <<EOF
-    fi
+DATABASE_URL=${DATABASE_URL}
-  fi
+PONDER_RPC_URL_1=${PONDER_RPC_URL_1}
 DATABASE_SCHEMA=${DATABASE_SCHEMA:-ponder_ci}
 START_BLOCK=${START_BLOCK:-0}
 EOF
  echo "[ponder-ci] Environment configured:"
  echo "  DATABASE_URL: ${DATABASE_URL}"
  echo "  PONDER_RPC_URL_1: ${PONDER_RPC_URL_1}"
  echo "  START_BLOCK: ${START_BLOCK:-0}"
  exec npm run dev
 fi
-CONTRACT_ENV=$ROOT_DIR/tmp/podman/contracts.env
+# ── Local dev path ─────────────────────────────────────────────────
 ROOT_DIR=/workspace
 # shellcheck source=entrypoint-common.sh
 source "$ROOT_DIR/containers/entrypoint-common.sh"
 entrypoint_checkout_branch "$ROOT_DIR" "ponder-entrypoint"
 CONTRACT_ENV=$ROOT_DIR/tmp/containers/contracts.env
 PONDER_WORKDIR=$ROOT_DIR/services/ponder
 while [[ ! -f "$CONTRACT_ENV" ]]; do
@ -59,23 +74,8 @@ if [[ -n "$START_BLOCK" ]]; then
  fi
 fi
-REQUIRED_DIST="$ROOT_DIR/kraiken-lib/dist/index.js"
+entrypoint_require_kraiken_lib "$ROOT_DIR" "ponder-entrypoint"
-if [[ ! -f "$REQUIRED_DIST" ]]; then
+entrypoint_install_deps "ponder-entrypoint"
  echo "[ponder-entrypoint] ERROR: Run ./scripts/build-kraiken-lib.sh before starting containers" >&2
  exit 1
 fi
 DEPS_MARKER="/tmp/.ponder-deps-installed"
 if [[ ! -d node_modules || ! -f "$DEPS_MARKER" ]]; then
  echo "[ponder-entrypoint] Installing dependencies..."
  npm install --no-save --loglevel error 2>&1 || {
    echo "[ponder-entrypoint] npm install failed, trying with --force"
    npm install --force --no-save --loglevel error
  }
  touch "$DEPS_MARKER" || true
 else
  echo "[ponder-entrypoint] Using cached node_modules"
 fi
 # Load and export all environment variables from .env.local
 if [[ -f .env.local ]]; then
@ -88,5 +88,6 @@ fi
 export CHOKIDAR_USEPOLLING=${CHOKIDAR_USEPOLLING:-1}
 export HOST=0.0.0.0
 export PORT=${PORT:-42069}
 export PONDER_RPC_TIMEOUT=${PONDER_RPC_TIMEOUT:-20000}
 exec npm run dev
--- a/containers/txn-bot-entrypoint.sh
+++ b/containers/txn-bot-entrypoint.sh
@ -1,56 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 ROOT_DIR=/workspace
 GIT_BRANCH="${GIT_BRANCH:-}"
 # Checkout branch if specified
 if [[ -n "$GIT_BRANCH" ]]; then
  cd "$ROOT_DIR"
  git config --global --add safe.directory "$ROOT_DIR" 2>/dev/null || true
  CURRENT=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
  if [[ "$CURRENT" != "$GIT_BRANCH" ]]; then
    echo "[txn-bot-entrypoint] Switching to branch: $GIT_BRANCH"
    # Try local branch first, then remote
    if git rev-parse --verify "$GIT_BRANCH" >/dev/null 2>&1; then
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[txn-bot-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    else
      git fetch origin "$GIT_BRANCH" 2>/dev/null || true
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[txn-bot-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    fi
  fi
 fi
 TXNBOT_ENV_FILE=$ROOT_DIR/tmp/podman/txnBot.env
 BOT_DIR=$ROOT_DIR/services/txnBot
 REQUIRED_DIST=$ROOT_DIR/kraiken-lib/dist/index.js
 while [[ ! -f "$TXNBOT_ENV_FILE" ]]; do
  echo "[txn-bot-entrypoint] waiting for env file"
  sleep 2
 done
 if [[ ! -f "$REQUIRED_DIST" ]]; then
  echo "[txn-bot-entrypoint] ERROR: Run ./scripts/build-kraiken-lib.sh before starting containers" >&2
  exit 1
 fi
 cd "$BOT_DIR"
 DEPS_MARKER="/tmp/.txnbot-deps-installed"
 if [[ ! -d node_modules || ! -f "$DEPS_MARKER" ]]; then
  echo "[txn-bot-entrypoint] Installing txn-bot dependencies..."
  npm install --no-save --loglevel error 2>&1 || {
    echo "[txn-bot-entrypoint] npm install failed, trying with --force"
    npm install --force --no-save --loglevel error
  }
  touch "$DEPS_MARKER" || true
 else
  echo "[txn-bot-entrypoint] Using cached node_modules"
 fi
 echo "[txn-bot-entrypoint] Building TypeScript..."
 npm run build
 export TXN_BOT_ENV_FILE="$TXNBOT_ENV_FILE"
 exec npm run start
--- a/containers/txnbot-entrypoint.sh
+++ b/containers/txnbot-entrypoint.sh
@ -0,0 +1,62 @@
 #!/usr/bin/env bash
 set -euo pipefail
 if [[ "${CI:-}" == "true" ]]; then
  # ── CI path ────────────────────────────────────────────────────────
  echo "[txnbot-ci] Starting Transaction Bot..."
  : "${TXNBOT_PRIVATE_KEY:?TXNBOT_PRIVATE_KEY is required}"
  : "${RPC_URL:?RPC_URL is required}"
  : "${KRAIKEN_ADDRESS:?KRAIKEN_ADDRESS is required}"
  : "${STAKE_ADDRESS:?STAKE_ADDRESS is required}"
  : "${LIQUIDITY_MANAGER_ADDRESS:?LIQUIDITY_MANAGER_ADDRESS is required}"
  cat > /tmp/txnBot.env <<EOF
 TXNBOT_PRIVATE_KEY=${TXNBOT_PRIVATE_KEY}
 RPC_URL=${RPC_URL}
 KRAIKEN_ADDRESS=${KRAIKEN_ADDRESS}
 STAKE_ADDRESS=${STAKE_ADDRESS}
 LIQUIDITY_MANAGER_ADDRESS=${LIQUIDITY_MANAGER_ADDRESS}
 POOL_ADDRESS=${POOL_ADDRESS:-}
 WETH_ADDRESS=${WETH_ADDRESS:-0x4200000000000000000000000000000000000006}
 EOF
  export TXN_BOT_ENV_FILE=/tmp/txnBot.env
  echo "[txnbot-ci] Environment configured:"
  echo "  RPC_URL: ${RPC_URL}"
  echo "  KRAIKEN_ADDRESS: ${KRAIKEN_ADDRESS}"
  echo "[txnbot-ci] Building TypeScript..."
  npm run build
  exec npm run start
 fi
 # ── Local dev path ─────────────────────────────────────────────────
 ROOT_DIR=/workspace
 # shellcheck source=entrypoint-common.sh
 source "$ROOT_DIR/containers/entrypoint-common.sh"
 entrypoint_checkout_branch "$ROOT_DIR" "txnbot-entrypoint"
 TXNBOT_ENV_FILE=$ROOT_DIR/tmp/containers/txnBot.env
 BOT_DIR=$ROOT_DIR/services/txnBot
 while [[ ! -f "$TXNBOT_ENV_FILE" ]]; do
  echo "[txnbot-entrypoint] waiting for env file"
  sleep 2
 done
 entrypoint_require_kraiken_lib "$ROOT_DIR" "txnbot-entrypoint"
 cd "$BOT_DIR"
 entrypoint_install_deps "txnbot-entrypoint"
 echo "[txnbot-entrypoint] Building TypeScript..."
 npm run build
 export TXN_BOT_ENV_FILE="$TXNBOT_ENV_FILE"
 exec npm run start
--- a/containers/webapp-dev-entrypoint.sh
+++ b/containers/webapp-dev-entrypoint.sh
@ -1,68 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 ROOT_DIR=/workspace
 GIT_BRANCH="${GIT_BRANCH:-}"
 # Checkout branch if specified
 if [[ -n "$GIT_BRANCH" ]]; then
  cd "$ROOT_DIR"
  git config --global --add safe.directory "$ROOT_DIR" 2>/dev/null || true
  CURRENT=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "unknown")
  if [[ "$CURRENT" != "$GIT_BRANCH" ]]; then
    echo "[webapp-entrypoint] Switching to branch: $GIT_BRANCH"
    # Try local branch first, then remote
    if git rev-parse --verify "$GIT_BRANCH" >/dev/null 2>&1; then
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[webapp-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    else
      git fetch origin "$GIT_BRANCH" 2>/dev/null || true
      git checkout "$GIT_BRANCH" 2>/dev/null || echo "[webapp-entrypoint] WARNING: Could not checkout $GIT_BRANCH"
    fi
  fi
 fi
 CONTRACT_ENV=$ROOT_DIR/tmp/podman/contracts.env
 APP_DIR=$ROOT_DIR/web-app
 SWAP_ROUTER=0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4
 while [[ ! -f "$CONTRACT_ENV" ]]; do
  echo "[frontend-entrypoint] waiting for contracts env"
  sleep 2
 done
 REQUIRED_DIST="$ROOT_DIR/kraiken-lib/dist/index.js"
 if [[ ! -f "$REQUIRED_DIST" ]]; then
  echo "[frontend-entrypoint] ERROR: Run ./scripts/build-kraiken-lib.sh before starting containers" >&2
  exit 1
 fi
 # shellcheck disable=SC1090
 source "$CONTRACT_ENV"
 cd "$APP_DIR"
 DEPS_MARKER="/tmp/.webapp-deps-installed"
 if [[ ! -d node_modules || ! -f "$DEPS_MARKER" ]]; then
  echo "[frontend-entrypoint] Installing dependencies..."
  npm install --no-save --loglevel error 2>&1 || {
    echo "[frontend-entrypoint] npm install failed, trying with --force"
    npm install --force --no-save --loglevel error
  }
  touch "$DEPS_MARKER" || true
 else
  echo "[frontend-entrypoint] Using cached node_modules"
 fi
 export VITE_DEFAULT_CHAIN_ID=${VITE_DEFAULT_CHAIN_ID:-31337}
 export VITE_LOCAL_RPC_URL=${VITE_LOCAL_RPC_URL:-/api/rpc}
 export VITE_LOCAL_RPC_PROXY_TARGET=${VITE_LOCAL_RPC_PROXY_TARGET:-http://anvil:8545}
 export VITE_LOCAL_GRAPHQL_PROXY_TARGET=${VITE_LOCAL_GRAPHQL_PROXY_TARGET:-http://ponder:42069}
 export VITE_LOCAL_TXN_PROXY_TARGET=${VITE_LOCAL_TXN_PROXY_TARGET:-http://txn-bot:43069}
 export VITE_KRAIKEN_ADDRESS=$KRAIKEN
 export VITE_STAKE_ADDRESS=$STAKE
 export VITE_SWAP_ROUTER=$SWAP_ROUTER
 export VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK=${VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK:-/api/graphql}
 export VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK=${VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK:-/api/txn}
 export CHOKIDAR_USEPOLLING=${CHOKIDAR_USEPOLLING:-1}
 exec npm run dev -- --host 0.0.0.0 --port 5173 --base /app/
--- a/containers/webapp-entrypoint.sh
+++ b/containers/webapp-entrypoint.sh
@ -0,0 +1,89 @@
 #!/usr/bin/env bash
 set -euo pipefail
 if [[ "${CI:-}" == "true" ]]; then
  # ── CI path ────────────────────────────────────────────────────────
  # NOTE: this block is NOT executed by the .woodpecker/e2e.yml pipeline.
  # Woodpecker runs the webapp image as a service with a `commands:` block,
  # which replaces the Docker ENTRYPOINT entirely — dumb-init and this script
  # are bypassed. The e2e.yml commands block sources contracts.env and starts
  # `npm run dev` inline (see .woodpecker/e2e.yml, webapp service, ~line 129).
  #
  # This path fires only for manual invocations, e.g.:
  #   docker run -e CI=true \
  #     -e VITE_KRAIKEN_ADDRESS=0x... \
  #     -e VITE_STAKE_ADDRESS=0x... \
  #     webapp-ci
  #
  # VITE_KRAIKEN_ADDRESS and VITE_STAKE_ADDRESS must be supplied by the caller;
  # they are not derived from contracts.env here.
  cd /app/web-app
  echo "[webapp-ci] Starting Web App..."
  : "${VITE_KRAIKEN_ADDRESS:?VITE_KRAIKEN_ADDRESS must be supplied by the caller (not sourced from contracts.env in this path)}"
  : "${VITE_STAKE_ADDRESS:?VITE_STAKE_ADDRESS must be supplied by the caller (not sourced from contracts.env in this path)}"
  # Disable Vue DevTools in CI to avoid path resolution issues
  export CI=true
  export VITE_DEFAULT_CHAIN_ID=${VITE_DEFAULT_CHAIN_ID:-31337}
  export VITE_LOCAL_RPC_URL=${VITE_LOCAL_RPC_URL:-/api/rpc}
  export VITE_LOCAL_RPC_PROXY_TARGET=${VITE_LOCAL_RPC_PROXY_TARGET:-http://anvil:8545}
  export VITE_LOCAL_GRAPHQL_PROXY_TARGET=${VITE_LOCAL_GRAPHQL_PROXY_TARGET:-http://ponder:42069}
  export VITE_LOCAL_TXN_PROXY_TARGET=${VITE_LOCAL_TXN_PROXY_TARGET:-http://txn-bot:43069}
  export VITE_SWAP_ROUTER=${VITE_SWAP_ROUTER:-0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4}
  export VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK=${VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK:-/api/graphql}
  export VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK=${VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK:-/api/txn}
  export VITE_UMAMI_URL="${VITE_UMAMI_URL:-}"
  export VITE_UMAMI_WEBSITE_ID="${VITE_UMAMI_WEBSITE_ID:-}"
  echo "[webapp-ci] Environment configured:"
  echo "  VITE_KRAIKEN_ADDRESS: ${VITE_KRAIKEN_ADDRESS}"
  echo "  VITE_STAKE_ADDRESS: ${VITE_STAKE_ADDRESS}"
  echo "  VITE_DEFAULT_CHAIN_ID: ${VITE_DEFAULT_CHAIN_ID}"
  exec npm run dev -- --host 0.0.0.0 --port 5173 --base /app/
 fi
 # ── Local dev path ─────────────────────────────────────────────────
 ROOT_DIR=/workspace
 # Default is the Sepolia SwapRouter; override via SWAP_ROUTER env var for other networks.
 SWAP_ROUTER=${SWAP_ROUTER:-0x94cC0AaC535CCDB3C01d6787D6413C739ae12bc4}
 # shellcheck source=entrypoint-common.sh
 source "$ROOT_DIR/containers/entrypoint-common.sh"
 entrypoint_checkout_branch "$ROOT_DIR" "webapp-entrypoint"
 CONTRACT_ENV=$ROOT_DIR/tmp/containers/contracts.env
 APP_DIR=$ROOT_DIR/web-app
 while [[ ! -f "$CONTRACT_ENV" ]]; do
  echo "[webapp-entrypoint] waiting for contracts env"
  sleep 2
 done
 entrypoint_require_kraiken_lib "$ROOT_DIR" "webapp-entrypoint"
 # shellcheck disable=SC1090
 source "$CONTRACT_ENV"
 cd "$APP_DIR"
 entrypoint_install_deps "webapp-entrypoint"
 export VITE_DEFAULT_CHAIN_ID=${VITE_DEFAULT_CHAIN_ID:-31337}
 export VITE_LOCAL_RPC_URL=${VITE_LOCAL_RPC_URL:-/api/rpc}
 export VITE_LOCAL_RPC_PROXY_TARGET=${VITE_LOCAL_RPC_PROXY_TARGET:-http://anvil:8545}
 export VITE_LOCAL_GRAPHQL_PROXY_TARGET=${VITE_LOCAL_GRAPHQL_PROXY_TARGET:-http://ponder:42069}
 export VITE_LOCAL_TXN_PROXY_TARGET=${VITE_LOCAL_TXN_PROXY_TARGET:-http://txn-bot:43069}
 export VITE_KRAIKEN_ADDRESS=$KRAIKEN
 export VITE_STAKE_ADDRESS=$STAKE
 export VITE_SWAP_ROUTER=$SWAP_ROUTER
 export VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK=${VITE_PONDER_BASE_SEPOLIA_LOCAL_FORK:-/api/graphql}
 export VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK=${VITE_TXNBOT_BASE_SEPOLIA_LOCAL_FORK:-/api/txn}
 export CHOKIDAR_USEPOLLING=${CHOKIDAR_USEPOLLING:-1}
 export VITE_UMAMI_URL="${VITE_UMAMI_URL:-}"
 export VITE_UMAMI_WEBSITE_ID="${VITE_UMAMI_WEBSITE_ID:-}"
 exec npm run dev -- --host 0.0.0.0 --port 5173 --base /app/
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,8 +4,17 @@ networks:
  harb-network:
    driver: bridge
 # Global logging configuration to prevent disk bloat
 x-logging: &default-logging
  driver: "json-file"
  options:
    max-size: "10m"
    max-file: "3"
 services:
  anvil:
    security_opt:
      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    command: ["/workspace/containers/anvil-entrypoint.sh"]
    volumes:
@ -17,6 +26,7 @@ services:
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD", "cast", "block-number", "--rpc-url", "http://127.0.0.1:8545"]
      interval: 2s
@ -25,18 +35,34 @@ services:
      start_period: 5s
  postgres:
    security_opt:
      - apparmor=unconfined
    image: docker.io/library/postgres:16-alpine
    command:
      - "postgres"
      - "-c"
      - "wal_level=minimal"
      - "-c"
      - "max_wal_size=128MB"
      - "-c"
      - "max_wal_senders=0"
      - "-c"
      - "archive_mode=off"
      - "-c"
      - "checkpoint_timeout=30min"
    environment:
      - POSTGRES_USER=ponder
      - POSTGRES_PASSWORD=ponder_local
      - POSTGRES_DB=ponder_local
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./containers/init-umami-db.sh:/docker-entrypoint-initdb.d/init-umami-db.sh:ro,z
    expose:
      - "5432"
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ponder"]
      interval: 5s
@ -44,6 +70,8 @@ services:
      retries: 5
  bootstrap:
    security_opt:
      - apparmor=unconfined
    image: ghcr.io/foundry-rs/foundry:latest
    user: "0:0"
    command: ["/workspace/containers/bootstrap.sh"]
@ -56,26 +84,33 @@ services:
    networks:
      - harb-network
    restart: "no"
    logging: *default-logging
    healthcheck:
-      test: ["CMD", "test", "-f", "/workspace/tmp/podman/contracts.env"]
+      test: ["CMD", "test", "-f", "/workspace/tmp/containers/contracts.env"]
      interval: 5s
      timeout: 3s
      retries: 18
      start_period: 10s
  ponder:
    security_opt:
      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
-    entrypoint: ["/workspace/containers/ponder-dev-entrypoint.sh"]
+    entrypoint: ["/workspace/containers/ponder-entrypoint.sh"]
    user: "0:0"
    volumes:
      - .:/workspace:z
      - .git:/workspace/.git:ro,z
      - ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
      - ponder_node_modules:/workspace/services/ponder/node_modules
    working_dir: /workspace
    environment:
      - CHOKIDAR_USEPOLLING=1
      - GIT_BRANCH=${GIT_BRANCH:-}
      - PONDER_RPC_TIMEOUT=${PONDER_RPC_TIMEOUT:-20000}
      - START_BLOCK=${START_BLOCK:-}
    expose:
      - "42069"
    ports:
@ -83,6 +118,7 @@ services:
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:42069/"]
      interval: 5s
@ -91,19 +127,25 @@ services:
      start_period: 20s
  webapp:
    security_opt:
      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
-    entrypoint: ["/workspace/containers/webapp-dev-entrypoint.sh"]
+    entrypoint: ["/workspace/containers/webapp-entrypoint.sh"]
    user: "0:0"
    volumes:
      - .:/workspace:z
      - .git:/workspace/.git:ro,z
      - ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
      - webapp_node_modules:/workspace/web-app/node_modules
    working_dir: /workspace
    environment:
      - CHOKIDAR_USEPOLLING=1
      - GIT_BRANCH=${GIT_BRANCH:-}
      - VITE_ENABLE_LOCAL_SWAP=true
      - VITE_UMAMI_URL=${VITE_UMAMI_URL:-}
      - VITE_UMAMI_WEBSITE_ID=${VITE_UMAMI_WEBSITE_ID:-}
    expose:
      - "5173"
    ports:
@ -111,62 +153,87 @@ services:
    restart: unless-stopped
    networks:
      - harb-network
    depends_on:
      ponder:
        condition: service_healthy
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:5173/"]
      interval: 5s
-      retries: 6
+      timeout: 3s
      retries: 24
      start_period: 10s
  landing:
    security_opt:
      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
-    entrypoint: ["/workspace/containers/landing-dev-entrypoint.sh"]
+    entrypoint: ["/workspace/containers/landing-entrypoint.sh"]
    user: "0:0"
    volumes:
      - .:/workspace:z
      - .git:/workspace/.git:ro,z
      - ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
      - landing_node_modules:/workspace/landing/node_modules
    working_dir: /workspace
    environment:
      - CHOKIDAR_USEPOLLING=1
      - GIT_BRANCH=${GIT_BRANCH:-}
      - VITE_APP_URL=http://localhost:5173/app
      - VITE_UMAMI_URL=${VITE_UMAMI_URL:-}
      - VITE_UMAMI_WEBSITE_ID=${VITE_UMAMI_WEBSITE_ID:-}
    expose:
      - "5174"
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:5174/"]
      interval: 5s
      timeout: 3s
      retries: 6
      start_period: 10s
  txn-bot:
    security_opt:
      - apparmor=unconfined
    build:
      context: .
      dockerfile: containers/node-dev.Containerfile
-    entrypoint: ["/workspace/containers/txn-bot-entrypoint.sh"]
+    entrypoint: ["/workspace/containers/txnbot-entrypoint.sh"]
    user: "0:0"
    volumes:
      - .:/workspace:z
      - .git:/workspace/.git:ro,z
      - ./kraiken-lib/dist:/workspace/kraiken-lib/dist:ro,z
      - txnbot_node_modules:/workspace/services/txnBot/node_modules
    working_dir: /workspace
    environment:
      - GIT_BRANCH=${GIT_BRANCH:-}
    expose:
      - "43069"
    ports:
      - "127.0.0.1:43069:43069"
    restart: unless-stopped
    networks:
      - harb-network
    depends_on:
      ponder:
        condition: service_healthy
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:43069/status"]
      interval: 5s
      timeout: 10s
      retries: 4
      start_period: 10s
  caddy:
    security_opt:
      - apparmor=unconfined
    image: docker.io/library/caddy:2.8
    volumes:
      - ./containers/Caddyfile:/etc/caddy/Caddyfile:z
@ -175,11 +242,62 @@ services:
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:80"]
      interval: 2s
      retries: 3
      start_period: 2s
  umami:
    security_opt:
      - apparmor=unconfined
    image: ghcr.io/umami-software/umami:postgresql-latest
    environment:
      - DATABASE_URL=postgresql://umami:umami_local@postgres:5432/umami
      - APP_SECRET=${UMAMI_APP_SECRET:-harb-analytics-secret}
      - DISABLE_TELEMETRY=1
    expose:
      - "3000"
    ports:
      - "127.0.0.1:3001:3000"
    restart: unless-stopped
    networks:
      - harb-network
    depends_on:
      postgres:
        condition: service_healthy
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:3000/api/heartbeat"]
      interval: 5s
      timeout: 3s
      retries: 10
      start_period: 15s
  otterscan:
    security_opt:
      - apparmor=unconfined
    image: otterscan/otterscan:v2.6.0
    environment:
      - ERIGON_URL=http://localhost:8545
    expose:
      - "80"
    ports:
      - "127.0.0.1:5100:80"
    restart: unless-stopped
    networks:
      - harb-network
    logging: *default-logging
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:80"]
      interval: 5s
      retries: 4
      start_period: 5s
 volumes:
  postgres-data:
  ponder_node_modules:
  webapp_node_modules:
  landing_node_modules:
  txnbot_node_modules:
--- a/docker/Dockerfile.node-ci
+++ b/docker/Dockerfile.node-ci
@ -0,0 +1,40 @@
 # syntax=docker/dockerfile:1.6
 FROM node:20-bookworm
 LABEL org.opencontainers.image.source="https://codeberg.org/johba/harb-ci"
 LABEL org.opencontainers.image.description="Node.js toolchain for Harb Stack CI jobs"
 ENV DEBIAN_FRONTEND=noninteractive \
    PNPM_HOME=/root/.local/share/pnpm \
    PATH=/root/.local/share/pnpm:/root/.local/bin:/root/.foundry/bin:$PATH
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
    apt-get update && \
    apt-get install -y --no-install-recommends \
      git \
      ca-certificates \
      build-essential \
      pkg-config \
      libssl-dev \
      python3 \
      python3-pip \
      bc \
      jq \
      curl && \
    rm -rf /var/lib/apt/lists/*
 # Enable corepack-managed package managers and pin the versions we expect in CI.
 RUN corepack enable && \
    corepack prepare pnpm@8.15.4 --activate && \
    corepack prepare yarn@1.22.19 --activate
 # Install Foundry once so downstream jobs skip the bootstrap step.
 RUN curl -L https://foundry.paradigm.xyz | bash && \
    ~/.foundry/bin/foundryup --version && \
    ~/.foundry/bin/foundryup
 WORKDIR /workspace
 CMD ["bash"]
--- a/docker/Dockerfile.playwright-ci
+++ b/docker/Dockerfile.playwright-ci
@ -0,0 +1,28 @@
 # syntax=docker/dockerfile:1.6
 FROM mcr.microsoft.com/playwright:v1.56.0-jammy
 LABEL org.opencontainers.image.source="https://codeberg.org/johba/harb-ci"
 LABEL org.opencontainers.image.description="Playwright + Docker image for Harb Stack end-to-end CI"
 ENV DEBIAN_FRONTEND=noninteractive \
    PNPM_HOME=/root/.local/share/pnpm \
    PATH=/root/.local/share/pnpm:/root/.local/bin:$PATH
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt,sharing=locked \
    apt-get update && \
    apt-get install -y --no-install-recommends \
      git \
      ca-certificates \
      jq \
      curl && \
    rm -rf /var/lib/apt/lists/*
 RUN corepack enable && \
    corepack prepare pnpm@8.15.4 --activate && \
    corepack prepare yarn@1.22.19 --activate
 WORKDIR /workspace
 CMD ["bash"]
--- a/docker/Dockerfile.service-ci
+++ b/docker/Dockerfile.service-ci
@ -0,0 +1,121 @@
 # Unified CI image for Harb services (ponder, webapp, landing, txnBot).
 # Parameterized via build args — eliminates per-service Dockerfile duplication.
 #
 # Usage:
 #   docker build -f docker/Dockerfile.service-ci \
 #     --build-arg SERVICE_DIR=services/ponder \
 #     --build-arg SERVICE_PORT=42069 \
 #     --build-arg ENTRYPOINT_SCRIPT=containers/ponder-entrypoint.sh \
 #     -t ponder-ci .
 # ── Build args (declared early for builder stage) ──────────────────
 ARG SERVICE_DIR
 ARG NPM_INSTALL_CMD=ci
 # ── Builder stage ──────────────────────────────────────────────────
 FROM node:20-alpine AS builder
 RUN apk add --no-cache git bash
 WORKDIR /app
 # Copy root package files
 COPY package.json package-lock.json ./
 # Copy kraiken-lib package files
 COPY kraiken-lib/package.json kraiken-lib/package-lock.json ./kraiken-lib/
 # Copy ABI files needed by kraiken-lib
 COPY onchain/out/Kraiken.sol/Kraiken.json ./onchain/out/Kraiken.sol/
 COPY onchain/out/Stake.sol/Stake.json ./onchain/out/Stake.sol/
 # Copy Stake.sol for sync-tax-rates + the script itself
 COPY onchain/src/Stake.sol ./onchain/src/
 COPY scripts/sync-tax-rates.mjs ./scripts/
 # Install kraiken-lib dependencies, run sync-tax-rates, and build
 WORKDIR /app/kraiken-lib
 RUN npm ci --ignore-scripts
 COPY kraiken-lib/ ./
 RUN node ../scripts/sync-tax-rates.mjs && ./node_modules/.bin/tsc
 # Install service dependencies
 ARG SERVICE_DIR
 ARG NPM_INSTALL_CMD
 WORKDIR /app/${SERVICE_DIR}
 COPY ${SERVICE_DIR}/package.json ./
 # Use glob pattern to optionally copy package-lock.json (txnBot has none)
 COPY ${SERVICE_DIR}/package-lock.jso[n] ./
 RUN if [ "$NPM_INSTALL_CMD" = "install" ]; then npm install; else npm ci; fi
 # Copy service source
 COPY ${SERVICE_DIR}/ ./
 # Ensure root node_modules exists (may be populated by workspace hoisting, or empty)
 RUN mkdir -p /app/node_modules
 # Copy onchain deployment artifacts (glob handles missing files)
 WORKDIR /app
 COPY onchain/deployments*.jso[n] ./onchain/
 # ── Runtime stage ──────────────────────────────────────────────────
 FROM node:20-alpine
 RUN apk add --no-cache dumb-init wget bash
 WORKDIR /app
 # Copy kraiken-lib (src for Vite alias, dist for runtime, package.json for resolution)
 COPY --from=builder /app/kraiken-lib/src ./kraiken-lib/src
 COPY --from=builder /app/kraiken-lib/dist ./kraiken-lib/dist
 COPY --from=builder /app/kraiken-lib/package.json ./kraiken-lib/
 # Copy service with all node_modules
 ARG SERVICE_DIR
 COPY --from=builder /app/${SERVICE_DIR} ./${SERVICE_DIR}
 # Copy root node_modules (workspace-hoisted deps for landing/webapp, empty for others)
 COPY --from=builder /app/node_modules ./node_modules
 # Copy onchain artifacts
 COPY --from=builder /app/onchain ./onchain
 # Create placeholder deployments-local.json if not present
 RUN test -f /app/onchain/deployments-local.json || \
    (mkdir -p /app/onchain && echo '{"contracts":{}}' > /app/onchain/deployments-local.json)
 # Conditionally create symlinks for Vite path resolution (webapp only)
 ARG NEEDS_SYMLINKS=false
 RUN if [ "$NEEDS_SYMLINKS" = "true" ]; then \
      ln -sf /app/web-app /web-app && \
      ln -sf /app/kraiken-lib /kraiken-lib && \
      ln -sf /app/onchain /onchain; \
    fi
 # Copy entrypoint script
 # For services with entrypoints (ponder, webapp, txnbot): pass the actual entrypoint
 # For landing (no entrypoint): defaults to entrypoint-common.sh which is just helpers
 ARG ENTRYPOINT_SCRIPT=containers/entrypoint-common.sh
 COPY ${ENTRYPOINT_SCRIPT} /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 # Set working directory to service
 WORKDIR /app/${SERVICE_DIR}
 ARG NODE_ENV=production
 ENV NODE_ENV=${NODE_ENV}
 ENV HOST=0.0.0.0
 ARG SERVICE_PORT=8080
 ENV PORT=${SERVICE_PORT}
 EXPOSE ${SERVICE_PORT}
 # HEALTHCHECK flags don't expand ARGs (Docker limitation), so values are hardcoded.
 # PORT is an ENV (works in CMD at runtime). PATH is baked via ARG→ENV.
 ARG HEALTHCHECK_PATH=/
 ENV HEALTHCHECK_PATH=${HEALTHCHECK_PATH}
 HEALTHCHECK --interval=5s --timeout=3s --retries=12 --start-period=20s \
  CMD wget --spider -q http://127.0.0.1:${PORT}${HEALTHCHECK_PATH} || exit 1
 ENTRYPOINT ["dumb-init", "--", "/entrypoint.sh"]
 # Force rebuild after cache prune — 2026-02-19T21:31:36Z
--- a/docs/ARCHITECTURE.md
+++ b/docs/ARCHITECTURE.md
@ -0,0 +1,158 @@
 # ARCHITECTURE.md — System Map
 Compressed overview for AI agents. Read this first, drill into source for details.
 ## Contract Architecture
 ```
 Kraiken.sol (ERC-20 token)
 ├── liquidityManager: address (set once, immutable after)
 │   └── LiquidityManager.sol (ThreePositionStrategy)
 │       ├── optimizer: Optimizer (private immutable ref)
 │       ├── pool: IUniswapV3Pool
 │       ├── kraiken: Kraiken
 │       └── Positions: Floor, Anchor, Discovery
 ├── stakingPool: address
 │   └── Stake.sol
 │       ├── Staking positions with tax rates
 │       ├── Snatch mechanics (competitive staking)
 │       └── getPercentageStaked(), getAverageTaxRate()
 └── feeDestination: address (protocol revenue — both WETH and KRK fees go HERE, not back to holders)
 Optimizer.sol (UUPS Upgradeable Proxy)
 ├── Reads: stake.getPercentageStaked(), stake.getAverageTaxRate()
 ├── Computes: sentiment → 4 liquidity params
 ├── Versions: Optimizer, OptimizerV2, OptimizerV3, OptimizerV3Push3
 └── Admin: single address, set at initialize()
 ```
 ## Key Relationships
 - **Kraiken → LiquidityManager**: set once via `setLiquidityManager()`, reverts if already set
 - **LiquidityManager → Optimizer**: `private immutable` — baked into constructor, never changes
 - **LiquidityManager → Kraiken**: exclusive minting/burning rights
 - **Optimizer → Stake**: reads sentiment data (% staked, avg tax rate)
 - **Optimizer upgrades**: UUPS proxy, admin-only `_authorizeUpgrade()`
 - **feeDestination receives both WETH and KRK fees**: during `recenter()`, Uniswap V3 fee collection produces both tokens. WETH fees AND KRK fees are forwarded to `feeDestination` (see `LiquidityManager._scrapePositions()`).
 - **feeDestination is a conditional-lock (not set-once)**: `setFeeDestination()` (deployer-only) allows repeated changes while the destination is an EOA, enabling staged deployment and testing. The moment a contract address is set, `feeDestinationLocked` is set to `true` and no further changes are allowed. A CREATE2 guard also blocks re-assignment if the current destination has since acquired bytecode. This differs from Kraiken's `liquidityManager`/`stakingPool` which are strictly set-once.
 - **feeDestination KRK excluded from outstanding supply**: `_getOutstandingSupply()` subtracts `kraiken.balanceOf(feeDestination)` before computing scarcity, because protocol-held KRK cannot be sold into the floor and should not inflate the supply count. This subtraction only occurs when `feeDestination != address(0) && feeDestination != address(this)` (see `LiquidityManager.sol:324`); when feeDestination is unset or is LM itself the balance is not subtracted.
 - **Staking pool KRK excluded from outstanding supply**: `_getOutstandingSupply()` also subtracts `kraiken.balanceOf(stakingPoolAddr)`, because staked KRK is locked and similarly cannot be sold into the floor. This subtraction only occurs when `stakingPoolAddr != address(0)` (see `LiquidityManager._getOutstandingSupply()`); when the staking pool is unset the balance is not subtracted.
 ## Three-Position Strategy
 All managed by LiquidityManager via ThreePositionStrategy abstract:
 | Position | Purpose | Behavior |
 |----------|---------|----------|
 | **Floor** | Safety net | Deep liquidity at VWAP-adjusted prices |
 | **Anchor** | Price discovery | Near current price, width set by Optimizer |
 | **Discovery** | Fee capture | Borders anchor, ~3x price range (11000 tick spacing) |
 **Recenter** = atomic repositioning of all three positions. Triggered by anyone, automated by txnBot.
 **Recenter constraints** (enforced on-chain):
 - **60-second cooldown**: `MIN_RECENTER_INTERVAL = 60` (`LiquidityManager.sol:61`). A second recenter cannot succeed until at least 60 seconds have elapsed since the last one.
 - **300-second TWAP window**: `PRICE_STABILITY_INTERVAL = 300` (`PriceOracle.sol:14`). `recenter()` validates the current tick against a 5-minute TWAP average (±`MAX_TICK_DEVIATION = 50` ticks). The pool must have at least 300 seconds of observation history; a fallback to a 60 000-second window is used if recent data are unavailable.
 ## Optimizer Parameters
 `getLiquidityParams()` returns 4 values:
 1. `capitalInefficiency` (0 to 1e18) — capital buffer level
 2. `anchorShare` (0 to 1e18) — % allocated to anchor position
 3. `anchorWidth` (ticks) — width of anchor position
 4. `discoveryDepth` (0 to 1e18) — depth of discovery position
 Sentiment calculation: `sentiment = f(averageTaxRate, percentageStaked)`
 - High sentiment (bull) → wider discovery, more fee revenue for protocol treasury
 - Holder value comes from asymmetric slippage (structural ETH accumulation), NOT from fee reinvestment
 - Low sentiment (bear) → tight around floor, maximum protection
 ## Push3 Seed Pool
 The evolutionary optimizer runs from `tools/push3-evolution/`. Active seeds are tracked in `tools/push3-evolution/seeds/manifest.jsonl` — one JSON object per line (JSONL format).
 ### `manifest.jsonl` field reference
 | Field | Type | Required | Description |
 |-------|------|----------|-------------|
 | `file` | string | ✓ | Filename relative to `seeds/` (e.g. `optimizer_v3.push3`) |
 | `origin` | `"hand-written"` \| `"evolved"` \| `"llm"` | ✓ | How the seed was produced |
 | `date` | string (`YYYY-MM-DD`) | ✓ | ISO 8601 date the entry was added to the manifest |
 | `fitness` | integer \| null | — | Raw fitness score (wei-scale integer). `null` when the seed has not yet been evaluated or the score has been invalidated |
 | `fitness_flags` | string \| null | — | Comma-separated flags that qualify or invalidate the fitness value (e.g. `token_value_inflation,processExecIf_fix`). `null` when no flags apply |
 | `run` | string \| null | — | Zero-padded run identifier from which the seed was admitted (e.g. `"007"`). `null` for `hand-written` and `llm` seeds |
 | `generation` | integer \| null | — | Generation index within the run at which this candidate was produced. `null` for `hand-written` and `llm` seeds |
 | `note` | string \| null | — | Human-readable description of the seed strategy or noteworthy behaviour |
 The full machine-readable definition is in `tools/push3-evolution/seeds/manifest.schema.json` (JSON Schema draft 2020-12). `additionalProperties` is `false` — unknown fields are rejected. Only `file`, `origin`, and `date` are required; all other fields are optional but must match the types above when present.
 ## Stack
 ### On-chain
 - Solidity, Foundry toolchain
 - Uniswap V3 for liquidity positions
 - OpenZeppelin for UUPS proxy, Initializable
 - Base L2 (deployment target)
 ### Indexer
 - **Ponder** (`services/ponder/`) — indexes on-chain events
 - Schema: `services/ponder/ponder.schema.ts`
 - Stats table with 168-slot ring buffer (7d × 24h × 4 segments)
 - Ring buffer segments: [ethReserve, minted, burned, tax] (slot 3 being changed to holderCount)
 - GraphQL API at port 42069
 ### Landing Page
 - Vue 3 + Vite (`landing/`)
 - `@wagmi/vue` for wallet connection (WalletButton, WalletCard)
 - `@tanstack/vue-query` — required peer dep for `@wagmi/vue`; provides TanStack Query context for Wagmi's reactive hooks
 - `@harb/web3` shared composables (`useAccount`, `useConnect`, `useDisconnect`, `useTokenBalance`)
 - Three variants: HomeView (default), HomeViewOffensive (degens), HomeViewMixed
 - Docs section: HowItWorks, Tokenomics, Staking, LiquidityManagement, AIAgent, FAQ
 - LiveStats component polls Ponder GraphQL every 30s
 ### Staking Web App
 - Vue 3 (`web-app/`)
 - Password-protected (multiple passwords in LoginView.vue)
 - ProtocolStatsCard shows real-time protocol metrics
 ### Infrastructure
 - Docker Compose on 8GB VPS
 - Woodpecker CI at ci.niovi.voyage
 - Codeberg repo: johba/harb (private)
 - Container registry: registry.niovi.voyage
 ## Directory Map
 ```
 harb/
 ├── onchain/           # Solidity contracts + Foundry
 │   ├── src/           # Contract source
 │   ├── test/          # Forge tests
 │   └── foundry.toml   # via_ir = true required
 ├── services/
 │   ├── ponder/        # Indexer service
 │   │   ├── ponder.schema.ts
 │   │   ├── src/
 │   │   │   ├── helpers/stats.ts  # Ring buffer logic
 │   │   │   ├── lm.ts             # LiquidityManager indexing
 │   │   │   └── stake.ts          # Stake indexing
 │   └── txnBot/        # Automation bot: calls recenter() and payTax() on profitable opportunities
 ├── landing/           # Landing page (Vue 3)
 │   ├── src/
 │   │   ├── components/  # LiveStats, KFooter, WalletCard, etc.
 │   │   ├── views/       # HomeView variants, docs pages
 │   │   └── router/
 ├── web-app/           # Staking app (Vue 3)
 │   ├── src/
 │   │   ├── components/  # ProtocolStatsCard, etc.
 │   │   └── views/       # LoginView, StakeView, etc.
 ├── kraiken-lib/       # Shared TypeScript helpers (bigint math, ABIs, encoding) for frontend and indexer
 │   └── src/           # abis, format, ids, position, snatch, staking, subgraph, taxRates, version
 ├── containers/        # Docker configs, entrypoints
 ├── tools/             # Developer utilities
 │   ├── push3-transpiler/  # Compiles Push3 programs to Solidity Optimizer
 │   ├── push3-evolution/   # Evolutionary optimizer: fitness, mutation, crossover, seed generation
 │   └── deploy-optimizer.sh  # Script to deploy a new Optimizer version
 ├── docs/              # This file, PRODUCT-TRUTH.md
 └── .woodpecker/       # CI pipeline configs
 ```
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@ -0,0 +1,219 @@
 # ENVIRONMENT.md — Local Dev Stack
 How to start, stop, and verify the harb development environment.
 ## Stack Overview
 Docker Compose services (in startup order):
 | Service | Purpose | Port | Health Check |
 |---------|---------|------|-------------|
 | **anvil** | Local Ethereum fork (Base Sepolia by default; override with `FORK_URL`) | 8545 | JSON-RPC response |
 | **postgres** | Ponder database | 5432 | pg_isready |
 | **bootstrap** | Deploys contracts to anvil | — | One-shot, exits 0 |
 | **ponder** | On-chain indexer + GraphQL API | 42069 | HTTP /ready or GraphQL |
 | **landing** | Landing page (Vue 3 + Vite) | 5174 | HTTP response |
 | **webapp** | Staking app (Vue 3) | 5173 | HTTP response |
 | **txn-bot** | Automated `recenter()` and `payTax()` upkeep ([services/txnBot/](../services/txnBot/)) | 43069 | Process alive |
 | **caddy** | Reverse proxy / TLS | 80/443 | — |
 | **umami** | Self-hosted analytics (Umami) | 3000 | HTTP /api/heartbeat |
 | **otterscan** | Block explorer | 5100 | — |
 ## txnBot Service
 `services/txnBot/` is the automation service responsible for keeping the protocol healthy:
 - **`recenter()` monitoring** — polls Ponder GraphQL metrics and submits `recenter()` transactions to the LiquidityManager when price drift requires repositioning.
 - **`payTax()` tracking** — monitors staking positions for overdue taxes and calls `payTax()` when it is profitable to do so.
 - **Status endpoint** — exposes `GET /status` (port 43069) for operational health checks.
 txnBot starts in the third phase of the dev stack (after ponder) alongside webapp and landing. See [services/txnBot/AGENTS.md](../services/txnBot/AGENTS.md) for configuration, safety checklist, and debugging guidance.
 ## Network Contexts
 Two network contexts are relevant: the dev-stack Anvil (docker-compose) and the backtesting tools that require Base mainnet.
 ### Dev stack Anvil (docker-compose)
 The `anvil` service in `docker-compose.yml` runs `containers/anvil-entrypoint.sh`, which forks:
 ```
 ${FORK_URL:-https://sepolia.base.org}
 ```
 **Default: Base Sepolia.** The `bootstrap` service deploys all KRAIKEN protocol contracts (Kraiken, Stake, Optimizer, LiquidityManager) and creates a new KRK/WETH pool using the existing Uniswap V3 Factory already present on the forked network. Addresses are written to `tmp/containers/contracts.env`.
 To fork Base mainnet instead (required for red-team / backtesting — see below):
 ```bash
 FORK_URL=https://mainnet.base.org docker compose up -d
 ```
 ### Backtesting / red-team (`scripts/harb-evaluator/red-team.sh`)
 `red-team.sh` boots the docker-compose stack and then calls protocol operations using **Base mainnet** addresses for the Uniswap V3 periphery (V3_FACTORY, SwapRouter02, NonfungiblePositionManager). These addresses are only valid on a mainnet fork.
 `red-team.sh` calls `sudo docker compose up -d` internally. The script uses `sudo -E` so that `FORK_URL` is preserved across the sudo boundary:
 ```bash
 FORK_URL=https://mainnet.base.org bash scripts/harb-evaluator/red-team.sh
 ```
 ### FitnessEvaluator (`onchain/test/FitnessEvaluator.t.sol`)
 `FitnessEvaluator.t.sol` does **not** use Anvil. It uses Foundry's native revm backend (`vm.createSelectFork`) to fork Base mainnet in-process — no docker-compose dependency:
 ```bash
 BASE_RPC_URL=https://mainnet.base.org \
 FITNESS_MANIFEST_DIR=/tmp/manifest \
 forge test --match-contract FitnessEvaluator --match-test testBatchEvaluate -vv
 ```
 ## Quick Start
 ```bash
 cd /home/debian/harb
 # Start everything
 docker compose up -d
 # Wait for bootstrap (deploys contracts, ~60-90s)
 docker compose logs -f bootstrap
 # Check all healthy
 docker compose ps
 ```
 ## Verify Stack Health
 ```bash
 # Anvil (local chain)
 curl -s http://localhost:8545 -X POST -H 'Content-Type: application/json' \
  -d '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":1}' | jq .result
 # Ponder (indexer + GraphQL)
 curl -s http://localhost:42069/graphql -X POST \
  -H 'Content-Type: application/json' \
  -d '{"query":"{ stats { id } }"}' | jq .
 # Landing page
 curl -sf http://localhost:5174 | head -5
 # Staking app
 curl -sf http://localhost:5173 | head -5
 ```
 ## Container Network
 Services communicate on `harb-network` Docker bridge.
 Internal hostnames match service names (e.g., `ponder:42069`).
 Landing page container IP (for Playwright testing): check with
 ```bash
 docker inspect landing --format '{{.NetworkSettings.Networks.harb_harb-network.IPAddress}}'
 ```
 ## Common URLs (for testing/review)
 - **Landing:** `http://172.18.0.6:5174` (container IP) or `http://localhost:5174`
 - **Staking app:** `http://localhost:5173/app/`
 - **Ponder GraphQL:** `http://localhost:42069/graphql`
 - **Anvil RPC:** `http://localhost:8545`
 - **txnBot status:** `http://localhost:43069/status`
 - **Umami analytics:** `http://localhost:3000` (default login: `admin` / `umami`)
 ## Resource Notes
 - 8GB VPS — running full stack uses ~4-5GB RAM
 - npm install inside containers can OOM with all services running
 - Landing container takes ~2min to restart (npm install + vite startup)
 - 4GB swap is essential for CI + stack concurrency
 ## Staking App Passwords
 For testing login: `lobsterDao`, `test123`, `lobster-x010syqe?412!`
 (defined in `web-app/src/views/LoginView.vue`)
 ## Webapp Environment Variables
 | Variable | Default | Set in docker-compose | Purpose |
 |---|---|---|---|
 | `VITE_ENABLE_LOCAL_SWAP` | `false` (unset) | `true` | Show inline ETH→$KRK swap widget on Get KRK page instead of the Uniswap link. Enable for local dev; leave unset for production builds. |
 | `VITE_KRAIKEN_ADDRESS` | from `deployments-local.json` | via `contracts.env` + entrypoint | Override KRK token address. |
 | `VITE_STAKE_ADDRESS` | from `deployments-local.json` | via `contracts.env` + entrypoint | Override Stake contract address. |
 | `VITE_DEFAULT_CHAIN_ID` | auto-detected (31337 on localhost) | — | Force the default chain. |
 | `VITE_UMAMI_URL` | unset | via env | Full URL to Umami `script.js` (e.g. `https://analytics.kraiken.org/script.js`). Omit to disable analytics. |
 | `VITE_UMAMI_WEBSITE_ID` | unset | via env | Umami website ID (UUID). Required alongside `VITE_UMAMI_URL`. |
 ## Analytics (Umami)
 Self-hosted [Umami](https://umami.is/) provides privacy-respecting funnel analytics with no third-party tracking. The `umami` Docker service shares the `postgres` instance (separate `umami` database created by `containers/init-umami-db.sh`).
 ### Setup
 1. Start the stack — Umami comes up automatically.
 2. Open `http://localhost:3000` and log in (default: `admin` / `umami`). Change the password on first login.
 3. Add a website in Umami and copy the **Website ID** (UUID).
 4. Set the env vars before starting landing/webapp:
   ```bash
   export VITE_UMAMI_URL=http://localhost:3000/script.js
   export VITE_UMAMI_WEBSITE_ID=<your-website-id>
   ```
   For staging/production behind Caddy, use the `/analytics/script.js` path instead.
 ### Tracked funnel events
 | Event | App | Trigger |
 |-------|-----|---------|
 | `cta_click` | landing | User clicks a CTA button (label in event data) |
 | `wallet_connect` | web-app | Wallet connected for the first time |
 | `swap_initiated` | web-app | User submits a buy or sell swap (direction in event data) |
 | `stake_created` | web-app | Stake position successfully created |
 Page views are tracked automatically by the Umami script on every route change.
 ### Production deployment
 On `harb-staging`, set `VITE_UMAMI_URL` and `VITE_UMAMI_WEBSITE_ID` in the environment and configure `UMAMI_APP_SECRET` to a strong random value. The Caddy route `/analytics*` proxies to the Umami container.
 ## Contract Addresses
 After bootstrap, addresses are written to `/home/debian/harb/tmp/containers/contracts.env` with the following variable names (no `VITE_` prefix):
 ```
 LIQUIDITY_MANAGER=0x...
 KRAIKEN=0x...
 STAKE=0x...
 ```
 The entrypoint scripts read this file and re-export the addresses with `VITE_` prefixes for Vite builds:
 - `containers/landing-entrypoint.sh` exports `VITE_KRAIKEN_ADDRESS` and `VITE_STAKE_ADDRESS`
 - `containers/webapp-entrypoint.sh` exports `VITE_KRAIKEN_ADDRESS` and `VITE_STAKE_ADDRESS`
 ## E2E Test Environment Variables
 The Playwright test setup (`tests/setup/stack.ts`) reads stack coordinates from env vars, falling back to `onchain/deployments-local.json` when they are absent.
 | Variable | Purpose |
 |---|---|
 | `STACK_RPC_URL` | RPC endpoint (default: `http://localhost:8081/api/rpc`) |
 | `STACK_WEBAPP_URL` | Web app base URL (default: `http://localhost:8081`) |
 | `STACK_GRAPHQL_URL` | GraphQL endpoint (default: `http://localhost:8081/api/graphql`) |
 | `STACK_KRAIKEN_ADDRESS` | Kraiken contract address (overrides deployments-local.json) |
 | `STACK_STAKE_ADDRESS` | Stake contract address (overrides deployments-local.json) |
 | `STACK_LM_ADDRESS` | LiquidityManager contract address (overrides deployments-local.json) |
 | `STACK_OPTIMIZER_PROXY_ADDRESS` | OptimizerProxy address (optional; enables optimizer integration tests) |
 When all three of `STACK_KRAIKEN_ADDRESS`, `STACK_STAKE_ADDRESS`, and `STACK_LM_ADDRESS` are set, the deployments file is not read at all, which allows tests to run in containerised environments that have no local checkout.
 ## Playwright Testing
 ```bash
 # Chromium path
 /home/debian/.cache/ms-playwright/chromium-1209/chrome-linux64/chrome
 # Run against landing (block fonts for speed)
 NODE_PATH=$(npm root -g) node test-script.cjs
 ```
 See `tmp/user-test-r4.cjs` for the most recent test script pattern.
--- a/docs/PRODUCT-TRUTH.md
+++ b/docs/PRODUCT-TRUTH.md
@ -0,0 +1,134 @@
 # PRODUCT-TRUTH.md — What We Can and Cannot Claim
 This file is the source of truth for all product messaging, docs, and marketing.
 If a claim isn't here or contradicts what's here, it's wrong. Update this file
 when the protocol changes — not the marketing copy.
 **Last updated:** 2026-02-22
 **Updated by:** Johann + Clawy after user test review session
 ---
 ## Target Audience
 - **Crypto natives** who know DeFi but don't know KrAIken
 - NOT beginners. NOT "new to DeFi" users.
 - Think: people who've used Uniswap, understand liquidity, know what a floor price means
 ## The Floor
 ✅ **Can say:**
 - Every KRK token has a minimum redemption price backed by real ETH
 - The floor is enforced by immutable smart contracts
 - The floor is backed by actual ETH reserves, not promises
 - No rug pulls — liquidity is locked in contracts
 - "Programmatic guarantee" (borrowed from Baseline — accurate for us too)
 ❌ **Cannot say:**
 - "The floor can never decrease" — **FALSE.** Selling withdraws ETH from reserves. The floor CAN decrease.
 - "Guaranteed profit" or "risk-free" — staking is leveraged exposure, it has real downside
 - "Floor always goes up" — **FALSE.** The floor rises from asymmetric slippage during balanced trading, but heavy sell pressure CAN push it down. Fees do NOT feed back to the floor (they go to protocol treasury).
 ## The Optimizer
 ✅ **Can say:**
 - Reads staker sentiment (% staked, average tax rate) to calculate parameters
 - Returns 4 parameters: capitalInefficiency, anchorShare, anchorWidth, discoveryDepth
 - Runs autonomously on-chain — no human triggers needed for parameter reads
 - Is a UUPS upgradeable proxy — can be upgraded to new versions
 - Currently admin-upgradeable (single admin key set at initialization)
 - Multiple versions exist: Optimizer, OptimizerV2, OptimizerV3, OptimizerV3Push3
 - "The optimizer evolves" — true in the sense that new versions get deployed
 ❌ **Cannot say:**
 - "No admin keys" — **FALSE.** UUPS upgrade requires admin. Admin key exists.
 - "No proxy patterns" — **FALSE.** It IS a UUPS proxy.
 - "Stakers vote for new optimizers" — **NOT YET.** This is roadmap, not current state.
 - "Simply evolves" / "evolves without upgrades" — misleading. It's an explicit upgrade via proxy.
 - "Three strategies" — **FALSE.** It's ONE strategy with THREE positions (Floor, Anchor, Discovery).
 - "AI learns from the market" — overstated. The optimizer reads staking sentiment, not market data directly.
 🔮 **Roadmap (can say "planned" / "coming"):**
 - Staker governance for optimizer upgrades (vote with stake weight)
 - On-chain training data → new optimizer contracts via Push3 transpiler
 - Remove admin key in favor of staker voting
 - Adversarial backtesting: replay red-team attack sequences against optimizer candidates (#536)
 - Push3 optimizer evolution: mutate, score against attacks, select survivors (#537)
 - Unified Push3 → deploy pipeline: transpile, compile, UUPS upgrade in one command (#538)
 ## Fee Destination
 ✅ **Can say:**
 - Trading fees are collected by the LiquidityManager during recenters
 - Fees are sent to `feeDestination` (protocol treasury / founders)
 - Fee revenue is the protocol's business model
 - **Both WETH and KRK fees** from Uniswap V3 positions are forwarded to `feeDestination` — not just ETH/WETH
 - KRK held at `feeDestination` is excluded from the outstanding supply calculation *only when* `feeDestination != address(0) && feeDestination != address(this)` — because protocol-held KRK cannot be sold into the floor and should not inflate the scarcity metric
 - KRK held in the staking pool is also excluded from the outstanding supply calculation *only when* `stakingPoolAddr != address(0)` — staked KRK is locked and cannot be sold into the floor
 ❌ **Cannot say:**
 - "Fees grow your KRK value" — **FALSE.** Fees go to treasury, not back to holders.
 - "Auto-compounding" — **FALSE.** Nothing is reinvested for holders.
 - "Fee accumulation benefits holders" — **FALSE.** Holders benefit from asymmetric slippage, not fees.
 ⚠️ **What actually grows holder value:**
 The three-position structure creates **asymmetric slippage** — buys push the price up more than sells push it down. With balanced trading activity, ETH accumulates in the system structurally, raising the effective price of KRK over time. This is a property of the liquidity layout, not fee reinvestment.
 ## Liquidity Positions
 ✅ **Can say:**
 - Three positions: Floor, Anchor, Discovery
 - Floor: deep liquidity at VWAP-adjusted prices (safety net)
 - Anchor: near current price, fast price discovery (width set by Optimizer)
 - Discovery: borders anchor, wide range (~3x current price)
 - The optimizer adjusts position parameters based on sentiment
 - "Recenter" = atomic repositioning of all liquidity in one transaction
 - Anyone can trigger a recenter; the protocol bot does it automatically
 - Recenter has a **60-second cooldown** (`MIN_RECENTER_INTERVAL = 60` in `LiquidityManager.sol`) — successive recenters are rate-limited on-chain
 - Recenter requires **300 seconds of TWAP oracle history** (`PRICE_STABILITY_INTERVAL = 300` in `PriceOracle.sol`) and validates the current tick is within ±50 ticks of the 5-minute average before proceeding
 - The three positions together create asymmetric slippage — buys have more price impact upward than sells have downward
 - With normal trading activity, this structural asymmetry accumulates ETH, raising the floor over time
 ❌ **Cannot say:**
 - "Three trading strategies" — it's three positions in ONE strategy
 - "Token-owned liquidity" — ⚠️ USE CAREFULLY. KRK doesn't "own" anything in the legal/contract sense. The LiquidityManager manages positions. Acceptable as metaphor in marketing, not in technical docs.
 - "Captures fees for holders" — fees go to feeDestination, not holders. The positions capture fees for the PROTOCOL.
 ## Staking
 ✅ **Can say:**
 - Staking = leveraged directional exposure
 - Stakers set tax rates; positions can be "snatched" by others willing to pay higher tax
 - Tax rates influence optimizer sentiment → bull/bear positioning
 - "Stakers profit when the community grows" (via supply expansion + leverage)
 - Staking is optional — most holders just hold
 ❌ **Cannot say:**
 - "Start Earning" / "Earn yield" / "APY" — staking is NOT yield farming
 - "Guaranteed returns" — leveraged positions amplify losses too
 - "Passive income" — tax payments are a cost, not income
 ## Supply Mechanics
 ✅ **Can say:**
 - Elastic supply: buy = mint, sell = burn
 - Protocol controls minting exclusively through LiquidityManager
 - LiquidityManager address is set once on Kraiken contract and cannot be changed
 ## Code / Open Source
 ✅ **Can say:**
 - Smart contracts are verifiable on Basescan
 - Key contracts are viewable on the docs/code page
 - "Full source will be published at mainnet launch" (if that's the plan)
 ❌ **Cannot say:**
 - "Open source" — the Codeberg repo is **private**. This is currently false.
 - "Audited" — unless an audit has been completed
 ## General Rules
 1. When in doubt, understate. "The floor is backed by ETH" > "The floor guarantees you'll never lose money"
 2. Separate current state from roadmap. Always.
 3. Technical docs: be precise. Marketing: metaphors OK but never contradict technical reality.
 4. If you're not sure a claim is true, check this file. If it's not here, verify against contract source before writing it.
--- a/docs/README.md
+++ b/docs/README.md
@ -0,0 +1,28 @@
 # KrAIken (Harb)
 **A token system where your tokens earn for you — backed by real ETH, governed by transparent on-chain rules.**
 ## What is it?
 KRK is a token on Base (Ethereum L2). When you hold KRK tokens, they're backed by ETH in a trading vault — there's a built-in minimum value your tokens can't drop below.
 You can **stake** your tokens to earn a share of every trade. The longer you stake, the more you accumulate. But there's a twist: someone else can **challenge** your position by committing to a higher earning rate. If that happens, you get compensated at market value — you never lose money, you just get bought out.
 The system adjusts itself automatically based on how people are staking. No manual intervention, no hidden operators. Everything is on-chain and verifiable.
 ## Quick Links
 - [How It Works](./how-it-works.md) — The mechanics explained simply
 - [Getting Started](./getting-started.md) — Buy, stake, earn in 5 minutes
 - [Technical Deep Dive](./technical/) — Architecture, contracts, development
 ## Key Numbers
 - **20,000 staking positions** available (20% of total supply)
 - **30 earning rate tiers** from 1% to 97% yearly
 - **3-day minimum hold** before a position can be challenged
 - **ETH-backed floor price** — your tokens always have a minimum value
 ## Is it safe?
 The contracts are **not yet audited**. The code is [open source](https://codeberg.org/johba/harb) and deployed on Base. Use at your own risk, and never invest more than you can afford to lose.
--- a/docs/UX-DECISIONS.md
+++ b/docs/UX-DECISIONS.md
@ -0,0 +1,89 @@
 # UX-DECISIONS.md — Design & Messaging Decisions
 Living record of UX/messaging decisions. Agents must follow these.
 Updated after each review session.
 **Last updated:** 2026-02-22
 ---
 ## Audience
 - **Primary:** Crypto natives who understand DeFi but don't know KrAIken
 - **Not targeting:** Beginners, "new to DeFi" users
 - No ELI5 content on the landing page
 - Beginners can find their way through the docs if curious
 ## Landing Page Variants
 | Variant | File | Target | Tone |
 |---------|------|--------|------|
 | Default | `HomeView.vue` | General crypto users | Clean, professional |
 | Offensive | `HomeViewOffensive.vue` | Degens, technical users | Aggressive, direct |
 | Mixed | `HomeViewMixed.vue` | Blend | Balanced |
 **Offensive is strongest** for crypto natives. Default wins for broader appeal.
 ## Messaging Rules
 ### Do Say
 - "Stake & Grow" (not "Start Earning")
 - "Floor guaranteed" (the mechanism exists, even if floor can decrease)
 - "Token-owned liquidity" (metaphor, acceptable in marketing)
 - "No admin keys" ONLY when staker governance is implemented
 - "How It Works →" as equal-weight CTA alongside "Get $KRK"
 ### Staking Visibility
 - **Staking is NOT mentioned on the landing page.** The staking app is password-protected for a reason — it's for insiders, not casual visitors.
 - Landing page sells the token and protocol. The CTA is "Get $KRK", not "Stake".
 - No staking mechanics, staking CTAs, or staking explainers on any HomeView variant.
 - Visitors discover staking through the community, not through the landing page.
 ### Don't Say
 - "Start Earning" / "Earn yield" / "APY" — staking isn't yield
 - "Stake" / "Stake & Grow" / "Staking" on the landing page — see above
 - "You just hold and win" — too promissory (changed to "You just hold.")
 - "Open source" — repo is private
 - "Three strategies" — three positions, one strategy
 - Raw holder count when it's low (show growth % instead)
 ### Staking Value Prop
 The one-liner: **"Stake → invite friends → supply grows → you profit with leverage."**
 Staking is leveraged directional exposure that pays off when the community grows.
 It is NOT passive income. It is NOT yield farming.
 ## Display Rules
 ### Numbers
 - Show **USD as primary** for all ETH amounts (people can't relate to 0.0000029 ETH)
 - Keep ETH as secondary/tooltip for crypto natives
 - Use CoinGecko API for ETH/USD, cache 5 min
 - Format: ≥$1000 → "$25.4k", ≥$1 → "$2.50", <$1 → "$0.007"
 - Never use `toFixed(4)` on tiny ETH values — use dynamic precision
 ### Stats
 - Show growth trends (sparklines, ↑X%) not raw counts
 - Multiple mini-sparklines per stat card, not a single health graph
 - 7 days or since launch (whichever shorter) for historical data
 - Ring buffer only — no unbounded snapshot tables (disk growth concern)
 - Live indicator (green dot + "Updated Xs ago") for freshness
 ### Contract Addresses
 - Show in footer with copy buttons
 - Link to Basescan for verification
 ## Docs
 - "How It Works" should be equal-weight navigation item, not buried
 - Recenter explainer: keep it to 3 bullets (atomic, sentiment-driven, bull/bear)
 - No Baseline comparison table — borrow their language, don't name-drop them
 - Code page (`/docs/code`) for contract source viewing instead of Codeberg link
 ## Tone
 - Sharp, direct, no fluff
 - Technical confidence without overclaiming
 - "We" when referring to the protocol community
 - Never condescending
 - Dark theme, minimal decoration
--- a/docs/ci-pipeline.md
+++ b/docs/ci-pipeline.md
@ -0,0 +1,73 @@
 # Woodpecker CI
 ## Infrastructure
 - **Server**: Woodpecker 3.10.0 runs as a **systemd service** (`woodpecker-server.service`), NOT a Docker container. Binary at `/usr/local/bin/woodpecker-server`.
 - **Host**: `https://ci.niovi.voyage` (port 8000 locally at `http://127.0.0.1:8000`)
 - **Forge**: Codeberg (Gitea-compatible) — repo `johba/harb`, forge remote ID `800173`
 - **Database**: PostgreSQL at `127.0.0.1:5432`, database `woodpecker`, user `woodpecker`
 - **Config**: `/etc/woodpecker/server.env` (contains secrets — agent secret, Gitea OAuth secret, DB credentials)
 - **CLI**: Downloaded to `/tmp/woodpecker-cli` (v3.10.0). Requires `WOODPECKER_SERVER` and `WOODPECKER_TOKEN` env vars.
 - **Logs**: `journalctl -u woodpecker-server -f` (NOT `docker logs`)
 ## Pipeline Configs
 - `.woodpecker/build-ci-images.yml` — Builds Docker CI images using unified `docker/Dockerfile.service-ci`. Triggers on **push** to `master` or `feature/ci` when files in `docker/`, `.woodpecker/`, `containers/`, `kraiken-lib/`, `onchain/`, `services/`, `web-app/`, or `landing/` change.
 - `.woodpecker/e2e.yml` — Runs Playwright E2E tests. Bootstrap step sources `scripts/bootstrap-common.sh` for shared deploy/seed logic. Health checks use `scripts/wait-for-service.sh`. Triggers on **pull_request** to `master`.
 - Pipeline numbering: even = build-ci-images (push events), odd = E2E (pull_request events). This is not guaranteed but was the observed pattern.
 ## Monitoring Pipelines via DB
 Since the Woodpecker API requires authentication (tokens are cached in server memory; DB-only token changes don't work without a server restart), monitor pipelines directly via PostgreSQL:
 ```bash
 # Latest pipelines
 PGPASSWORD='<db_password>' psql -h 127.0.0.1 -U woodpecker -d woodpecker -c \
  "SELECT number, status, branch, event, commit FROM pipelines
   WHERE repo_id = (SELECT id FROM repos WHERE full_name = 'johba/harb')
   ORDER BY number DESC LIMIT 5;"
 # Step details for a specific pipeline
 PGPASSWORD='<db_password>' psql -h 127.0.0.1 -U woodpecker -d woodpecker -c \
  "SELECT s.name, s.state,
    CASE WHEN s.finished > 0 AND s.started > 0 THEN (s.finished - s.started)::int::text || 's'
    ELSE '-' END as duration, s.exit_code
   FROM steps s WHERE s.pipeline_id = (
     SELECT id FROM pipelines WHERE number = <N>
     AND repo_id = (SELECT id FROM repos WHERE full_name = 'johba/harb'))
   ORDER BY s.started NULLS LAST;"
 ```
 ## Triggering Pipelines
 - **Normal flow**: Push to Codeberg → Codeberg fires webhook to `https://ci.niovi.voyage/api/hook` → Woodpecker creates pipeline.
 - **Known issue**: Codeberg webhooks can stop firing if `ci.niovi.voyage` becomes unreachable (DNS/connectivity). Check Codeberg repo settings → Webhooks to verify delivery history and re-trigger.
 - **Manual trigger via API** (requires valid token — see known issues):
  ```bash
  WOODPECKER_SERVER=http://127.0.0.1:8000 WOODPECKER_TOKEN=<token> \
    /tmp/woodpecker-cli pipeline create --branch feature/ci johba/harb
  ```
 - **API auth limitation**: The server caches user token hashes in memory. Inserting a token directly into the DB does not work without restarting the server (`sudo systemctl restart woodpecker-server`).
 ## CI Docker Images
 - `docker/Dockerfile.service-ci` — Unified parameterized Dockerfile for all service CI images (ponder, webapp, landing, txnBot). Uses `--build-arg` for service-specific configuration (SERVICE_DIR, SERVICE_PORT, ENTRYPOINT_SCRIPT, NEEDS_SYMLINKS, etc.).
  - **sync-tax-rates**: Builder stage runs `scripts/sync-tax-rates.mjs` to sync tax rates from `Stake.sol` into kraiken-lib before TypeScript compilation.
  - **Symlinks fix** (webapp only, `NEEDS_SYMLINKS=true`): Creates `/web-app`, `/kraiken-lib`, `/onchain` symlinks to work around Vite's `removeBase()` stripping `/app/` prefix from filesystem paths.
  - **CI env detection** (`CI=true`): Disables Vue DevTools plugin in `vite.config.ts` to prevent 500 errors caused by path resolution issues with `/app/` base path.
  - **HEALTHCHECK**: Configurable via build args; webapp uses `--retries=84 --interval=5s` = 420s (7 min), aligned with `wait-for-stack` step timeout.
 - **Shared entrypoints**: Each service uses a unified entrypoint script (`containers/<service>-entrypoint.sh`) that branches on `CI=true` env var for CI vs local dev paths. Common helpers in `containers/entrypoint-common.sh`.
 - **Shared bootstrap**: `scripts/bootstrap-common.sh` contains shared contract deployment, seeding, and funding functions used by both `containers/bootstrap.sh` (local dev) and `.woodpecker/e2e.yml` (CI).
 - CI images are tagged with git SHA and `latest`, pushed to a local registry.
 ## CI Agent & Registry Auth
 - **Agent**: Runs as user `ci` (uid 1001) on `harb-staging`, same host as the dev environment. Binary at `/usr/local/bin/woodpecker-agent`.
 - **Registry credentials**: The `ci` user must have Docker auth configured at `/home/ci/.docker/config.json` to pull private images from `registry.niovi.voyage`. If images fail to pull with "no basic auth credentials", fix with:
  ```bash
  sudo mkdir -p /home/ci/.docker
  sudo cp /home/debian/.docker/config.json /home/ci/.docker/config.json
  sudo chown -R ci:ci /home/ci/.docker
  sudo chmod 600 /home/ci/.docker/config.json
  ```
 - **Shared Docker daemon**: The `ci` and `debian` users share the same Docker daemon. Running `docker system prune` as `debian` removes images cached for CI pipelines. If CI image pulls fail after a prune, either fix registry auth (above) or pre-pull images as `debian`: `docker pull registry.niovi.voyage/harb/ponder-ci:latest` etc.
 ## Debugging Tips
 - If pipelines aren't being created after a push, check Codeberg webhook delivery logs first.
 - The Woodpecker server needs `sudo` to restart. Without it, you cannot: refresh API tokens, clear cached state, or recover from webhook auth issues.
 - E2E pipeline failures often come from `wait-for-stack` timing out. Check the webapp HEALTHCHECK alignment and Ponder indexing time.
 - The `web-app/vite.config.ts` `allowedHosts` array must include container hostnames (`webapp`, `caddy`) for health checks to succeed inside Docker networks.
 - **Never use `bash -lc`** in Woodpecker pipeline commands — login shell resets PATH via `/etc/profile`, losing Foundry and other tools set by Docker ENV. Use `bash -c` instead.
--- a/docs/codeberg-api.md
+++ b/docs/codeberg-api.md
@ -0,0 +1,32 @@
 # Codeberg API Access
 ## Authentication
 Codeberg API tokens are stored in `~/.netrc` (standard `curl --netrc` format, `chmod 600`):
 ```
 machine codeberg.org
 login johba
 password <api-token>
 ```
 The `password` field holds the API token — this is standard `.netrc` convention, not an actual password.
 ## Generating Tokens
 Generate tokens at `https://codeberg.org/user/settings/applications`.
 ## Usage
 Pass `--netrc` to curl for authenticated Codeberg API calls:
 ```bash
 # List issues
 curl --netrc -s https://codeberg.org/api/v1/repos/johba/harb/issues | jq '.[0].title'
 # Get a specific issue
 curl --netrc -s https://codeberg.org/api/v1/repos/johba/harb/issues/42 | jq '.title, .body'
 # List pull requests
 curl --netrc -s https://codeberg.org/api/v1/repos/johba/harb/pulls | jq '.[].title'
 ```
 ## Git vs API
 The repo uses SSH for git push/pull (`ssh://git@codeberg.org`), so `.netrc` is only used for REST API interactions (issues, PRs, releases).
 ## Webhooks
 Codeberg sends webhooks to `https://ci.niovi.voyage/api/hook` to trigger Woodpecker CI pipelines. If webhooks stop firing (e.g. DNS issues), check Codeberg repo settings → Webhooks to verify delivery history and re-trigger.
--- a/docs/dev-environment.md
+++ b/docs/dev-environment.md
@ -0,0 +1,67 @@
 # Dev Environment
 ## Prerequisites
 Docker Engine (Linux) or Colima (Mac). See `docs/docker.md` for installation.
 ## Quick Start
 ```bash
 nohup ./scripts/dev.sh start &    # start (takes ~3-6 min first time)
 tail -f nohup.out                  # watch progress
 ./scripts/dev.sh health            # verify all services healthy
 ./scripts/dev.sh stop              # stop and clean up
 ```
 Do not launch services individually — `dev.sh` enforces phased startup with health gates.
 ## Restart Modes
 - `./scripts/dev.sh restart --light` — Fast (~10-20s): only webapp + txnbot, preserves Anvil/Ponder state. Use for frontend changes.
 - `./scripts/dev.sh restart --full` — Full (~3-6min): redeploys contracts, fresh state. Use for contract changes.
 ## Environments
 Supported: `BASE_SEPOLIA_LOCAL_FORK` (default Anvil fork), `BASE_SEPOLIA`, and `BASE`. Match contract addresses and RPCs accordingly.
 ## Ports
 The stack uses these ports:
 | Port  | Service    |
 |-------|------------|
 | 8545  | Anvil      |
 | 5173  | webapp     |
 | 5174  | landing    |
 | 42069 | Ponder     |
 | 43069 | txnBot     |
 | 5100  | Otterscan  |
 | 8081  | Caddy      |
 Check with `lsof -i :<port>` if startup fails.
 ## Docker Topology
 - `docker-compose.yml` has NO `depends_on`. Service ordering is handled by `scripts/dev.sh`.
 - Startup phases: anvil+postgres → bootstrap → ponder → webapp/landing/txn-bot → caddy → smoke test.
 - Shared bootstrap: `scripts/bootstrap-common.sh` (sourced by both local dev and CI).
 - 20GB disk limit enforced. `dev.sh stop` auto-prunes. Named volumes for `node_modules`.
 - All services have log rotation (30MB max per container) and PostgreSQL WAL limits configured.
 ## kraiken-lib Build
 - Run `./scripts/build-kraiken-lib.sh` before `docker-compose up` so containers mount a fresh `kraiken-lib/dist` from the host.
 - `scripts/watch-kraiken-lib.sh` rebuilds on file changes (requires inotify-tools) and restarts dependent containers automatically.
 - The dev script runs the build automatically on `start`, but manual rebuilds are needed if you change kraiken-lib while the stack is already running.
 ## Common Pitfalls
 - **Docker disk full**: `dev.sh start` refuses to run if Docker disk usage exceeds 20GB. Fix: `./scripts/dev.sh stop` (auto-prunes) or `docker system prune -af --volumes`.
 - **Stale Ponder state**: If Ponder fails with schema errors after contract changes, delete its state: `rm -rf services/ponder/.ponder/` then `./scripts/dev.sh restart --full`.
 - **kraiken-lib out of date**: If services fail with import errors or missing exports, rebuild: `./scripts/build-kraiken-lib.sh`.
 - **Container not found errors**: `dev.sh` expects Docker Compose v2 container names (`harb-anvil-1`, hyphens not underscores). Verify with `docker compose version`.
 - **Port conflicts**: See Ports table above. Check with `lsof -i :<port>` if startup fails.
 - **npm ci failures in containers**: Named Docker volumes cache `node_modules/`. If dependencies change and installs fail, remove the volume: `docker volume rm harb_webapp_node_modules` (or similar), then restart.
 ## Handy Commands
 ```bash
 foundryup                          # update Foundry toolchain
 anvil --fork-url https://sepolia.base.org  # manual fork for diagnosing outside dev.sh
 # inspect services while stack is running
 curl http://localhost:8081/api/txn/status
 curl -X POST http://localhost:8081/api/graphql \
  -d '{"query":"{ stats(id:\"0x01\"){kraikenTotalSupply}}"}'
 cast call <POOL> "slot0()"         # inspect pool state
 PONDER_NETWORK=BASE_SEPOLIA_LOCAL_FORK npm run dev  # focused Ponder debugging (inside services/ponder/)
 ```
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@ -0,0 +1,60 @@
 # Getting Started
 ## What You Need
 1. A Web3 wallet (MetaMask, Coinbase Wallet, etc.)
 2. Some ETH on **Base** network
 3. 5 minutes
 ## Step 1: Get KRK Tokens
 1. Go to the [KrAIken app](/app/get-krk)
 2. Connect your wallet
 3. Swap ETH for KRK on Uniswap
   - Make sure you're on **Base** network
   - Use the 1% fee tier pool
 **Tip:** Start small. The protocol is unaudited — only use what you're comfortable risking.
 ## Step 2: Stake Your Tokens
 1. Go to the [Staking Dashboard](/app/stake)
 2. Connect your wallet (if not already connected)
 3. Choose how many KRK tokens to stake
   - Minimum stake is displayed in the form
 4. Pick your earning rate (tax rate)
   - Lower = cheaper to hold, but easier to challenge
   - Higher = more expensive, but harder to challenge
   - Start with a mid-range rate if you're unsure
 5. Click **Stake** and confirm the transaction
 ## Step 3: Monitor Your Position
 Once staked, you'll see your position in the **Active Positions** section:
 - Your slot count and ownership percentage
 - Current earning rate
 - Accrued tax obligation
 You can view detailed stats in your [Wallet Dashboard](/app/wallet/).
 ## Understanding the Numbers
 - **Owner Slots**: Your share of the staking pool. 1,000 slots = 1% ownership.
 - **Tax Rate**: What you pay yearly to hold your position. Paid when you unstake or manually.
 - **Floor Tax**: The minimum rate needed to challenge existing positions.
 - **Positions Buyout**: How many positions your rate would displace.
 ## Unstaking
 To exit a position:
 1. Find your position in the Active Positions list
 2. Click to expand it
 3. Choose to unstake (partially or fully)
 4. You receive your staked tokens plus any earnings, minus tax owed
 ## Tips
 - **Check the floor tax** before staking. If it's high, many positions are actively defended.
 - **Watch the ETH reserve** on the landing page — growing reserve = healthy protocol.
 - **Don't panic if challenged** — you get paid out at market value. You can always re-stake.
 - **Join the community** — [Telegram](https://t.me/kraikenportal) for questions and discussion.
--- a/docs/how-it-works.md
+++ b/docs/how-it-works.md
@ -0,0 +1,62 @@
 # How It Works
 ## The Basics
 KRK tokens trade on Uniswap (Base network). Behind the scenes, a **trading vault** holds ETH that backs every KRK token. This creates a **floor price** — the absolute minimum value your tokens are worth.
 ## Earning by Staking
 When you stake KRK tokens, you claim **owner slots** — a percentage of the protocol's staking pool. Every time someone buys KRK on the open market, new tokens are minted, and stakers get a proportional share. The more slots you hold, the more you earn.
 ### Choosing Your Rate
 When you stake, you pick an **earning rate** (called a "tax rate" in the contracts). This is the yearly cost of holding your position:
 | Rate Level | Yearly Cost | Trade-off |
 |-----------|------------|-----------|
 | Low (1-5%) | Cheap to hold | Easy for others to challenge |
 | Medium (12-30%) | Moderate cost | Balanced protection |
 | High (50%+) | Expensive to hold | Very hard to challenge |
 **The key insight:** Your earning rate is also your protection level. A higher rate costs more, but makes it harder for anyone to take your position.
 ## Challenges (Snatching)
 If someone wants your staking slots and is willing to pay a higher rate than you, they can **challenge** (snatch) your position:
 1. The challenger stakes at a higher rate
 2. Your position is automatically closed
 3. You receive the **full market value** of your staked tokens — including any earnings
 4. The challenger takes over your slots
 **You never lose money in a challenge.** You get compensated at current market value. You just stop earning from those slots.
 ## The Trading Vault
 The Liquidity Manager automatically manages the ETH/KRK trading pool:
 - When staking activity is high (bullish signal), it concentrates liquidity for better trading
 - When activity drops, it spreads liquidity wider for stability
 - It tracks a **volume-weighted average price (VWAP)** to set the range
 This happens automatically — no human decisions, no hidden operators. The rules are in the smart contract.
 ## Floor Price
 Every KRK token is backed by ETH in the vault. The **floor price** is calculated as:
 ```
 floor = ETH in vault ÷ total KRK supply
 ```
 Your tokens can never be worth less than the floor. When someone buys KRK, more ETH enters the vault. When someone sells, ETH leaves. The system maintains balance.
 ## Summary
 1. **Buy KRK** on Uniswap (Base)
 2. **Stake** to earn from every trade
 3. **Choose your rate** — higher = more protection, higher cost
 4. **Earn passively** as the protocol generates trading activity
 5. If challenged, you get **paid out at market value**
 → [Getting Started Guide](./getting-started.md)
--- a/docs/mainnet-bootstrap.md
+++ b/docs/mainnet-bootstrap.md
@ -0,0 +1,325 @@
 # Mainnet VWAP Bootstrap Runbook
 **Target chain:** Base (chain ID 8453)
 ## Why a manual process?
 The VWAP bootstrap cannot be completed in a single Forge script execution. Two hard time-based delays imposed by the contracts make this impossible:
 1. **300 s TWAP warm-up** — `recenter()` reads the Uniswap V3 TWAP oracle and reverts with `"price deviated from oracle"` if the pool has fewer than 300 seconds of observation history. A pool created within the same broadcast has zero history.
 2. **60 s recenter cooldown** — `recenter()` enforces a per-call cooldown (`lastRecenterTime + 60 s`). The first and second recenters cannot share a single broadcast.
 `DeployBase.sol` contains an inline bootstrap attempt that will always fail on a freshly-created pool. Follow this runbook instead.
 ---
 ## Prerequisites
 ```bash
 # Required environment variables — set before starting
 export BASE_RPC="https://mainnet.base.org"          # or your preferred Base RPC
 export DEPLOYER_KEY="0x<your-private-key>"
 export BASESCAN_API_KEY="<your-api-key>"
 # Populated after Step 1 (deploy)
 export LM_ADDRESS=""       # LiquidityManager proxy address
 export KRAIKEN=""          # Kraiken token address
 export POOL=""             # Uniswap V3 pool address
 # Protocol constants (Base mainnet)
 export WETH="0x4200000000000000000000000000000000000006"
 export SWAP_ROUTER="0x2626664c2603336E57B271c5C0b26F421741e481"   # Uniswap V3 SwapRouter02
 export DEPLOYER_ADDRESS="$(cast wallet address --private-key $DEPLOYER_KEY)"
 # Minimum ETH required in deployer wallet:
 #   gas for deploy (~0.05 ETH) + 0.01 ETH LM seed + 0.005 ETH seed buy
 ```
 ---
 ## Step 1 — Deploy contracts (pool init)
 Run the mainnet deploy script. `DeployBase.sol` wraps the inline `recenter()` call in a try/catch, so if the pool is too fresh for the TWAP oracle the bootstrap is skipped with a warning and the deployment still succeeds. The deploy script then prints instructions directing you to complete the bootstrap manually.
 ```bash
 cd onchain
 forge script script/DeployBaseMainnet.sol \
  --rpc-url $BASE_RPC \
  --broadcast \
  --verify \
  --etherscan-api-key $BASESCAN_API_KEY \
  --slow \
  --private-key $DEPLOYER_KEY
 ```
 > **Note:** If the script still aborts during simulation (e.g., due to an older version of `DeployBase.sol` without the try/catch), see [Troubleshooting](#troubleshooting) for how to separate the deploy from the bootstrap.
 After the broadcast completes, record the addresses from the console output:
 ```bash
 export LM_ADDRESS="0x..."    # LiquidityManager address from deploy output
 export KRAIKEN="0x..."       # Kraiken address from deploy output
 export POOL="0x..."          # Uniswap V3 pool address from deploy output
 ```
 Verify the pool exists and has been initialized:
 ```bash
 cast call $POOL "slot0()" --rpc-url $BASE_RPC
 # Returns: sqrtPriceX96, tick, ...  (non-zero sqrtPriceX96 confirms initialization)
 ```
 Record the block timestamp of pool creation:
 ```bash
 export POOL_INIT_TS=$(cast block latest --rpc-url $BASE_RPC --field timestamp)
 echo "Pool initialized at Unix timestamp: $POOL_INIT_TS"
 echo "First recenter available after: $(( POOL_INIT_TS + 300 )) ($(date -d @$(( POOL_INIT_TS + 300 )) 2>/dev/null || date -r $(( POOL_INIT_TS + 300 )) 2>/dev/null))"
 ```
 ---
 ## Step 2 — Wait ≥ 300 s (TWAP warm-up)
 The Uniswap V3 TWAP oracle must accumulate at least 300 seconds of observation history before `recenter()` can succeed. Do not proceed until 300 seconds have elapsed since pool initialization.
 ```bash
 # Poll until 300 s have elapsed since pool creation
 TARGET_TS=$(( POOL_INIT_TS + 300 ))
 while true; do
  NOW=$(cast block latest --rpc-url $BASE_RPC --field timestamp)
  REMAINING=$(( TARGET_TS - NOW ))
  if [ "$REMAINING" -le 0 ]; then
    echo "TWAP warm-up complete. Proceeding to first recenter."
    break
  fi
  echo "Waiting ${REMAINING}s more for TWAP warm-up..."
  sleep 10
 done
 ```
 ---
 ## Step 3 — Fund LiquidityManager and first recenter
 Fund the LiquidityManager with the seed ETH it needs to place bootstrap positions, then call `recenter()` for the first time.
 ```bash
 # Fund LiquidityManager (0.01 ETH minimum for bootstrap positions)
 cast send $LM_ADDRESS \
  --value 0.01ether \
  --rpc-url $BASE_RPC \
  --private-key $DEPLOYER_KEY
 # Confirm balance
 cast balance $LM_ADDRESS --rpc-url $BASE_RPC
 ```
 ```bash
 # First recenter — places anchor, floor, and discovery positions
 cast send $LM_ADDRESS \
  "recenter()" \
  --rpc-url $BASE_RPC \
  --private-key $DEPLOYER_KEY
 echo "First recenter complete."
 ```
 Record the timestamp immediately after this call — the 60 s cooldown starts now:
 ```bash
 export FIRST_RECENTER_TS=$(cast block latest --rpc-url $BASE_RPC --field timestamp)
 echo "First recenter at Unix timestamp: $FIRST_RECENTER_TS"
 echo "Second recenter available after: $(( FIRST_RECENTER_TS + 60 ))"
 ```
 ---
 ## Step 4 — Seed buy (generate non-zero anchor fee)
 The VWAP bootstrap path in `recenter()` only records the price anchor when `ethFee > 0` (i.e., when the anchor position has collected a fee). Execute a small buy of KRAIKEN to generate that fee.
 ```bash
 # Step 4a — Wrap ETH to WETH
 cast send $WETH \
  "deposit()" \
  --value 0.005ether \
  --rpc-url $BASE_RPC \
  --private-key $DEPLOYER_KEY
 # Step 4b — Approve SwapRouter to spend WETH
 cast send $WETH \
  "approve(address,uint256)" $SWAP_ROUTER 5000000000000000 \
  --rpc-url $BASE_RPC \
  --private-key $DEPLOYER_KEY
 # Step 4c — Seed buy: swap 0.005 WETH → KRAIKEN via the 1 % pool
 #   SwapRouter02 exactInputSingle struct (7 fields — no deadline):
 #   tokenIn, tokenOut, fee, recipient, amountIn, amountOutMinimum, sqrtPriceLimitX96
 cast send $SWAP_ROUTER \
  "exactInputSingle((address,address,uint24,address,uint256,uint256,uint160))(uint256)" \
  "($WETH,$KRAIKEN,10000,$DEPLOYER_ADDRESS,5000000000000000,0,0)" \
  --rpc-url $BASE_RPC \
  --private-key $DEPLOYER_KEY
 echo "Seed buy complete. Anchor position has collected a fee."
 ```
 Confirm the pool executed the swap (non-zero KRK balance in deployer wallet):
 ```bash
 cast call $KRAIKEN "balanceOf(address)" $DEPLOYER_ADDRESS --rpc-url $BASE_RPC
 # Should be > 0
 ```
 ---
 ## Step 5 — Wait ≥ 60 s (recenter cooldown)
 ```bash
 TARGET_TS=$(( FIRST_RECENTER_TS + 60 ))
 while true; do
  NOW=$(cast block latest --rpc-url $BASE_RPC --field timestamp)
  REMAINING=$(( TARGET_TS - NOW ))
  if [ "$REMAINING" -le 0 ]; then
    echo "Recenter cooldown elapsed. Proceeding to second recenter."
    break
  fi
  echo "Waiting ${REMAINING}s more for recenter cooldown..."
  sleep 5
 done
 ```
 ---
 ## Step 6 — Second recenter (records VWAP anchor)
 The second `recenter()` hits the bootstrap path inside `LiquidityManager`: `cumulativeVolume == 0` and `ethFee > 0`, so it records the VWAP price anchor and sets `cumulativeVolume > 0`, permanently closing the bootstrap window.
 ```bash
 # LM_ADDRESS must already be set from Step 1.
 # BootstrapVWAPPhase2.s.sol reads the broadcaster key from the .secret
 # seed-phrase file in onchain/ (same as DeployBase.sol). Ensure that file
 # is present; the --private-key CLI flag is NOT used by this script.
 forge script script/BootstrapVWAPPhase2.s.sol \
  --tc BootstrapVWAPPhase2 \
  --rpc-url $BASE_RPC \
  --broadcast
 ```
 The script asserts `cumulativeVolume > 0` and will fail with an explicit message if the bootstrap did not succeed.
 ---
 ## Step 7 — Verify bootstrap success
 ```bash
 # cumulativeVolume must be > 0
 cast call $LM_ADDRESS "cumulativeVolume()" --rpc-url $BASE_RPC
 # Expected: non-zero value
 # VWAP should now reflect the seed buy price
 cast call $LM_ADDRESS "getVWAP()" --rpc-url $BASE_RPC 2>/dev/null || \
  echo "(getVWAP may not be a public function — check cumulativeVolume above)"
 # Three positions should be in place
 cast call $LM_ADDRESS "positions(0)" --rpc-url $BASE_RPC   # floor
 cast call $LM_ADDRESS "positions(1)" --rpc-url $BASE_RPC   # anchor
 cast call $LM_ADDRESS "positions(2)" --rpc-url $BASE_RPC   # discovery
 # LM should hold ETH / WETH for ongoing operations
 cast balance $LM_ADDRESS --rpc-url $BASE_RPC
 ```
 ---
 ## Recovery from failed mid-sequence bootstrap
 If the bootstrap fails partway through (e.g., the second `recenter()` in Step 6 reverts due to insufficient price movement / "amplitude not reached"), the LiquidityManager is left in a partially bootstrapped state:
 - **Positions deployed** — the first `recenter()` placed anchor, floor, and discovery positions
 - **`cumulativeVolume == 0`** — the VWAP anchor was never recorded
 - **`feeDestination` set** — `DeployBase.sol` sets this before any recenter attempt
 - **`recenter()` is permissionless** — no access control to revoke; anyone can call it
 ### Diagnosing the state
 ```bash
 # Check if VWAP bootstrap completed (0 = not yet bootstrapped)
 cast call $LM_ADDRESS "cumulativeVolume()(uint256)" --rpc-url $BASE_RPC
 # Check current feeDestination
 cast call $LM_ADDRESS "feeDestination()(address)" --rpc-url $BASE_RPC
 # Check if feeDestination is locked (true = cannot be changed)
 cast call $LM_ADDRESS "feeDestinationLocked()(bool)" --rpc-url $BASE_RPC
 # Check if positions exist (non-zero liquidity = positions deployed)
 cast call $LM_ADDRESS "positions(uint8)(int24,int24,uint128)" 1 --rpc-url $BASE_RPC
 ```
 ### Recovery steps
 1. **Identify the failure cause** — check the revert reason from Step 6. Common causes:
   - `"amplitude not reached."` — the seed buy did not move the price enough ticks for `recenter()` to accept the movement as significant
   - `"price deviated from oracle"` — TWAP history is still insufficient
   - `"recenter cooldown"` — 60 s has not elapsed since the last recenter
 2. **Fix the root cause:**
   - For amplitude issues: execute a larger seed buy (Step 4 with more ETH) to generate more price movement and anchor fees
   - For TWAP issues: wait longer for oracle history to accumulate
   - For cooldown: simply wait 60 s
 3. **Retry the second recenter** — re-run Step 6 (`BootstrapVWAPPhase2.s.sol`) or call `recenter()` directly:
   ```bash
   cast send $LM_ADDRESS "recenter()" --rpc-url $BASE_RPC --private-key $DEPLOYER_KEY
   ```
 4. **Verify** — confirm `cumulativeVolume > 0` (Step 7)
 5. **If `feeDestination` needs correction** (e.g., was set to the wrong address):
   ```bash
   # Only works if feeDestinationLocked is false
   cast send $LM_ADDRESS \
     "setFeeDestination(address)" <CORRECT_FEE_DEST_ADDRESS> \
     --rpc-url $BASE_RPC \
     --private-key $DEPLOYER_KEY
   ```
 ### Automated recovery
 A helper script automates the diagnosis and retry:
 ```bash
 # Diagnose and retry bootstrap
 scripts/recover-bootstrap.sh --rpc-url $BASE_RPC --private-key $DEPLOYER_KEY --lm $LM_ADDRESS
 ```
 See `scripts/recover-bootstrap.sh --help` for all options.
 ---
 ## Troubleshooting
 ### `forge script` aborts before broadcast due to recenter() revert
 Foundry simulates the entire `run()` function before broadcasting anything. If the inline bootstrap in `DeployBase.sol` causes the simulation to fail, no transactions are broadcast.
 **Workaround:** Comment out the bootstrap block in `DeployBase.sol` locally (lines 101–145, from `// =====================================================================` through `seedSwapper.executeSeedBuy{ value: SEED_SWAP_ETH }(sender);`) before running the deploy script, then restore it afterward. The bootstrap is then performed manually using Steps 3–6 above.
 ### `recenter()` reverts with "price deviated from oracle"
 The pool has insufficient TWAP history. Wait longer and retry. At least one block must have been produced with the pool at its initialized price before the 300 s counter begins.
 ### `recenter()` reverts with "cooldown"
 The 60 s cooldown has not elapsed since the last recenter. Wait and retry.
 ### Seed buy produces zero KRK
 The pool may have no in-range liquidity (first recenter did not place positions successfully). Check positions via `cast call $LM_ADDRESS "positions(1)"` and re-run Step 3 if the anchor position is empty.
 ### BootstrapVWAPPhase2 fails with "cumulativeVolume is still 0"
 The anchor position collected no fees — either the seed buy was too small to generate a fee, or the swap routed through a different pool. Repeat Step 4 with a larger `amountIn` (e.g., `0.01 ether` / `10000000000000000`) and re-run Step 5–6.
--- a/docs/podman.md
+++ b/docs/podman.md
@ -1,44 +0,0 @@
 # Podman Staging Environment
 The Podman stack mirrors `scripts/dev.sh` using long-lived containers. Every boot spins up a fresh Base Sepolia fork, redeploys contracts, seeds liquidity, and launches the live-reload services behind Caddy on port 80.
 ## Service Topology
 - `anvil` – Base Sepolia fork with optional mnemonic from `onchain/.secret.local`
 - `bootstrap` – one-shot job running `DeployLocal.sol`, seeding liquidity, priming blocks, and writing shared env files
 - `ponder` – `npm run dev` for the indexer (port 42069 inside the pod)
 - `frontend` – Vite dev server for `web-app` (port 5173 inside the pod)
 - `txn-bot` – automation loop plus Express status API (port 43069 inside the pod)
 - `caddy` – front door at `http://<host>:80`, routing `/api/graphql`, `/health`, `/api/rpc`, and `/api/txn` to the internal services
 All containers mount the repository so code edits hot-reload exactly as the local script. Named volumes keep `node_modules` caches between restarts.
 ## Prerequisites
 - Podman 4.x (rootless recommended)
 - `podman-compose`
 ## Launching
 ```bash
 podman-compose -f podman-compose.yml build
 podman-compose -f podman-compose.yml up
 ```
 - First run takes several minutes while Foundry installs deps, deploys contracts, and runs the seeding transactions.
 - Use `podman-compose down` to stop. Bring-up always redeploys and rewrites `services/ponder/.env.local` plus `tmp/podman/txnBot.env`.
 ### Access Points (via Caddy)
 - Frontend: `http://<host>/`
 - GraphQL: `http://<host>/api/graphql`
 - RPC passthrough: `http://<host>/api/rpc`
 - Txn bot status: `http://<host>/api/txn/status`
 ## Configuration Knobs
 Set environment variables before `podman-compose up`:
 - `FORK_URL` – Anvil upstream RPC (defaults to `https://sepolia.base.org`)
 - `DEPLOYER_PK`, `DEPLOYER_ADDR` – override deployer wallet; otherwise derived from `.secret.local` or Foundry defaults
 - `TXNBOT_PRIVATE_KEY`, `TXNBOT_ADDRESS`, `TXNBOT_FUND_VALUE` – customise bot signer and funding
 Edit `containers/Caddyfile` if you need different routes or ports.
 ## Known Limitations
 - State is ephemeral; every restart wipes the fork and redeploys contracts.
 - Processes run in dev/watch mode (`npm run dev`), so staging traffic is not production hardened.
 - Secrets live in env files inside the repo mount because no external secret store is wired in.
--- a/docs/technical/architecture.md
+++ b/docs/technical/architecture.md
@ -0,0 +1,90 @@
 # Technical Architecture
 ## System Overview
 KrAIken consists of three on-chain contracts, a real-time indexer, and two web frontends.
 ```
 ┌──────────────┐     ┌──────────────┐     ┌──────────────────────┐
 │   Kraiken    │────▶│    Stake     │     │  LiquidityManager    │
 │   (ERC20)    │     │  (Staking)   │     │  (Pool Management)   │
 └──────────────┘     └──────────────┘     └──────────────────────┘
       │                    │                        │
       └────────────────────┼────────────────────────┘
                            │
                    ┌───────▼────────┐
                    │  Ponder Indexer │
                    │  (GraphQL API)  │
                    └───────┬────────┘
                            │
              ┌─────────────┼─────────────┐
              │                           │
      ┌───────▼────────┐         ┌───────▼────────┐
      │  Landing Page  │         │   Staking App  │
      │  (Vue 3/Vite)  │         │  (Vue 3/Vite)  │
      └────────────────┘         └────────────────┘
 ```
 ## Smart Contracts
 ### Kraiken.sol (ERC20 Token)
 - Standard ERC20 with controlled minting by LiquidityManager
 - 20% of supply reserved for staking pool
 - Min stake fraction: 1/3000 of total supply (~399 KRK at current supply)
 - Tracks `previousTotalSupply` for staking calculations
 - Version field for indexer compatibility
 ### Stake.sol (Staking Positions)
 - Creates/manages staking positions with self-assessed tax rates
 - 30 discrete tax rate tiers: 1%, 3%, 5%, 8%, 12%, ... up to 97%
 - Snatching: higher tax rate can displace lower positions
 - 3-day minimum hold (`TAX_FLOOR_DURATION`) before snatch
 - Position payout at market value when snatched or unstaked
 ### LiquidityManager.sol (Pool Management)
 - Manages Uniswap V3 concentrated liquidity position
 - Recenters liquidity based on VWAP and market conditions
 - Emits `EthAbundance`, `EthScarcity`, `Recentered` events
 - Optimizer V3: reads staking sentiment to adjust parameters
 ## Indexer (Ponder)
 [Ponder](https://ponder.sh) indexes on-chain events into PostgreSQL via GraphQL:
 - **Stats**: Protocol-wide metrics (supply, reserves, fees)
 - **Positions**: Individual staking positions with status
 - **Holders**: Token balances with cost basis tracking
 - **Recenters**: Liquidity management history
 - **Ring Buffer**: 7-day hourly snapshots of ETH reserve, mints, burns, tax
 ### Key Endpoints
 - GraphQL: `http://localhost:42069` (proxied at `/api/graphql`)
 - Health: `http://localhost:42069/health`
 - Ready: `http://localhost:42069/ready` (200 when historical sync complete)
 ## Web Frontends
 ### Landing Page (`/`)
 - Marketing + protocol health dashboard
 - LiveStats component with real-time metrics
 - Wallet connect + holder card for returning users
 - Three variants: defensive, offensive, mixed
 ### Staking App (`/app/`)
 - Full staking dashboard
 - Position management (stake, unstake, adjust tax)
 - Wallet P&L with cost basis tracking
 - Charts and protocol statistics
 ### Shared Package (`packages/web3/`)
 - `createHarbConfig()` — wagmi config with Base chain + connectors
 - `useTokenBalance` composable
 - Re-exports of wagmi composables for consistent imports
 ## Infrastructure
 - **Chain**: Base (Ethereum L2), chainId 8453
 - **Local dev**: Anvil fork of Base Sepolia (chainId 31337)
 - **Proxy**: Caddy reverse proxy on port 8081
 - **CI**: Woodpecker CI with pre-built Docker images
 - **Source**: [codeberg.org/johba/harb](https://codeberg.org/johba/harb)
--- a/docs/technical/deployment.md
+++ b/docs/technical/deployment.md
@ -0,0 +1,288 @@
 # KRAIKEN Mainnet Deployment Runbook
 **Target chain:** Base (L2)
 **Contract version:** V2 (OptimizerV3 w/ directional VWAP)
 ---
 ## 1. Pre-Deployment Checklist
 - [ ] All tests pass: `cd onchain && forge test`
 - [ ] Gas snapshot baseline: `forge snapshot`
 - [ ] Security review complete (see `analysis/SECURITY_REVIEW.md`)
 - [ ] Storage layout verified for UUPS upgrade (see `analysis/STORAGE_LAYOUT.md`)
 - [ ] Floor ratchet mitigation status confirmed (branch `fix/floor-ratchet`)
 - [ ] Multisig wallet ready for `feeDestination` (Gnosis Safe on Base)
 - [ ] Deployer wallet funded with sufficient ETH for gas (~0.05 ETH)
 - [ ] LiquidityManager funding wallet ready (initial ETH seed for pool positions)
 - [ ] `.secret` seed phrase file present in `onchain/` (deployer account)
 - [ ] Base RPC endpoint configured and tested
 - [ ] Etherscan/Basescan API key ready for contract verification
 - [ ] kraiken-lib version updated: `COMPATIBLE_CONTRACT_VERSIONS` includes `2`
 ---
 ## 2. Contract Deployment Order
 All contracts are deployed in a single broadcast transaction via `DeployBaseMainnet.sol`:
 ```
 1. Kraiken token (ERC20 + ERC20Permit)
 2. Stake contract (Kraiken address, feeDestination)
 3. Kraiken.setStakingPool(Stake)
 4. Uniswap V3 Pool (create or use existing, FEE=10000)
 5. Pool initialization (1 cent starting price)
 6. OptimizerV3 implementation + ERC1967Proxy
 7. LiquidityManager (factory, WETH, Kraiken, OptimizerProxy)
 8. LiquidityManager.setFeeDestination(multisig)
 9. Kraiken.setLiquidityManager(LiquidityManager)
 ```
 ### Deploy Command
 ```bash
 cd onchain
 # Verify configuration first
 cat script/DeployBaseMainnet.sol  # Check feeDest, weth, v3Factory
 # Dry run (no broadcast)
 forge script script/DeployBaseMainnet.sol \
  --rpc-url $BASE_RPC \
  --sender $(cast wallet address --mnemonic "$(cat .secret)")
 # Live deployment
 forge script script/DeployBaseMainnet.sol \
  --rpc-url $BASE_RPC \
  --broadcast \
  --verify \
  --etherscan-api-key $BASESCAN_API_KEY \
  --slow
 ```
 **Critical:** The `--slow` flag submits transactions one at a time, waiting for confirmation. This prevents nonce issues on Base.
 ### Record Deployment Addresses
 After deployment, save all addresses from console output:
 ```bash
 # Update deployments file
 cat >> deployments-mainnet.json << 'EOF'
 {
  "chain": "base",
  "chainId": 8453,
  "kraiken": "0x...",
  "stake": "0x...",
  "pool": "0x...",
  "liquidityManager": "0x...",
  "optimizerProxy": "0x...",
  "optimizerImpl": "0x...",
  "feeDestination": "0x...",
  "deployer": "0x...",
  "deployedAt": "2026-XX-XX",
  "txHash": "0x..."
 }
 EOF
 ```
 ---
 ## 3. Post-Deployment Setup
 ### 3.1 Fund LiquidityManager
 The LM needs ETH to create initial positions:
 ```bash
 # Send ETH to LiquidityManager (unwrapped — it will wrap to WETH internally)
 cast send $LIQUIDITY_MANAGER --value 10ether \
  --rpc-url $BASE_RPC \
  --mnemonic "$(cat .secret)"
 ```
 ### 3.2 Trigger First Recenter
 `recenter()` is permissionless — any address may call it. The 60-second cooldown (`MIN_RECENTER_INTERVAL`) and TWAP oracle check are always enforced.
 ```bash
 # Wait for pool to accumulate some TWAP history (~5 minutes of trades)
 # Anyone can trigger the first recenter; txnBot will take over ongoing calls
 cast send $LIQUIDITY_MANAGER "recenter()" \
  --rpc-url $BASE_RPC \
  --from $TXNBOT_ADDRESS
 ```
 ### 3.4 Configure txnBot
 Update `services/txnBot/` configuration for Base mainnet:
 - Set `LIQUIDITY_MANAGER` address
 - Set `KRAIKEN` address
 - Set RPC to Base mainnet
 - Deploy txnBot service
 ### 3.5 Configure Ponder Indexer
 ```bash
 # Update kraiken-lib/src/version.ts
 export const COMPATIBLE_CONTRACT_VERSIONS = [2];
 # Update Ponder config for Base mainnet addresses
 # Set PONDER_NETWORK=BASE in environment
 ```
 ### 3.6 Update Frontend
 - Update contract addresses in web-app configuration
 - Update kraiken-lib ABIs: `cd onchain && forge build` then rebuild kraiken-lib
 - Deploy frontend to production
 ---
 ## 4. Optimizer Upgrade Procedure
 If upgrading an existing Optimizer proxy to OptimizerV3:
 ```bash
 cd onchain
 # Set proxy address
 export OPTIMIZER_PROXY=0x...
 # Dry run
 forge script script/UpgradeOptimizer.sol \
  --rpc-url $BASE_RPC
 # Execute upgrade
 forge script script/UpgradeOptimizer.sol \
  --rpc-url $BASE_RPC \
  --broadcast \
  --verify \
  --etherscan-api-key $BASESCAN_API_KEY
 # Verify post-upgrade
 cast call $OPTIMIZER_PROXY "getLiquidityParams()" --rpc-url $BASE_RPC
 ```
 **Expected output:** Bear-mode defaults (CI=0, AS=0.3e18, AW=100, DD=0.3e18) since staking will be <91%.
 ---
 ## 5. Verification Steps
 Run these checks after deployment to confirm everything is wired correctly:
 ```bash
 # 1. Kraiken token
 cast call $KRAIKEN "VERSION()" --rpc-url $BASE_RPC          # Should return 2
 cast call $KRAIKEN "peripheryContracts()" --rpc-url $BASE_RPC  # LM + Stake addresses
 # 2. LiquidityManager
 cast call $LM "feeDestination()" --rpc-url $BASE_RPC       # Should be multisig
 cast call $LM "lastRecenterTime()" --rpc-url $BASE_RPC     # Should be non-zero after first recenter
 cast call $LM "positions(0)" --rpc-url $BASE_RPC           # Floor position (after recenter)
 cast call $LM "positions(1)" --rpc-url $BASE_RPC           # Anchor position
 cast call $LM "positions(2)" --rpc-url $BASE_RPC           # Discovery position
 # 3. OptimizerV3 (through proxy)
 cast call $OPTIMIZER "getLiquidityParams()" --rpc-url $BASE_RPC
 # 4. Pool state
 cast call $POOL "slot0()" --rpc-url $BASE_RPC              # Current tick, price
 cast call $POOL "liquidity()" --rpc-url $BASE_RPC          # Total liquidity
 # 5. Stake contract
 cast call $STAKE "nextPositionId()" --rpc-url $BASE_RPC    # Should be 0 initially
 # 6. ETH balance
 cast balance $LM --rpc-url $BASE_RPC                       # Should show funded amount
 ```
 ---
 ## 6. Emergency Procedures
 ### 6.1 Pause Recentering
 **NOTE:** `recenter()` is permissionless — there is no access-control switch to block it. The only mechanism that prevents a recenter is the 60-second `MIN_RECENTER_INTERVAL` cooldown and the TWAP oracle check. There is no admin function to revoke or grant access.
 In an attack scenario the most effective response is to upgrade or replace the contract (see §6.3 / §6.4). Existing positions remain in place and continue earning fees regardless of recenter activity.
 ### 6.2 Upgrade Optimizer to Safe Defaults
 Deploy a minimal "safe" optimizer that always returns bear parameters:
 ```bash
 # Deploy SafeOptimizer with hardcoded bear params
 # Upgrade proxy to SafeOptimizer
 OPTIMIZER_PROXY=$OPTIMIZER forge script script/UpgradeOptimizer.sol \
  --rpc-url $BASE_RPC --broadcast
 ```
 ### 6.3 Emergency Parameter Override
 If the optimizer needs temporary override, deploy a new implementation with hardcoded safe parameters:
 - CI=0, AS=30% (0.3e18), AW=100, DD=0.3e18 (bear defaults)
 - These were verified safe across all 1050 parameter sweep combinations
 ### 6.4 Rollback Plan
 **There is no rollback for deployed contracts.** Mitigation options:
 - Upgrade optimizer proxy to revert to V1/V2 logic
 - Revoke recenter access to freeze positions
 - The LiquidityManager itself is NOT upgradeable (by design — immutable control)
 - In worst case: deploy entirely new contract set, migrate liquidity
 ### 6.5 Known Attack Response: Floor Ratchet
 If floor ratchet extraction is detected (rapid recenters + floor tick creeping toward current price):
 1. **Immediately** upgrade the optimizer to safe bear-mode defaults (§6.2) — this maximises floor distance (AW=100 → 7000-tick clearance) and makes ratchet extraction significantly harder while a patched LiquidityManager is prepared. Note: there is no access-control switch on `recenter()`; the 60s cooldown is the only rate limiter
 2. Assess floor position state via `positions(0)`
 3. Deploy patched LiquidityManager if fix is ready
 4. Current mitigation: bear-mode parameters (AW=100) create 7000-tick floor distance, making ratchet extraction significantly harder
 ---
 ## 7. Monitoring Setup
 ### On-Chain Monitoring
 Track these metrics via Ponder or direct RPC polling:
 | Metric | How | Alert Threshold |
 |--------|-----|-----------------|
 | Floor tick distance | `positions(0).tickLower - currentTick` | < 2000 ticks |
 | Recenter frequency | Count `recenter()` calls per hour | > 10/hour |
 | LM ETH balance | `address(LM).balance + WETH.balanceOf(LM)` | < 1 ETH (most ETH is in pool positions) |
 | VWAP drift | `getVWAP()` vs current price | > 50% divergence |
 | Optimizer mode | `getLiquidityParams()` return values | Unexpected bull in low-staking |
 | Fee revenue | WETH transfers to feeDestination | Sudden drop to 0 |
 ### Off-Chain Monitoring
 - txnBot health: `GET /api/txn/status` — should return healthy
 - Ponder indexing: `GET /api/graphql` — query `stats` entity
 - Frontend version check: `useVersionCheck()` composable validates contract VERSION
 ### Alerting Triggers
 1. **Critical:** Floor position liquidity = 0 (no floor protection)
 2. **Critical:** recenter() reverts for > 1 hour
 3. **High:** > 20 recenters in 1 hour (potential manipulation)
 4. **Medium:** VWAP compression triggered (high cumulative volume)
 5. **Low:** Optimizer returns bull mode (verify staking metrics justify it)
 ---
 ## 8. Deployment Timeline
 | Step | Duration | Dependency |
 |------|----------|------------|
 | Deploy contracts | ~2 min | Funded deployer wallet |
 | Verify on Basescan | ~5 min | Deployment complete |
 | Fund LiquidityManager | ~1 min | Deployment complete |
 | Wait for TWAP history | ~5-10 min | Pool initialized |
 | First recenter | ~1 min | TWAP history accumulated |
 | Deploy txnBot | ~5 min | Addresses configured |
 | Deploy Ponder | ~10 min | Addresses + kraiken-lib updated |
 | Deploy frontend | ~5 min | Ponder running |
 | **Total** | **~30-40 min** | |
--- a/docs/technical/development.md
+++ b/docs/technical/development.md
@ -0,0 +1,134 @@
 # Docker Development Environment
 The Docker stack powers `scripts/dev.sh` using containerized services. Every boot spins up a fresh Base Sepolia fork, redeploys contracts, seeds liquidity, and launches the live-reload services behind Caddy on port 8081.
 ## Service Topology
 - `anvil` – Base Sepolia fork with optional mnemonic from `onchain/.secret.local`
 - `bootstrap` – one-shot job running `DeployLocal.sol`, seeding liquidity, priming blocks, and writing shared env files (uses `scripts/bootstrap-common.sh`)
 - `postgres` – PostgreSQL 16 database for Ponder indexer state
 - `ponder` – `npm run dev` for the indexer (port 42069)
 - `webapp` – Vite dev server for `web-app` (port 5173)
 - `landing` – Vite dev server for landing page (port 5174)
 - `txn-bot` – automation loop plus Express status API (port 43069)
 - `otterscan` – block explorer UI (port 5100)
 - `caddy` – reverse proxy at `http://localhost:8081`, routing `/app/` → webapp, `/api/graphql` → ponder, `/api/rpc` → anvil, `/` → landing
 All containers mount the repository so code edits hot-reload exactly as the local script. Named volumes keep `node_modules` caches between restarts.
 ## Prerequisites
 ### Linux
 ```bash
 # Install Docker Engine
 curl -fsSL https://get.docker.com | sh
 sudo usermod -aG docker $USER
 # Logout and login again for group changes to take effect
 ```
 ### Mac
 ```bash
 # Install Colima (open-source Docker Desktop alternative)
 brew install colima docker docker-compose
 # Start Colima VM with recommended resources
 colima start --cpu 4 --memory 8 --disk 100
 # Verify installation
 docker ps
 ```
 ## Launching
 **Recommended**: Use the helper script
 ```bash
 ./scripts/dev.sh start
 ```
 This will:
 1. Build kraiken-lib
 2. Start Anvil (Base Sepolia fork)
 3. Deploy contracts via bootstrap
 4. Start Ponder (indexes events)
 5. Start web-app, landing, txn-bot
 6. Start Caddy reverse proxy on port 8081
 **Startup time**: ~6 minutes on first run (includes Ponder indexing 300+ blocks)
 **Manual approach** (not recommended):
 ```bash
 docker compose up -d
 ```
 **Stopping the stack:**
 ```bash
 ./scripts/dev.sh stop
 # or
 docker compose down
 ```
 **Quick restarts for development:**
 - `./scripts/dev.sh restart --light` - Fast restart (~10-20s): only webapp + txnbot, preserves Anvil/Ponder state. **Use for frontend changes.**
 - `./scripts/dev.sh restart --full` - Full restart (~6 min): redeploys contracts, fresh state. **Use for contract changes.**
 **Important**: Every full restart redeploys contracts and rewrites `services/ponder/.env.local` and `tmp/containers/txnBot.env`.
 ### Access Points (via Caddy on port 8081)
 **For reviewing code changes in your browser:**
 - Landing page: `http://localhost:8081/` (marketing site)
 - Web-app: `http://localhost:8081/app/` (staking interface - **use this for testing**)
 - GraphQL Playground: `http://localhost:8081/api/graphql`
 - TxnBot status: `http://localhost:8081/api/txn/status`
 **Direct RPC access:**
 - Anvil RPC: `http://localhost:8081/api/rpc` (or `http://localhost:8545` directly)
 **Hot reload workflow:**
 1. Start stack: `./scripts/dev.sh start`
 2. Open `http://localhost:8081/app/` in your browser
 3. Edit files in `web-app/src/` - changes appear instantly (Vite HMR)
 4. Edit files in `landing/src/` - changes appear on `http://localhost:8081/`
 5. Edit smart contracts in `onchain/src/` - requires `./scripts/dev.sh restart --full`
 ## Configuration Knobs
 Set environment variables before `docker-compose up`:
 - `FORK_URL` – Anvil upstream RPC (defaults to `https://sepolia.base.org`)
 - `DEPLOYER_PK`, `DEPLOYER_ADDR` – override deployer wallet; otherwise derived from `.secret.local` or Foundry defaults
 - `TXNBOT_PRIVATE_KEY`, `TXNBOT_ADDRESS`, `TXNBOT_FUND_VALUE` – customise bot signer and funding
 Edit `containers/Caddyfile` if you need different routes or ports.
 ## Known Limitations
 - State is ephemeral; every restart wipes the fork and redeploys contracts.
 - Processes run in dev/watch mode (`npm run dev`), so staging traffic is not production hardened.
 - Secrets live in env files inside the repo mount because no external secret store is wired in.
 ## Troubleshooting
 ### Mac: "Cannot connect to Docker daemon"
 ```bash
 # Ensure Colima is running
 colima status
 colima start
 # Verify Docker can connect
 docker ps
 ```
 ### Permission errors on Linux
 ```bash
 # Add your user to the docker group
 sudo usermod -aG docker $USER
 # Logout and login again, or use:
 newgrp docker
 ```
 ### Port conflicts
 If you see "port already in use" errors:
 ```bash
 # Check what's using the port
 lsof -i :8081  # or :8545, :5173, etc.
 # Stop conflicting services or change ports in docker-compose.yml
 ```
--- a/docs/technical/staking-mechanics.md
+++ b/docs/technical/staking-mechanics.md
@ -0,0 +1,83 @@
 # Staking Mechanics
 ## Tax Rates
 Staking uses a **self-assessed tax** mechanism (Harberger Tax). You choose what yearly rate you're willing to pay. This creates a continuous auction for staking slots.
 ### Rate Tiers
 There are 30 discrete tax rates (percentages are yearly):
 ```
 1%, 3%, 5%, 8%, 12%, 18%, 24%, 30%, 40%, 50%,
 60%, 80%, 100%, 130%, 180%, 250%, 320%, 420%, 540%, 700%,
 920%, 1200%, 1600%, 2000%, 2600%, 3400%, 4400%, 5700%, 7500%, 9700%
 ```
 Rates are discrete (not continuous) to prevent micro-increment griefing.
 ### Tax Calculation
 Tax accrues continuously from the moment you stake:
 ```
 tax_owed = (staked_amount × tax_rate × time_held) / (365 days × 100)
 ```
 Tax is paid when you:
 - Unstake (deducted from payout)
 - Get snatched (deducted from compensation)
 - Manually pay via the dashboard
 ## Snatching (Position Challenges)
 Anyone can take your staking slots by committing to a higher tax rate.
 ### Rules
 1. **Higher rate required**: The challenger must use a strictly higher tax rate tier
 2. **3-day minimum hold**: Positions are protected for 72 hours after creation
 3. **Full compensation**: The snatched owner receives market value of their position minus accrued tax
 4. **Discrete tiers only**: You can't snatch by increasing the rate by 0.01% — you must jump to the next tier
 ### What the snatched owner receives
 ```
 payout = (shares / total_shares) × current_total_supply - tax_owed
 ```
 The payout reflects the current token price, not the entry price. If the protocol grew, you get more back than you put in.
 ## Staking Pool
 The staking pool holds 20% of all KRK supply. When new tokens are minted (from buys), stakers receive a proportional share. When tokens are burned (from sells), the pool shrinks proportionally.
 ### Owner Slots
 - Total: 20,000 slots (representing 20% of supply)
 - Your slots = your percentage × 20,000
 - 1,000 slots = 1% of the staking pool
 ### Minimum Stake
 To prevent fragmentation, there's a minimum stake:
 ```
 min_stake = total_supply / 3000
 ```
 At ~1.2M total supply, this is approximately 399 KRK.
 ## Adjusting Your Rate
 You can change your tax rate on an existing position:
 - **Increasing**: Takes effect immediately, extends snatch protection
 - **Decreasing**: Takes effect after a delay to prevent gaming
 ## Strategy Guide
 | Goal | Recommended Rate | Why |
 |------|-----------------|-----|
 | Long-term earning | Low (1-8%) | Cheap to hold, accept challenge risk |
 | Defensive holding | Medium (18-40%) | Balance of cost and protection |
 | Aggressive accumulation | High (60%+) | Hard to challenge, but expensive |
 | Short-term flip | Lowest available | Minimize holding cost |
--- a/docs/technical/test-accounts.md
+++ b/docs/technical/test-accounts.md
--- a/docs/technical/tokenomics.md
+++ b/docs/technical/tokenomics.md
@ -0,0 +1,60 @@
 # Tokenomics
 ## KRK Token
 - **Standard**: ERC20 on Base (Ethereum L2)
 - **Supply**: Dynamic (minted on buys, burned on sells)
 - **Backing**: Every KRK token is backed by ETH in the trading vault
 ## ETH Reserve & Floor Price
 The protocol maintains an ETH reserve in a Uniswap V3 concentrated liquidity position. This creates a floor price:
 ```
 floor_price = ETH_reserve / total_KRK_supply
 ```
 **Key property**: The floor price can only go up (in ETH terms) because:
 - Buys add ETH to the reserve and mint KRK at market price (above floor)
 - Sells remove KRK from supply and return ETH at market price
 - Trading fees from the pool add to the reserve without minting new tokens
 ## Supply Mechanics
 ### Minting (on buy)
 When someone buys KRK on Uniswap:
 1. ETH enters the pool
 2. KRK is minted at market price
 3. 20% of new tokens go to the staking pool (for stakers)
 4. 80% goes to the buyer
 ### Burning (on sell)
 When someone sells KRK:
 1. KRK is burned
 2. ETH leaves the pool at market price
 3. The staking pool burns proportionally
 ## Liquidity Management
 The LiquidityManager positions liquidity in a concentrated range around the current price:
 ### Modes
 - **Scarcity** (bearish signal): Wide range, conservative positioning
 - **Abundance** (bullish signal): Narrow range, aggressive fee capture
 ### Signals
 The optimizer reads staking activity as a sentiment indicator:
 - High staking ratio + low tax rates = genuine confidence → Bull mode
 - Dropping staking or rising tax rates = uncertainty → Bear mode
 ### VWAP Tracking
 The system tracks a volume-weighted average price (VWAP) to set liquidity ranges. This creates a "mirror floor" — a second price support level based on recent trading history.
 ## Fee Generation
 Trading activity generates fees from the Uniswap V3 position. These fees accrue to the ETH reserve, increasing the floor price for all holders.
 The fee rate depends on:
 - Trading volume
 - Liquidity concentration (narrower range = more fees per trade)
 - Pool fee tier (1% on the KRK/WETH pair)
--- a/docs/testing.md
+++ b/docs/testing.md
@ -0,0 +1,41 @@
 # Testing
 ## Contract Tests (Foundry)
 Run inside `onchain/`:
 ```bash
 forge build      # compile contracts
 forge test       # run unit + fork tests
 forge snapshot   # gas snapshot
 ```
 ## Fuzzing
 Scripts under `onchain/analysis/` generate replayable scenarios:
 ```bash
 ./analysis/run-fuzzing.sh [optimizer] debugCSV
 ```
 ## Integration Testing
 After the stack boots via `dev.sh`:
 - Anvil logs: check for revert errors
 - Ponder GraphQL: `http://localhost:8081/api/graphql`
 - txnBot health: `http://localhost:8081/api/txn/status`
 ## E2E Tests (Playwright)
 Full-stack tests in `tests/e2e/` verify complete user journeys (mint ETH → swap KRK → stake).
 ```bash
 npm run test:e2e   # from repo root
 ```
 - Tests use a mocked wallet provider with Anvil accounts.
 - In CI, the Woodpecker `e2e.yml` pipeline runs these against pre-built service images.
 - See [docs/ci-pipeline.md](ci-pipeline.md) for CI-specific E2E details.
 ## Version Validation System
 The stack enforces version compatibility across contracts, indexer, and frontend:
 - **Contract VERSION**: `Kraiken.sol` exposes a `VERSION` constant (currently v2) that must be incremented for breaking changes to TAX_RATES, events, or core data structures.
 - **Ponder Validation**: On startup, Ponder reads the contract VERSION and validates against `COMPATIBLE_CONTRACT_VERSIONS` in `kraiken-lib/src/version.ts`. Fails hard (exit 1) on mismatch to prevent indexing wrong data.
 - **Frontend Check**: Web-app validates `KRAIKEN_LIB_VERSION` at runtime (currently placeholder; future: query Ponder GraphQL for full 3-way validation).
 - **CI Enforcement**: Woodpecker `release.yml` pipeline validates that contract VERSION matches `COMPATIBLE_CONTRACT_VERSIONS` before release.
 - See `VERSION_VALIDATION.md` (repo root) for complete architecture, workflows, and troubleshooting.
--- a/eslint.config.js
+++ b/eslint.config.js
@ -0,0 +1,58 @@
 import tseslint from '@typescript-eslint/eslint-plugin';
 import tsparser from '@typescript-eslint/parser';
 export default [
  {
    name: 'tests/files-to-lint',
    files: ['tests/**/*.ts', 'scripts/harb-evaluator/**/*.ts'],
    languageOptions: {
      parser: tsparser,
      parserOptions: {
        ecmaVersion: 2022,
        sourceType: 'module',
      },
      globals: {
        process: 'readonly',
        console: 'readonly',
        fetch: 'readonly',
        setTimeout: 'readonly',
        Date: 'readonly',
        Promise: 'readonly',
      },
    },
    plugins: {
      '@typescript-eslint': tseslint,
    },
    rules: {
      '@typescript-eslint/no-explicit-any': 'error',
      '@typescript-eslint/no-unused-vars': [
        'error',
        {
          argsIgnorePattern: '^_',
          varsIgnorePattern: '^_',
          caughtErrorsIgnorePattern: '^_',
        },
      ],
    },
  },
  {
    name: 'arch/no-fixed-delays',
    files: ['tests/**/*.ts', 'scripts/harb-evaluator/**/*.ts'],
    rules: {
      'no-restricted-syntax': [
        'error',
        {
          selector: "CallExpression[callee.property.name='waitForTimeout']",
          message:
            '[BANNED] waitForTimeout is a fixed delay. → Subscribe to events instead (eth_newFilter for on-chain, waitForSelector/waitForURL for DOM). → Polling with timeout is acceptable only if no event source exists. → See AGENTS.md #Engineering Principles.',
        },
        {
          selector:
            "NewExpression[callee.name='Promise'] > ArrowFunctionExpression CallExpression[callee.name='setTimeout']",
          message:
            '[BANNED] Promise+setTimeout sleep pattern. → Use event subscription or polling with timeout instead. → See AGENTS.md #Engineering Principles.',
        },
      ],
    },
  },
 ];
--- a/evidence/README.md
+++ b/evidence/README.md
@ -0,0 +1,507 @@
 # Evidence Directory
 Machine-readable process results for the KRAIKEN optimizer pipeline. All formulas
 (evolution, red-team, holdout, user-test) write structured JSON here.
 ## Purpose
 - **Planner input** — the planner reads these files to decide next actions
  (e.g. "last red-team showed IL vulnerability → trigger evolution").
 - **Diffable history** — `git log evidence/` shows how metrics change over time.
 - **Permanent record** — separate from `tmp/` which is ephemeral.
 ## Directory Layout
 ```
 evidence/
  evolution/
    YYYY-MM-DD.json       # run params, generation stats, best fitness, champion file
  red-team/
    YYYY-MM-DD.json       # per-attack results, floor held/broken, ETH extracted
  holdout/
    YYYY-MM-DD-prNNN.json # per-scenario pass/fail, gate decision
  user-test/
    YYYY-MM-DD.json       # per-persona reports, screenshot refs, friction points
  resources/
    YYYY-MM-DD.json       # disk, RAM, API call counts, budget burn, CI queue depth
  protocol/
    YYYY-MM-DD.json       # TVL, accumulated fees, position count, rebalance frequency
 ```
 ## Delivery Pattern
 Every formula follows the same three-step pattern:
 1. **Evidence file** → committed to `evidence/` on main
 2. **Git artifacts** (new code, attack vectors, evolved programs) → PR
 3. **Human summary** → issue comment with key metrics + link to evidence file
 ---
 ## Fee-Income Calculation Model
 This section documents how `delta_bps` values in red-team and holdout evidence files
 are derived, so that recorded values can be independently verified.
 ### Measurement tool
 `delta_bps` is computed from two snapshots of **LM total ETH** taken by
 [`onchain/script/LmTotalEth.s.sol`](../onchain/script/LmTotalEth.s.sol):
 ```
 lm_total_eth = lm.balance (free ETH)
             + WETH.balanceOf(lm) (free WETH)
             + Σ positionEthPrincipal(stage) for stage ∈ {FLOOR, ANCHOR, DISCOVERY}
 ```
 Each position's ETH principal is calculated via `LiquidityAmounts.getAmountsForLiquidity`
 at the pool's current `sqrtPriceX96`. Only the WETH side of each position is summed;
 the KRK side is excluded.
 ### What is and is not counted
 | Counted | Not counted |
 |---------|-------------|
 | Free native ETH on the LM contract | KRK balance (free or in positions) |
 | Free WETH (ERC-20) on the LM contract | Uncollected fees still inside Uni V3 positions |
 | ETH-side principal of all 3 positions | KRK fees transferred to `feeDestination` |
 **Key consequence:** Uncollected fees accrued inside Uniswap V3 positions are invisible
 to `LmTotalEth` until a `recenter()` call executes `pool.burn` + `pool.collect`, which
 converts them into free WETH on the LM contract (or transfers them to `feeDestination`).
 A `recenter()` between the two snapshots materializes these fees into the measurement.
 ### `delta_bps` formula
 ```
 delta_bps = (lm_eth_after − lm_eth_before) / lm_eth_before × 10_000
 ```
 Where `lm_eth_before` and `lm_eth_after` are `LmTotalEth` readings taken before and
 after the attack sequence. Each attack is snapshot-isolated (Anvil snapshot → execute →
 measure → revert), so per-attack `delta_bps` values are independent.
 ### Components that drive `delta_bps`
 A round-trip trade (buy KRK with ETH, then sell KRK back for ETH) through the LM's
 dominant positions produces a positive `delta_bps` from three sources:
 1. **Pool fee income (1% per leg).** The WETH/KRK pool charges a 1% fee (`FEE = 10_000`
   in `LiquidityManager.sol`). On a simple round trip this contributes ~2% of volume.
   However, fees accrue as uncollected position fees and only become visible after
   `recenter()` materializes them. If no recenter occurs between snapshots, fee income
   is partially hidden (reflected only indirectly through reduced trade output).
 2. **Concentrated-liquidity slippage.** The LM's three-position strategy concentrates
   most liquidity in narrow tick ranges. Trades that exceed the depth of a position
   range push through progressively thinner liquidity, causing super-linear slippage.
   The attacker receives fewer tokens per unit of input on each marginal unit. This
   slippage transfers value to the LM's positions as increased ETH principal.
 3. **Recenter repositioning gain.** When `recenter()` is called between trade legs:
   - All three positions are burned and fees collected.
   - New positions are minted at the current price.
   - Any accumulated fees (WETH portion) become free WETH and are redeployed as new
     position liquidity. KRK fees are sent to `feeDestination`.
   - The repositioned liquidity changes the tick ranges the next trade interacts with.
 ### Why `delta_bps` is non-linear
 A naive estimate of `delta_bps ≈ volume × 1% × 2 legs / lm_eth_before × 10_000`
 underestimates the actual value for large trades because:
 - **Slippage dominates at high volume.** When trade volume approaches or exceeds the
  ETH depth of the active positions, the price moves through the entire concentrated
  range and into thin or empty ticks. The slippage loss to the attacker (= gain to the
  LM) grows super-linearly with volume.
 - **Multi-recenter compounding.** Strategies that call `recenter()` between sub-trades
  materialize intermediate fees and reposition liquidity at a new price. Subsequent
  trades pay fees at the new tick ranges, compounding the total fee capture.
 - **KRK fee exclusion.** KRK fees collected during `recenter()` are transferred to
  `feeDestination` and excluded from `LmTotalEth`. This means the measurement captures
  the ETH-side gain but not the KRK-side gain — `delta_bps` understates total protocol
  revenue.
 ### Fee destination behaviour
 When `feeDestination` is `address(0)` or `address(this)` (the LM contract itself),
 fees are **not** transferred out — they remain as deployable liquidity on the LM.
 In this configuration, materialized WETH fees increase `lm_total_eth` directly. When
 `feeDestination` is an external address, WETH fees are transferred out and do **not**
 contribute to `lm_total_eth`. The red-team test environment uses `feeDestination =
 address(this)` so that fee income is fully reflected in `delta_bps`.
 ### Worked example
 Using `attacks[1]` from `evidence/red-team/2026-03-20.json`:
 > **"Buy → Recenter → Sell (800 ETH round trip)"** — `delta_bps: 1179`
 **Given:**
 - `lm_eth_before` = 999,999,999,999,999,999,998 wei ≈ 1000 ETH
 - Trade volume = 800 ETH (buy leg) + equivalent KRK sell leg
 - Pool fee rate = 1% per swap
 - `feeDestination = address(this)` (fees stay in LM)
 **Step-by-step derivation:**
 1. **Buy leg (800 ETH → KRK):** The 800 ETH buy pushes the price ~4000 ticks into
   the concentrated positions. The pool charges 1% (≈8 ETH in fees accruing to
   positions). Because liquidity is concentrated, the price moves far — the attacker
   receives significantly fewer KRK than a constant-product AMM would give.
   After the buy, position ETH principal increases (price moved up = more ETH value
   in range).
 2. **Recenter:** Positions are burned, collecting all accrued fees. New positions are
   minted at the new (higher) price. The ~8 ETH in WETH fees plus the ETH-side
   principal become redeployable liquidity.
 3. **Sell leg (KRK → ETH):** The attacker sells all acquired KRK back through the
   newly positioned liquidity. Another 1% fee applies. Because the attacker received
   fewer KRK than 800 ETH worth (due to buy-leg slippage), the sell leg returns
   significantly less than 800 ETH. The price drops back but the LM retains the
   slippage differential.
 4. **Result:** `lm_eth_after ≈ 1000 + 117.9 ≈ 1117.9 ETH`.
   ```
   delta_bps = (1117.9 − 1000) / 1000 × 10_000 = 1179 bps
   ```
   The ~117.9 ETH gain comes from: 1% fees on both legs (~16 ETH) **plus** ~102 ETH
   in concentrated-liquidity slippage loss by the attacker. The slippage component
   dominates because 800 ETH far exceeds the depth of the anchor/discovery positions,
   pushing the trade through increasingly thin liquidity.
 **Cross-check — why naive formula fails:**
 ```
 naive = 800 × 0.01 × 2 / 1000 × 10_000 = 160 bps   (actual: 1179 bps)
 ```
 The naive estimate assumes uniform liquidity (constant slippage = fee rate only).
 The 7× difference is entirely due to concentrated-liquidity slippage on a trade that
 exceeds position depth.
 ---
 ## Schema: `evolution/YYYY-MM-DD.json`
 Records one optimizer evolution run.
 ```json
 {
  "date": "YYYY-MM-DD",
  "run_params": {
    "generations": 50,
    "population_size": 20,
    "seed": 42,
    "base_optimizer": "OptimizerV3"
  },
  "generation_stats": [
    {
      "generation": 1,
      "best_fitness": -12.4,
      "mean_fitness": -34.1,
      "worst_fitness": -91.2
    }
  ],
  "best_fitness": -8.7,
  "champion_file": "onchain/src/OptimizerV4.sol",
  "champion_commit": "abc1234",
  "verdict": "improved" | "no_improvement"
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of the run |
 | `run_params` | object | Input parameters used |
 | `generation_stats` | array | Per-generation fitness summary |
 | `best_fitness` | number | Best fitness score achieved (lower = better loss for LM) |
 | `champion_file` | string | Repo-relative path to winning optimizer |
 | `champion_commit` | string | Git commit SHA of the champion (if promoted) |
 | `verdict` | string | `"improved"` or `"no_improvement"` |
 ---
 ## Schema: `red-team/YYYY-MM-DD.json`
 Records one adversarial red-team run against a candidate optimizer.
 ```json
 {
  "date": "YYYY-MM-DD",
  "candidate": "OptimizerV3",
  "candidate_commit": "abc1234",
  "optimizer_profile": "push3-default",
  "lm_eth_before": 1000000000000000000000,
  "lm_eth_after": 998500000000000000000,
  "eth_extracted": 1500000000000000000,
  "floor_held": false,
  "methodology": "Each attack is snapshot-isolated: Anvil snapshot before, execute, measure, revert.",
  "verdict": "floor_broken" | "floor_held",
  "attacks": [
    {
      "strategy": "Flash buy + stake + recenter loop",
      "pattern": "wrap → buy → stake → recenter_multi → sell",
      "result": "DECREASED" | "HELD" | "INCREASED",
      "delta_bps": -150,
      "insight": "Rapid recenters pack ETH into floor while ratcheting it toward current price"
    }
  ]
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of the run |
 | `candidate` | string | Optimizer under test |
 | `candidate_commit` | string | Git commit SHA of the optimizer under test |
 | `optimizer_profile` | string | Named profile / push3 variant |
 | `lm_eth_before` | integer (wei) | LM total ETH at start |
 | `lm_eth_after` | integer (wei) | LM total ETH at end |
 | `eth_extracted` | integer (wei) | `lm_eth_before - lm_eth_after` (0 if floor held) |
 | `floor_held` | boolean | `true` if no ETH was extracted |
 | `methodology` | string | How the red-team run was conducted (e.g. snapshot-isolation procedure, measurement tool, revert strategy). Free-text; should be detailed enough to reproduce the run independently |
 | `verdict` | string | `"floor_held"` or `"floor_broken"` |
 | `attacks[].strategy` | string | Human-readable strategy name |
 | `attacks[].pattern` | string | Abstract op sequence (e.g. `wrap → buy → stake`) |
 | `attacks[].result` | string | `"DECREASED"`, `"HELD"`, or `"INCREASED"` |
 | `attacks[].delta_bps` | integer | LM ETH change in basis points |
 | `attacks[].insight` | string | Key finding from this strategy |
 ### Snapshot-Isolation Methodology
 All red-team runs use **snapshot isolation** as the standard methodology. This
 ensures that each attack is evaluated independently against the same initial
 state, rather than against a cumulative balance modified by prior attacks.
 **How it works:**
 1. Before the first attack, the test runner records the initial `lm_eth_before`
   value and takes an Anvil snapshot via the `anvil_snapshot` RPC method.
 2. Each attack executes against this snapshot: run the attack, measure
   `lm_eth_after`, compute `delta_bps`, then revert to the snapshot via
   the `anvil_revert` RPC method.
 3. The next attack begins from the exact same chain state as the previous one.
 **Field semantics under snapshot isolation:**
 | Field | Semantics |
 |-------|-----------|
 | `lm_eth_before` | LM total ETH at the shared initial snapshot — identical for every attack in the run |
 | `lm_eth_after` | LM total ETH measured after this specific attack, before reverting |
 | `attacks[].delta_bps` | Change relative to the shared `lm_eth_before`, not relative to any prior attack |
 **Key implications:**
 - `lm_eth_before` and `lm_eth_after` reflect **per-attack state**, not
  cumulative historical balance. Each attack sees the same starting ETH.
 - Attack results are independent and order-insensitive — reordering attacks does
  not change any individual `delta_bps` value.
 ---
 ## Schema: `holdout/YYYY-MM-DD-prNNN.json`
 Records a holdout quality gate evaluation for a specific PR.
 ```json
 {
  "date": "YYYY-MM-DD",
  "pr": 123,
  "candidate_commit": "abc1234",
  "scenarios": [
    {
      "name": "bear_market_crash",
      "passed": true,
      "lm_eth_delta_bps": 12,
      "notes": ""
    },
    {
      "name": "flash_buy_exploit",
      "passed": false,
      "lm_eth_delta_bps": -340,
      "notes": "Floor broken on 2000-trade run"
    }
  ],
  "scenarios_passed": 4,
  "scenarios_total": 5,
  "gate_passed": false,
  "verdict": "pass" | "fail",
  "blocking_scenarios": ["flash_buy_exploit"]
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of evaluation |
 | `pr` | integer | PR number being evaluated |
 | `candidate_commit` | string | Commit SHA under test |
 | `scenarios` | array | One entry per holdout scenario |
 | `scenarios[].name` | string | Scenario identifier |
 | `scenarios[].passed` | boolean | Whether LM ETH held or improved |
 | `scenarios[].lm_eth_delta_bps` | integer | LM ETH change in basis points |
 | `scenarios[].notes` | string | Free-text notes on failure mode |
 | `scenarios_passed` | integer | Count of passing scenarios |
 | `scenarios_total` | integer | Total scenarios run |
 | `gate_passed` | boolean | `true` if all required scenarios passed |
 | `verdict` | string | `"pass"` or `"fail"` |
 | `blocking_scenarios` | array of strings | Scenario names that caused failure |
 ---
 ## Schema: `user-test/YYYY-MM-DD.json`
 Records a UX evaluation run across simulated personas.
 ```json
 {
  "date": "YYYY-MM-DD",
  "personas": [
    {
      "name": "crypto_native",
      "task": "stake_and_set_tax_rate",
      "completed": true,
      "friction_points": [],
      "screenshot_refs": ["tmp/screenshots/crypto_native_stake.png"],
      "notes": ""
    },
    {
      "name": "defi_newcomer",
      "task": "first_buy_and_stake",
      "completed": false,
      "friction_points": ["Tax rate slider label unclear", "No confirmation of stake tx"],
      "screenshot_refs": ["tmp/screenshots/defi_newcomer_confused.png"],
      "notes": "User abandoned at tax rate step"
    }
  ],
  "personas_completed": 1,
  "personas_total": 2,
  "critical_friction_points": ["Tax rate slider label unclear"],
  "verdict": "pass" | "fail"
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of evaluation |
 | `personas` | array | One entry per simulated persona |
 | `personas[].name` | string | Persona identifier |
 | `personas[].task` | string | Task the persona attempted |
 | `personas[].completed` | boolean | Whether the task was completed |
 | `personas[].friction_points` | array of strings | UX issues encountered |
 | `personas[].screenshot_refs` | array of strings | Repo-relative paths to screenshots |
 | `personas[].notes` | string | Free-text observations |
 | `personas_completed` | integer | Count of personas who completed their task |
 | `personas_total` | integer | Total personas evaluated |
 | `critical_friction_points` | array of strings | Friction points that blocked task completion |
 | `verdict` | string | `"pass"` if all personas completed, `"fail"` otherwise |
 ---
 ## Schema: `resources/YYYY-MM-DD.json`
 Records one infrastructure resource snapshot.
 ```json
 {
  "date": "YYYY-MM-DD",
  "disk": {
    "used_bytes": 85899345920,
    "total_bytes": 107374182400,
    "used_pct": 80.0
  },
  "ram": {
    "used_bytes": 3221225472,
    "total_bytes": 8589934592,
    "used_pct": 37.5
  },
  "api": {
    "anthropic_calls_24h": 142,
    "anthropic_budget_usd_used": 4.87,
    "anthropic_budget_usd_limit": 50.0,
    "anthropic_budget_pct": 9.7
  },
  "ci": {
    "woodpecker_queue_depth": 2,
    "woodpecker_running": 1
  },
  "staleness_threshold_days": 1,
  "verdict": "ok" | "warn" | "critical"
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of the snapshot |
 | `disk.used_bytes` | integer | Bytes used on the primary volume |
 | `disk.total_bytes` | integer | Total bytes on the primary volume |
 | `disk.used_pct` | number | Percentage of disk used |
 | `ram.used_bytes` | integer | Bytes of RAM in use |
 | `ram.total_bytes` | integer | Total bytes of RAM |
 | `ram.used_pct` | number | Percentage of RAM used |
 | `api.anthropic_calls_24h` | integer | Anthropic API calls in the past 24 hours |
 | `api.anthropic_budget_usd_used` | number | USD spent against the Anthropic budget |
 | `api.anthropic_budget_usd_limit` | number | Configured Anthropic budget ceiling in USD |
 | `api.anthropic_budget_pct` | number | Percentage of budget consumed |
 | `ci.woodpecker_queue_depth` | integer | Number of jobs waiting in the Woodpecker CI queue |
 | `ci.woodpecker_running` | integer | Number of Woodpecker jobs currently running |
 | `staleness_threshold_days` | integer | Maximum age in days before this record is considered stale (always 1) |
 | `verdict` | string | `"ok"` (all metrics normal), `"warn"` (≥80% on any dimension), or `"critical"` (≥95% on any dimension) |
 ---
 ## Schema: `protocol/YYYY-MM-DD.json`
 Records one on-chain protocol health snapshot.
 ```json
 {
  "date": "YYYY-MM-DD",
  "block_number": 24500000,
  "tvl_eth": "1234567890000000000000",
  "tvl_eth_formatted": "1234.57",
  "accumulated_fees_eth": "12345678900000000",
  "accumulated_fees_eth_formatted": "0.012",
  "position_count": 3,
  "positions": [
    {
      "name": "floor",
      "tick_lower": -887272,
      "tick_upper": -200000,
      "liquidity": "987654321000000000"
    },
    {
      "name": "anchor",
      "tick_lower": -200000,
      "tick_upper": 0
    },
    {
      "name": "discovery",
      "tick_lower": 0,
      "tick_upper": 887272
    }
  ],
  "rebalance_count_24h": 4,
  "last_rebalance_block": 24499800,
  "staleness_threshold_days": 1,
  "verdict": "healthy" | "degraded" | "offline"
 }
 ```
 | Field | Type | Description |
 |-------|------|-------------|
 | `date` | string (ISO) | Date of the snapshot |
 | `block_number` | integer | Block number at time of snapshot |
 | `tvl_eth` | string (wei) | Total value locked across all LM positions in wei |
 | `tvl_eth_formatted` | string | TVL formatted in ETH (2 dp) |
 | `accumulated_fees_eth` | string (wei) | Fees accumulated by the LiquidityManager in wei |
 | `accumulated_fees_eth_formatted` | string | Fees formatted in ETH (3 dp) |
 | `position_count` | integer | Number of active Uniswap V3 positions (expected: 3) |
 | `positions` | array | One entry per active position |
 | `positions[].name` | string | Position label: `"floor"`, `"anchor"`, or `"discovery"` |
 | `positions[].tick_lower` | integer | Lower tick boundary |
 | `positions[].tick_upper` | integer | Upper tick boundary |
 | `positions[].liquidity` | string | Liquidity amount in the position (wei-scale integer) |
 | `rebalance_count_24h` | integer | Number of `recenter()` calls in the past 24 hours |
 | `last_rebalance_block` | integer | Block number of the most recent `recenter()` call |
 | `staleness_threshold_days` | integer | Maximum age in days before this record is considered stale (always 1) |
 | `verdict` | string | `"healthy"` (positions active, TVL > 0), `"degraded"` (position_count < 3 or rebalance stalled), or `"offline"` (TVL = 0 or contract unreachable) |
--- a/evidence/evolution/.gitkeep
+++ b/evidence/evolution/.gitkeep
--- a/evidence/holdout/.gitkeep
+++ b/evidence/holdout/.gitkeep
--- a/evidence/holdout/2026-03-22-issue517-adversarial-lp.json
+++ b/evidence/holdout/2026-03-22-issue517-adversarial-lp.json
@ -0,0 +1,36 @@
 {
  "date": "2026-03-22",
  "issue": 517,
  "title": "Adversary parasitic LP extracts 29% from holder — all recenters fail",
  "scenario": "staker-vs-holder",
  "status": "fixed",
  "root_cause": {
    "summary": "PRICE_STABILITY_INTERVAL (300s) too long relative to MIN_RECENTER_INTERVAL (60s)",
    "detail": "After a large trade moving the tick >1000 positions, the 5-minute TWAP average lagged behind the current price by hundreds of ticks, far exceeding MAX_TICK_DEVIATION (50). Recenter reverted with 'price deviated from oracle' for ~285s after each trade, creating a window where the LM could not reposition. The adversary's parasitic LP captured fees during this unprotected window.",
    "revert_reasons": {
      "after_adversary_setup": "price deviated from oracle",
      "after_holder_buy": "price deviated from oracle",
      "after_adversary_attack": "price deviated from oracle",
      "after_holder_sell": "amplitude not reached"
    },
    "johba_comment_confirmed": "Parasitic LP does not directly block recentering (V3 positions are independent). The revert is from the TWAP stability check, not from position interference."
  },
  "fix": {
    "file": "onchain/src/abstracts/PriceOracle.sol",
    "change": "PRICE_STABILITY_INTERVAL reduced from 300 to 30 seconds",
    "rationale": "30s still prevents same-block manipulation (Ethereum mainnet ~12s block time) while ensuring TWAP converges well within the 60s cooldown. After the fix, recenter succeeds within 61s of any trade.",
    "security_impact": "Manipulation window reduced from 5 min to 30s. Attacker must hold manipulated price for 30+ seconds (2.5 blocks) before recenter accepts it. Combined with 60s cooldown, total manipulation window is <60s."
  },
  "tests_added": [
    "testRecenterAfterLargeBuy_TWAPConverges — verifies recenter works after 5 ETH buy + 61s wait",
    "testRecenterRejectsSameBlockManipulation — verifies TWAP check still blocks <30s manipulation",
    "testAdversarialLP_HolderProtected — full parasitic LP scenario, holder loss < 5%"
  ],
  "test_results": {
    "total": 256,
    "passed": 255,
    "failed": 1,
    "skipped": 0,
    "pre_existing_failure": "FitnessEvaluator.t.sol::testBatchEvaluate (requires FITNESS_MANIFEST_DIR env var)"
  }
 }
--- a/evidence/protocol/.gitkeep
+++ b/evidence/protocol/.gitkeep
--- a/evidence/red-team/.gitkeep
+++ b/evidence/red-team/.gitkeep
--- a/evidence/red-team/2026-03-20.json
+++ b/evidence/red-team/2026-03-20.json
@ -0,0 +1,80 @@
 {
  "date": "2026-03-20",
  "candidate": "Optimizer",
  "optimizer_profile": "default",
  "candidate_commit": "a1efa5942dd7ca863d069929ff0ca9b1909a1237",
  "lm_eth_before": "999999999999999999998",
  "lm_eth_after": "999999999999999999998",
  "eth_extracted": 0,
  "floor_held": true,
  "verdict": "floor_held",
  "strategies_tested": 7,
  "strategies_total": 9,
  "agent_runs": 2,
  "methodology": "Each attack is snapshot-isolated: Anvil snapshot before, execute strategy, measure LM total ETH via LmTotalEth.s.sol, revert to snapshot. Per-attack delta_bps reflects the isolated measurement. Top-level lm_eth_after equals lm_eth_before because all attacks were individually reverted to the clean baseline.",
  "attacks": [
    {
      "strategy": "Buy → Recenter → Sell (200 ETH round trip)",
      "pattern": "buy → recenter → sell",
      "result": "INCREASED",
      "delta_bps": 24,
      "insight": "The 1% Uniswap V3 pool fee is the primary defense. 200 ETH round trip generates ~2.4 ETH in fees for the LM. Fee income far exceeds any IL from repositioning."
    },
    {
      "strategy": "Buy → Recenter → Sell (800 ETH round trip)",
      "pattern": "buy → recenter → sell",
      "result": "INCREASED",
      "delta_bps": 1179,
      "insight": "800 ETH buy moves price ~4000 ticks into concentrated positions, causing massive slippage. The attacker receives far fewer KRK per ETH as the trade moves through increasingly thin liquidity. Combined 1% pool fees and adverse slippage on both legs result in ~118 ETH net transfer to LM. Floor position (~75% of LM ETH in 200 ticks) absorbs the sell leg."
    },
    {
      "strategy": "Multi-cycle buy → recenter (3×500 ETH) → sell all",
      "pattern": "buy → recenter_multi → sell",
      "result": "INCREASED",
      "delta_bps": 465,
      "insight": "Multiple buy-recenter cycles compound fee income. 1500 ETH total volume generated ~46.5 ETH in fees + slippage. Each recenter repositions liquidity at the current price; subsequent trades pay fees at new ticks."
    },
    {
      "strategy": "Extreme Buy (2050 ETH) → Recenter at Deep Tick → Sell All",
      "pattern": "buy → recenter → sell",
      "result": "INCREASED",
      "delta_bps": 3746,
      "insight": "2050 ETH far exceeds pool depth (~1000 ETH in positions), causing extreme slippage on both legs. The attacker loses ~374 ETH (~18% of input) — mostly to slippage through thin liquidity beyond the concentrated positions, not just the 1% fee. The LM captures all of this as position value increase. Demonstrates that over-sized trades are self-defeating."
    },
    {
      "strategy": "Stake to change optimizer params → exploit repositioning",
      "pattern": "buy → stake → recenter",
      "result": "INCREASED",
      "delta_bps": 500,
      "insight": "Staking parameter changes do not create exploitable repositioning windows. The +500 bps is from the buy-leg fee + slippage (50 ETH buy). Staking itself has no effect on LM ETH."
    },
    {
      "strategy": "Exploit discovery position WETH consumption + asymmetric repositioning",
      "pattern": "buy → recenter → sell",
      "result": "INCREASED",
      "delta_bps": 1179,
      "insight": "Discovery position WETH consumption does not weaken the floor enough to enable extraction. Tested as 800 ETH round trip variant. 1% fee + slippage dominates all round-trip strategies. Subsumed by attack 2 (same pattern at same volume)."
    },
    {
      "strategy": "One-way sell — buy KRK, recenter, sell at stale positions (no second recenter)",
      "pattern": "buy → recenter → sell",
      "result": "INCREASED",
      "delta_bps": 24,
      "insight": "Even without follow-up recenter, LM gained ETH. The cost of acquiring KRK (buy-leg fees + slippage) exceeds what can be extracted by selling through stale positions. Tested at 200 ETH. Subsumed by attack 1 (same effective pattern)."
    },
    {
      "strategy": "Send KRK Directly to LM + Recenter (Supply Manipulation)",
      "pattern": "buy → transfer → recenter",
      "result": "INCREASED",
      "delta_bps": 1000,
      "insight": "Sending KRK to LM acts as a donation — reduces outstandingSupply and gives LM free KRK. Combined with 100 ETH buy-leg fees + slippage (~100 ETH total LM gain). Floor calculation handles reduced supply gracefully."
    },
    {
      "strategy": "Floor Ratchet Extraction — initial phase only (buy → recenter_multi → sell through floor)",
      "pattern": "buy → recenter_multi → sell",
      "result": "INCREASED",
      "delta_bps": 1179,
      "insight": "Tests the initial phase of the known floor ratchet vector (#630). 800 ETH buy crashes price ~4000 ticks; only 1 of 10 recenters succeeds (TWAP oracle blocks the rest). Sell through floor fully absorbed. Net: LM gains ~118 ETH. IMPORTANT: this does NOT test the full 2000-trade oscillation variant that produced profitable outcomes (9/34 runs, up to +178 ETH extracted). That variant gradually drifts TWAP to bypass oracle protections. A dedicated full-sequence run is tracked as follow-up (#1082)."
    }
  ]
 }
--- a/evidence/red-team/2026-03-23-floor-ratchet-oscillation.json
+++ b/evidence/red-team/2026-03-23-floor-ratchet-oscillation.json
@ -0,0 +1,24 @@
 {
  "date": "2026-03-23",
  "candidate": "Optimizer",
  "optimizer_profile": "default",
  "candidate_commit": "144d6a2",
  "lm_eth_before": "999999999999999999998",
  "lm_eth_after": "999999999999999999998",
  "eth_extracted": 0,
  "floor_held": true,
  "verdict": "floor_held",
  "strategies_tested": 1,
  "strategies_total": 1,
  "agent_runs": 0,
  "methodology": "Full 2000-trade floor ratchet oscillation executed via AttackRunner.s.sol forge simulation (not broadcast — forge broadcast incompatible with try/catch recenter reverts). Attack file: onchain/script/backtesting/attacks/floor-ratchet-oscillation.jsonl. 10 oscillation rounds × 200 buy→recenter cycles (5 ETH per buy), with alternating stake/unstake/sell phases at tax rates 0 and 5. TWAP oracle protection (30s stability window, ±50 tick deviation) blocked 2019 of 2022 recenter attempts. Only 3 recenters succeeded — insufficient to drift positions. LM TVL increased from 9.61e21 to 10.79e21 wei (TVL metric including KRK→ETH conversion). Top-level lm_eth_before/lm_eth_after are snapshot-isolated measurements from LmTotalEth.s.sol (ETH-only metric, excludes KRK). The floor ratchet oscillation vector from #630 is defeated by the TWAP oracle + amplitude threshold + 1% pool fee defenses.",
  "attacks": [
    {
      "strategy": "Floor Ratchet Oscillation — full 2000-trade buy → stake → recenter loop with TWAP drift",
      "pattern": "buy → stake → recenter_multi → sell",
      "result": "INCREASED",
      "delta_bps": 1230,
      "insight": "The 2000-trade oscillation variant from #630 is fully defeated. TWAP oracle stability check (±50 tick, 30s window) blocks 99.9% of recenter attempts after buy-driven price moves. The few recenters that succeed do not produce enough repositioning to enable extraction. The 1% Uniswap V3 pool fee on each of the 2000 buy legs (5 ETH × 2000 = 10,000 ETH volume) generates substantial fee income for the LM. Combined with concentrated liquidity slippage on the sell legs, the adversary loses ~12% of capital. The floor ratchet risk flagged in #630 (r=+0.890, 9/34 profitable) does not manifest against the current TWAP-protected Optimizer."
    }
  ]
 }
--- a/evidence/red-team/2026-03-26.json
+++ b/evidence/red-team/2026-03-26.json
@ -0,0 +1,18 @@
 {
  "date": "2026-03-26",
  "candidate": "OptimizerV3",
  "optimizer_profile": "push3-default",
  "candidate_commit": "a76d393",
  "lm_eth_before": "1000000000000000000000",
  "lm_eth_after": "1399000000000000000000",
  "eth_extracted": 0,
  "floor_held": true,
  "verdict": "floor_held",
  "strategies_tested": 7,
  "duration_seconds": 1440,
  "methodology": "bootstrap-light + adversarial Claude agent, 7 diverse strategies",
  "attacks": [],
  "summary": "Floor held under all 7 adversarial strategies. LM ETH increased from ~1000 to ~1399. Attacker lost ETH to fees and slippage. No extraction vector found.",
  "exit_code": 0,
  "notes": "Original session crashed due to Claude auto-update mid-run (24 min in). Evidence reconstructed from session diagnostics. Raw per-attack data lost with worktree cleanup — attacks[] cannot be populated retroactively. Schema fields corrected by supervisor after review found violations in the merged file (profile→optimizer_profile, result→verdict, ETH values→wei, added candidate_commit/eth_extracted/attacks)."
 }
--- a/evidence/red-team/2026-03-27.json
+++ b/evidence/red-team/2026-03-27.json
@ -0,0 +1,82 @@
 {
  "date": "2026-03-27",
  "candidate": "OptimizerV3",
  "candidate_commit": "b161faaee239cf0435ec9e436ad1af217c394a13",
  "optimizer_profile": "push3-default",
  "lm_eth_before": 999999999999999999998,
  "lm_eth_after": 999999999999999999998,
  "eth_extracted": 0,
  "floor_held": true,
  "verdict": "floor_held",
  "strategies_tested": 7,
  "duration_seconds": 2519,
  "methodology": "bootstrap-light + adversarial Claude agent (claude -p --dangerously-skip-permissions), 7 strategies with snapshot-revert isolation. Raw session data from stream-json output.",
  "attacks": [
    {
      "strategy": "Buy→Recenter→Sell (Classic IL Crystallization)",
      "pattern": "buy → recenter → sell",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 24,
      "insight": "The 1% swap fee on both legs (~4 ETH total) exceeds the IL from repositioning a single anchor traversal. With AW=50 (anchorSpacing=3600 ticks), the anchor is wide and IL per tick is small. Fee income dominates decisively."
    },
    {
      "strategy": "Parasitic LP + Fee Siphoning",
      "pattern": "buy → add_lp → buy → recenter → sell → recenter",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 1740,
      "insight": "Parasitic LP captures some fees from swaps but doesn't extract ETH from LM. The massive buy (600 ETH total) put 600 ETH INTO the pool, and the LM captured ~6 ETH in fees. The sell couldn't push through the floor position (massive liquidity at [127400,127600])."
    },
    {
      "strategy": "Extreme Buy→Recenter→Sell (Maximum Price Push)",
      "pattern": "buy → recenter → sell",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 7338,
      "insight": "1500 ETH buy pushed through anchor AND into discovery. After recenter, the floor at [122800,123000] with 75% of ETH created an impenetrable wall. With 103e24 KRK unsellable, the adversary lost ~734 ETH permanently."
    },
    {
      "strategy": "Multi-Cycle Small Ratchet",
      "pattern": "buy → recenter_multi → sell → recenter_multi",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 37,
      "insight": "Multiple small cycles don't compound IL faster than fee income. Each buy adds ~0.5 ETH in fees to LM (1% of 50 ETH). The floor position consistently blocks sell pressure. The 1% fee acts as a friction ratchet that always benefits the LM."
    },
    {
      "strategy": "Staking Manipulation + Optimizer Shift",
      "pattern": "buy → stake → recenter → sell",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 30783,
      "insight": "Buying 3520 ETH for staking deposited massive ETH into the LM. Optimizer shift created tight anchor (AW=11, ~175 ETH) easy to push through, but floor (95% of ETH, 200 ticks wide, liq=2.04e26) was impenetrable. Fatal flaw: KRK needed for >91% staking can only come from the pool, depositing massive ETH."
    },
    {
      "strategy": "Large buy → recenter → large sell (IL crystallization)",
      "pattern": "buy → recenter_multi → sell",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 0,
      "insight": "Early iteration of Strategy 1. Subsumed by the classic IL crystallization attempt."
    },
    {
      "strategy": "Multi-cycle IL ratchet with parasitic LP",
      "pattern": "buy → add_lp → sell → recenter_multi",
      "outcome": "HELD",
      "eth_extracted": 0,
      "floor_held_for_attack": true,
      "delta_bps": 0,
      "insight": "Early iteration of parasitic LP approach. KRK sell failed due to insufficient liquidity to push through floor. Subsumed by revised parasitic LP strategy."
    }
  ],
  "attack_suite_count": 7,
  "summary": "Floor held under all 7 adversarial strategies. All reverted to clean baseline — no extraction vector found. The 1% fee moat, floor position defense (75-95% of LM ETH in 200 ticks), ETH-neutral recenter, directional VWAP defense, and the chicken-and-egg problem (KRK acquisition requires ETH deposit) provide layered defense.",
  "exit_code": 0
 }
--- a/evidence/resources/.gitkeep
+++ b/evidence/resources/.gitkeep
--- a/evidence/user-test/.gitkeep
+++ b/evidence/user-test/.gitkeep
--- a/evidence/user-test/2026-03-25.json
+++ b/evidence/user-test/2026-03-25.json
@ -0,0 +1,96 @@
 {
  "date": "2026-03-25",
  "candidate_commit": "491755592a86b34f7761347cd8cc299652b02942",
  "methodology": "Playwright headless chromium (1280x720) against local full stack (anvil + webapp + ponder + caddy). Each persona spec runs sequentially with chain state reset between runs via evm_snapshot/evm_revert.",
  "personas": [
    {
      "name": "tyler",
      "task": "passive-holder funnel: land → connect wallet → buy KRK → hold",
      "completed": false,
      "friction_points": [
        "Wallet connector panel (.connectors-element) not visible after clicking mobile login icon — timeout at 10s",
        "Desktop connect button not found at 1280x720 viewport — fell through to mobile fallback path"
      ],
      "screenshot_refs": [
        "test-results/usertest/tyler/tyler-landing-page-2026-03-25T07-35-11-729Z.png"
      ],
      "notes": "Tyler skipped docs and went straight to connect wallet. Observed: 'Cool looking app! Let's goooo'. Copy feedback: 'Needs bigger BUY NOW button on landing page'. Blocked at wallet connection step."
    },
    {
      "name": "alex",
      "task": "passive-holder funnel: land → understand DeFi → connect wallet → buy KRK",
      "completed": false,
      "friction_points": [
        "No 'New to DeFi?' or tutorial section on landing page for newcomers",
        "No trust signals (Audited, Secure, Non-custodial badges) to reassure first-time users",
        "Wallet connector panel (.connectors-element) not visible — timeout at 10s",
        "Wallet connection errors lack beginner-friendly explanations"
      ],
      "screenshot_refs": [
        "test-results/usertest/alex/alex-landing-page-2026-03-25T07-33-50-415Z.png",
        "test-results/usertest/alex/alex-looking-for-help-2026-03-25T07-33-51-890Z.png"
      ],
      "notes": "Alex spent 7s on landing page looking for help/tutorials. Observed: 'This looks professional but I have no idea what I'm looking at'. Tokenomics question: 'What is staking? How do I make money from this?'. Gave up after wallet connection failed."
    },
    {
      "name": "sarah",
      "task": "passive-holder funnel: land → research → connect wallet → evaluate yield",
      "completed": false,
      "friction_points": [
        "Landing page does not explain 'What is Harberger tax?' in simple terms",
        "No About, Docs, or Team page found before wallet connection",
        "Wallet connector panel (.connectors-element) not visible — timeout at 10s"
      ],
      "screenshot_refs": [
        "test-results/usertest/sarah/sarah-landing-page-2026-03-25T07-34-52-636Z.png",
        "test-results/usertest/sarah/sarah-looking-for-info-2026-03-25T07-34-53-821Z.png"
      ],
      "notes": "Sarah read the landing page carefully before connecting. Observed: 'Reading landing page carefully before connecting wallet', 'Looking for About, Docs, or Team page before doing anything else'. Blocked at wallet connection."
    },
    {
      "name": "priya",
      "task": "staker funnel: land → analyze mechanism design → connect wallet → evaluate staking",
      "completed": false,
      "friction_points": [
        "No whitepaper, technical appendix, or formal specification found from app UI",
        "No governance structure, DAO participation, or admin key disclosures visible",
        "Wallet connector panel (.connectors-element) not visible — timeout at 10s"
      ],
      "screenshot_refs": [
        "test-results/usertest/priya/priya-landing-page-2026-03-25T07-34-31-771Z.png",
        "test-results/usertest/priya/priya-searching-for-docs-2026-03-25T07-34-33-347Z.png"
      ],
      "notes": "Priya found audit link but wanted full report. Tokenomics questions: 'What is the theoretical Nash equilibrium for tax rates?', 'What are the centralization risks? Who holds admin keys? Is there a timelock?'. Blocked at wallet connection."
    },
    {
      "name": "marcus",
      "task": "staker funnel: land → probe for exploits → connect wallet → test edge cases",
      "completed": false,
      "friction_points": [
        "No 'Audited by X' badge prominently displayed on landing page",
        "Wallet connector panel (.connectors-element) not visible — timeout at 10s"
      ],
      "screenshot_refs": [
        "test-results/usertest/marcus/marcus-landing-page-2026-03-25T07-34-13-018Z.png"
      ],
      "notes": "Marcus immediately skeptical — 'what's the catch?'. Copy feedback: 'Landing page needs Audited by X badge prominently displayed'. Tokenomics question: 'What prevents someone from flash-loaning to manipulate VWAP?'. Blocked at wallet connection."
    }
  ],
  "personas_completed": 0,
  "personas_total": 5,
  "critical_friction_points": [
    "Wallet connector panel (.connectors-element) not rendering after clicking connect button at 1280x720 viewport — all 5 personas blocked",
    "Desktop connect button (.connect-button--disconnected) not visible at 1280x720 — tests fall through to mobile login icon path which also fails",
    "No onboarding/tutorial content for DeFi newcomers (alex, sarah)",
    "No prominent audit badge or trust signals (marcus, alex)",
    "No whitepaper or formal mechanism specification accessible from UI (priya)"
  ],
  "verdict": "fail",
  "raw_reports": {
    "tyler": "tmp/usertest-results/tyler-bags-morrison.json",
    "alex": "tmp/usertest-results/alex-rivera.json",
    "sarah": "tmp/usertest-results/sarah-park.json",
    "priya": "tmp/usertest-results/dr-priya-malhotra.json",
    "marcus": "tmp/usertest-results/marcus-flash-chen.json"
  }
 }
--- a/evidence/user-test/2026-03-26-post-wallet-fix.json
+++ b/evidence/user-test/2026-03-26-post-wallet-fix.json
@ -0,0 +1,163 @@
 {
  "date": "2026-03-26",
  "candidate_commit": "9135b8696eb791d131ccd45ec06d3a9ce137f1e5",
  "context": "Post-wallet-fix verification run. PR #1160 (merged 2026-03-25) fixed test wallet provider: eth_accounts and getProviderState now return empty arrays when not connected, preventing wagmi auto-connect that was hiding the connector panel.",
  "methodology": "Playwright headless chromium (1280x720) against local full stack (anvil + postgres + ponder + webapp + caddy). Each persona spec runs sequentially with chain state reset between runs via evm_snapshot/evm_revert. Test timeout set to 120s.",
  "personas": [
    {
      "name": "tyler",
      "display": "Tyler 'Bags' Morrison",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land → connect wallet → buy KRK → stake → hold",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 10 ETH", "Buy KRK with 4.0 ETH total"],
      "actions_failed": ["Stake 50 KRK at 5% tax"],
      "friction_points": [
        "Staking failed: /stakestake navigation bug — attemptStake helper constructs URL by appending 'stake' to current base URL, producing invalid route",
        "No buy button visible on main page — had to navigate to Cheats page",
        "Tax rate concept confusing — 'Am I PAYING tax or EARNING tax?'",
        "No Discord or community links visible"
      ],
      "screenshot_refs": [
        "test-results/usertest/tyler/tyler-landing-page-2026-03-26T07-41-46-965Z.png",
        "test-results/usertest/tyler/tyler-wallet-connected-2026-03-26T07-41-49-679Z.png",
        "test-results/usertest/tyler/tyler-bought-krk-2026-03-26T07-41-57-952Z.png",
        "test-results/usertest/tyler/tyler-stake-failed-2026-03-26T07-42-24-494Z.png"
      ],
      "notes": "Wallet connection worked immediately via desktop button. Tyler completed buy flow successfully. Staking failed due to navigation bug (not wallet-related). Test passed."
    },
    {
      "name": "alex",
      "display": "Alex Rivera",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land → understand DeFi → connect wallet → buy KRK → stake",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet (first time)", "Mint 5 ETH (following guide)", "Buy KRK with 0.05 ETH (minimal test)"],
      "actions_failed": ["Stake 25 KRK at 15% tax"],
      "friction_points": [
        "No 'New to DeFi?' or tutorial section for newcomers",
        "No trust signals (Audited, Secure, Non-custodial badges)",
        "Staking failed: /stakestake navigation bug",
        "DeFi jargon overwhelming: VWAP, tax rate, snatching, claimed slots"
      ],
      "screenshot_refs": [
        "test-results/usertest/alex/alex-landing-page-2026-03-26T07-40-33-088Z.png",
        "test-results/usertest/alex/alex-wallet-connected-2026-03-26T07-40-37-908Z.png",
        "test-results/usertest/alex/alex-small-purchase-2026-03-26T07-40-53-288Z.png",
        "test-results/usertest/alex/alex-stake-failed-2026-03-26T07-41-15-940Z.png"
      ],
      "notes": "Wallet connection worked first try via desktop button. Purchase flow smooth. Snatching concept 'TERRIFYING for newcomers'. Test passed."
    },
    {
      "name": "sarah",
      "display": "Sarah Park",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land → research → connect wallet → evaluate yield → stake",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 20 ETH", "Buy KRK with 0.05 ETH (test)", "Buy KRK with 3.0 ETH total"],
      "actions_failed": ["Stake 50 KRK at 15% tax"],
      "friction_points": [
        "Landing page does not explain 'What is Harberger tax?' in simple terms",
        "No audit badge visible",
        "Staking failed: /stakestake navigation bug",
        "No return calculator for estimated APY at different tax rates"
      ],
      "screenshot_refs": [
        "test-results/usertest/sarah/sarah-landing-page-2026-03-26T07-44-58-497Z.png",
        "test-results/usertest/sarah/sarah-wallet-connected-2026-03-26T07-45-01-350Z.png",
        "test-results/usertest/sarah/sarah-test-purchase-complete-2026-03-26T07-45-15-223Z.png",
        "test-results/usertest/sarah/sarah-stake-error-2026-03-26T07-45-44-256Z.png"
      ],
      "notes": "Wallet connection worked via desktop button. Both test and main purchase succeeded. Compares unfavorably to Aave's simplicity. Test passed."
    },
    {
      "name": "priya",
      "display": "Dr. Priya Malhotra",
      "funnel": "staker",
      "task": "staker funnel: land → analyze mechanism design → connect wallet → evaluate staking",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 100 ETH", "Buy KRK with 5.0 ETH (institutional test)"],
      "actions_failed": ["Stake 500 KRK at 12% tax"],
      "friction_points": [
        "No whitepaper, technical appendix, or formal specification accessible from UI",
        "No governance structure, DAO participation, or admin key disclosures visible",
        "Staking failed: /stakestake navigation bug",
        "Insufficient liquidity depth for institutional positions (>$100k)"
      ],
      "screenshot_refs": [
        "test-results/usertest/priya/priya-landing-page-2026-03-26T07-44-02-828Z.png",
        "test-results/usertest/priya/priya-wallet-connected-2026-03-26T07-44-05-677Z.png",
        "test-results/usertest/priya/priya-large-swap-complete-2026-03-26T07-44-19-566Z.png",
        "test-results/usertest/priya/priya-final-analysis-2026-03-26T07-44-52-056Z.png"
      ],
      "notes": "Wallet connection worked via desktop button. Institutional-size swap completed. Would allocate $50-100k for observation. Test passed."
    },
    {
      "name": "marcus",
      "display": "Marcus 'Flash' Chen",
      "funnel": "staker",
      "task": "staker funnel: land → probe for exploits → connect wallet → test edge cases",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 50 ETH", "Buy KRK with 0.01 ETH (test)", "Buy KRK with 5 ETH"],
      "actions_failed": ["Stake 100 KRK at 5% tax"],
      "friction_points": [
        "No 'Audited by X' badge prominently displayed",
        "Staking failed: /stakestake navigation bug",
        "No snatching ROI calculator or profitability tool",
        "Contract addresses not easily visible for verification"
      ],
      "screenshot_refs": [
        "test-results/usertest/marcus/marcus-landing-page-2026-03-26T07-42-55-063Z.png",
        "test-results/usertest/marcus/marcus-wallet-connected-2026-03-26T07-42-56-829Z.png",
        "test-results/usertest/marcus/marcus-large-swap-complete-2026-03-26T07-43-13-650Z.png",
        "test-results/usertest/marcus/marcus-final-dashboard-2026-03-26T07-43-57-381Z.png"
      ],
      "notes": "Wallet connection worked via desktop button. Both small and large swaps completed. Intrigued by snatching PvP mechanics. Test passed."
    }
  ],
  "personas_completed": 5,
  "personas_total": 5,
  "wallet_connections_succeeded": 5,
  "wallet_connections_total": 5,
  "fix_verification": {
    "pr": "#1160",
    "fix_description": "Test wallet provider eth_accounts and getProviderState now return empty arrays when not connected, preventing wagmi auto-connect",
    "previous_result": "0/5 personas completing — all blocked at wallet connector panel not rendering",
    "current_result": "5/5 personas completing — all wallet connections succeeded via desktop Connect button",
    "fix_status": "verified_working"
  },
  "new_issue_discovered": {
    "description": "attemptStake helper navigates to /stakestake (invalid route) instead of /stake — Vue Router warns 'No match found for location with path /stakestake'",
    "root_cause": "helpers.ts attemptStake() appends 'stake' to current page.url().split('#')[0] base URL which already ends in /stake, producing /stakestake",
    "impact": "All 5 personas fail staking step (non-blocking — tests complete gracefully)",
    "severity": "medium"
  },
  "critical_friction_points": [
    "Staking navigation bug: /stakestake invalid route blocks all stake attempts (test infrastructure issue, not wallet-related)",
    "No onboarding/tutorial content for DeFi newcomers (alex, sarah)",
    "No prominent audit badge or trust signals (marcus, alex, sarah)",
    "No whitepaper or formal mechanism specification accessible from UI (priya)",
    "Tax rate concept confusing without guidance (tyler, alex, sarah)",
    "Snatching concept frightening without explanation (tyler, alex, sarah)"
  ],
  "verdict": "pass",
  "verdict_detail": "Wallet connector fix (PR #1160) fully verified — 5/5 personas now connect successfully (previously 0/5). All personas complete their test journeys including wallet connection, ETH minting, and KRK purchase. Staking step fails for all due to a separate navigation bug (/stakestake URL), which is a test infrastructure issue not related to the wallet connector fix.",
  "comparison": {
    "previous_date": "2026-03-25",
    "previous_completed": 0,
    "current_completed": 5,
    "improvement": "0/5 → 5/5 (wallet connector fix resolved the blocking issue)"
  },
  "raw_reports": {
    "tyler": "tmp/usertest-results/tyler-bags-morrison.json",
    "alex": "tmp/usertest-results/alex-rivera.json",
    "sarah": "tmp/usertest-results/sarah-park.json",
    "priya": "tmp/usertest-results/dr-priya-malhotra.json",
    "marcus": "tmp/usertest-results/marcus-flash-chen.json"
  }
 }
--- a/evidence/user-test/2026-03-27-post-stake-fix.json
+++ b/evidence/user-test/2026-03-27-post-stake-fix.json
@ -0,0 +1,172 @@
 {
  "date": "2026-03-27",
  "candidate_commit": "f96ca9ddb4f7cd7210ca47dbac755404ee93cdbe",
  "context": "Post-attemptStake-fix verification run. PR #1171 (merged 2026-03-26) fixed the /stakestake navigation bug in attemptStake helper: now uses new URL(page.url()).origin + '/stake' instead of appending 'stake' to the current URL. This run verifies that staking navigation works correctly after the fix.",
  "methodology": "Playwright headless chromium (1280x720) against local full stack (anvil + postgres + ponder + webapp + caddy). Each persona spec runs sequentially with chain state reset between runs via evm_snapshot/evm_revert. Test timeout set to 120s. Stack started with anvil port override (18545 host) due to port conflict.",
  "personas": [
    {
      "name": "tyler",
      "display": "Tyler 'Bags' Morrison",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land -> connect wallet -> buy KRK -> stake -> hold",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 10 ETH"],
      "actions_failed": ["Buy KRK (deployer balance exceeded)", "Stake 50 KRK at 5% tax (stake form timeout: slider not visible within 15s, 504 Gateway Timeout on ponder API)"],
      "friction_points": [
        "Buy failed: deployer KRK balance exceeded after chain state resets",
        "Stake form did not fully load (504 Gateway Timeout from ponder during page load)",
        "No buy button visible on main page - had to navigate to Cheats page",
        "Tax rate concept confusing - 'Am I PAYING tax or EARNING tax?'",
        "No Discord or community links visible"
      ],
      "screenshot_refs": [
        "test-results/usertest/tyler/tyler-landing-page-2026-03-27T08-37-28-808Z.png",
        "test-results/usertest/tyler/tyler-wallet-connected-2026-03-27T08-37-34-925Z.png",
        "test-results/usertest/tyler/tyler-buy-error-2026-03-27T08-37-39-818Z.png",
        "test-results/usertest/tyler/tyler-stake-page-2026-03-27T08-37-49-765Z.png",
        "test-results/usertest/tyler/tyler-stake-failed-2026-03-27T08-38-08-065Z.png"
      ],
      "notes": "Wallet connection succeeded. Navigate to /stake worked correctly (fix verified - no /stakestake). Stake form failed to load due to 504 Gateway Timeout on ponder API, not navigation. Test PASSED (non-blocking failure)."
    },
    {
      "name": "alex",
      "display": "Alex Rivera",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land -> understand DeFi -> connect wallet -> buy KRK -> stake",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet (first time)", "Mint 5 ETH"],
      "actions_failed": ["Buy KRK (JsonRpcProvider failed to detect network)", "Stake 25 KRK at 15% tax (stake form timeout: slider not visible within 15s, 504 Gateway Timeout)"],
      "friction_points": [
        "No 'New to DeFi?' or tutorial section for newcomers",
        "No trust signals (Audited, Secure, Non-custodial badges)",
        "Stake form did not load (504 Gateway Timeout from ponder)",
        "DeFi jargon overwhelming: VWAP, tax rate, snatching, claimed slots"
      ],
      "screenshot_refs": [
        "test-results/usertest/alex/alex-landing-page-2026-03-27T08-38-46-172Z.png",
        "test-results/usertest/alex/alex-wallet-connected-2026-03-27T08-38-51-277Z.png",
        "test-results/usertest/alex/alex-stake-failed-2026-03-27T08-39-24-854Z.png"
      ],
      "notes": "Wallet connection worked first try. Navigate to /stake worked correctly (fix verified - no /stakestake). Stake form failed to load due to 504 Gateway Timeout. Buy failed due to RPC network detection issues after chain revert. Test PASSED."
    },
    {
      "name": "sarah",
      "display": "Sarah Park",
      "funnel": "passive-holder",
      "task": "passive-holder funnel: land -> research -> connect wallet -> evaluate yield -> stake",
      "completed": false,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 20 ETH"],
      "actions_failed": ["Buy KRK (contract balanceOf returned empty data after chain revert)"],
      "friction_points": [
        "Landing page does not explain 'What is Harberger tax?' in simple terms",
        "No audit badge visible",
        "Test crashed on buyKrk: balanceOf returned 0x after chain snapshot/revert cycle"
      ],
      "screenshot_refs": [
        "test-results/usertest/sarah/sarah-landing-page-2026-03-27T08-40-05-846Z.png",
        "test-results/usertest/sarah/sarah-wallet-connected-2026-03-27T08-40-14-067Z.png"
      ],
      "notes": "Wallet connection succeeded. Test FAILED due to contract state issue after chain revert (balanceOf returned empty data). This is a test infrastructure issue with evm_snapshot/evm_revert, not related to the stake navigation fix. Did not reach stake step."
    },
    {
      "name": "priya",
      "display": "Dr. Priya Malhotra",
      "funnel": "staker",
      "task": "staker funnel: land -> analyze mechanism design -> connect wallet -> evaluate staking",
      "completed": true,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 100 ETH"],
      "actions_failed": ["Buy KRK (balanceOf returned empty data after chain revert)", "Stake 500 KRK at 12% tax (stake form timeout: slider not visible within 15s, 504 Gateway Timeout)"],
      "friction_points": [
        "No whitepaper, technical appendix, or formal specification accessible from UI",
        "No governance structure, DAO participation, or admin key disclosures visible",
        "Stake form did not load (504 Gateway Timeout from ponder)",
        "Insufficient liquidity depth for institutional positions (>$100k)"
      ],
      "screenshot_refs": [
        "test-results/usertest/priya/priya-landing-page-2026-03-27T08-41-02-959Z.png",
        "test-results/usertest/priya/priya-wallet-connected-2026-03-27T08-41-07-293Z.png",
        "test-results/usertest/priya/priya-stake-dashboard-2026-03-27T08-41-13-263Z.png",
        "test-results/usertest/priya/priya-final-analysis-2026-03-27T08-41-59-057Z.png"
      ],
      "notes": "Wallet connection succeeded. Navigate to /stake worked correctly (fix verified - no /stakestake). Stake form failed to load due to 504 Gateway Timeout. Buy failed due to contract state issue after chain revert. Test PASSED (graceful failure handling)."
    },
    {
      "name": "marcus",
      "display": "Marcus 'Flash' Chen",
      "funnel": "staker",
      "task": "staker funnel: land -> probe for exploits -> connect wallet -> test edge cases",
      "completed": false,
      "wallet_connected": true,
      "actions_succeeded": ["Connect wallet", "Mint 50 ETH"],
      "actions_failed": ["Buy KRK (ERC20: transfer amount exceeds deployer balance after chain revert)"],
      "friction_points": [
        "No 'Audited by X' badge prominently displayed",
        "Contract addresses not easily visible for verification",
        "Test crashed on buyKrk: deployer balance exhausted after multiple chain reverts"
      ],
      "screenshot_refs": [
        "test-results/usertest/marcus/marcus-landing-page-2026-03-27T08-42-26-011Z.png",
        "test-results/usertest/marcus/marcus-wallet-connected-2026-03-27T08-42-30-090Z.png",
        "test-results/usertest/marcus/marcus-cheats-page-2026-03-27T08-42-36-514Z.png"
      ],
      "notes": "Wallet connection succeeded. Test FAILED due to deployer KRK balance exceeded after chain snapshot/revert cycles. This is a test infrastructure issue, not related to the stake navigation fix. Did not reach stake step."
    }
  ],
  "personas_completed": 3,
  "personas_total": 5,
  "wallet_connections_succeeded": 5,
  "wallet_connections_total": 5,
  "fix_verification": {
    "pr": "#1171",
    "issue": "#1168",
    "fix_description": "attemptStake helper now uses new URL(page.url()).origin + '/stake' instead of appending 'stake' to the current URL path, which previously produced the invalid route /stakestake",
    "previous_result": "0/5 personas completing staking — all blocked at /stakestake invalid route (2026-03-26 evidence)",
    "current_result": "Navigation to /stake confirmed working for all 3 personas that reached the stake step (tyler, alex, priya). The /stakestake bug is eliminated.",
    "fix_status": "verified_working",
    "remaining_blocker": "Stake form elements do not render within timeout (15s). Root cause: 504 Gateway Timeout on ponder GraphQL API during stake page load. This is an infrastructure/ponder issue, not a navigation bug."
  },
  "new_issues_discovered": [
    {
      "description": "Stake page returns 504 Gateway Timeout from ponder API, preventing the stake form (slider, amount input) from rendering",
      "root_cause": "Ponder indexer may be overloaded or timing out on GraphQL queries needed by the stake page. The 504 comes through caddy proxy.",
      "impact": "All personas that reach /stake cannot complete staking (form elements never appear)",
      "severity": "high"
    },
    {
      "description": "Chain snapshot/revert cycle causes contract state corruption: balanceOf returns empty 0x data, and deployer KRK balance is not properly restored",
      "root_cause": "evm_snapshot/evm_revert in anvil may not fully restore contract storage or the snapshot ID management in helpers.ts has edge cases with multiple sequential reverts",
      "impact": "2/5 persona tests crash during buyKrk step; other personas see transfer failures",
      "severity": "medium"
    }
  ],
  "critical_friction_points": [
    "Stake form 504 timeout: ponder API times out, preventing stake page from loading (all personas)",
    "No onboarding/tutorial content for DeFi newcomers (alex, sarah)",
    "No prominent audit badge or trust signals (marcus, alex, sarah)",
    "No whitepaper or formal mechanism specification accessible from UI (priya)",
    "Tax rate concept confusing without guidance (tyler, alex, sarah)",
    "Snatching concept frightening without explanation (tyler, alex, sarah)"
  ],
  "verdict": "partial_pass",
  "verdict_detail": "The /stakestake navigation bug (issue #1168, PR #1171) is VERIFIED FIXED. All 3 personas that reached the stake step (tyler, alex, priya) successfully navigated to /stake with no invalid route error. However, a new blocker emerged: the ponder GraphQL API returns 504 Gateway Timeout when the stake page loads, preventing the stake form from rendering. 0/5 personas completed an actual on-chain stake transaction. 2/5 tests failed outright due to chain state corruption from evm_snapshot/evm_revert cycles (infrastructure issue). Wallet connections: 5/5 succeeded.",
  "comparison": {
    "previous_date": "2026-03-26",
    "previous_evidence": "2026-03-26-post-wallet-fix.json",
    "previous_navigation_bug": "/stakestake (present in all 5 personas)",
    "current_navigation_bug": "None — /stake navigation works correctly",
    "previous_staking_completed": 0,
    "current_staking_completed": 0,
    "improvement": "Navigation fix verified working. Staking blocked by different issue (ponder 504 timeout, not navigation)."
  },
  "raw_reports": {
    "tyler": "tmp/usertest-results/tyler-bags-morrison.json",
    "alex": "tmp/usertest-results/alex-rivera.json",
    "sarah": "tmp/usertest-results/sarah-park.json",
    "priya": "tmp/usertest-results/dr-priya-malhotra.json",
    "marcus": "tmp/usertest-results/marcus-flash-chen.json"
  }
 }
--- a/evidence/user-test/2026-03-28-ponder-504-check.json
+++ b/evidence/user-test/2026-03-28-ponder-504-check.json
@ -0,0 +1,146 @@
 {
  "date": "2026-03-28",
  "test_type": "ponder-504-persistence-check",
  "issue_ref": "#1186",
  "prediction_ref": "#1185",
  "context": "Targeted re-test to determine if the ponder 504 Gateway Timeout observed on 2026-03-27 is persistent or intermittent. Fresh stack startup with cold ponder indexer. All 5 personas run sequentially.",
  "methodology": "Fresh stack started from clean state (no prior containers). Ponder health probed at multiple stages: pre-test (8 probes), mid-test (implicit via persona runs), post-test (3 probes). Playwright headless Chromium (1280x720) with 120s test timeout, 15s slider wait timeout.",
  "stack_startup": {
    "anvil_ready_s": 7,
    "postgres_ready_s": 0,
    "bootstrap_completed_s": 45,
    "ponder_ready_s": 27,
    "webapp_ready_s": 180,
    "caddy_ready_s": 5,
    "note": "Webapp initially timed out at 120s (npm install inside container), succeeded on second health check after ~180s total"
  },
  "ponder_health": {
    "at_test_start": {
      "healthy": true,
      "probes": [
        {"source": "direct_42069", "http_code": 200, "latency_ms": 131},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 43},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 19},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 18},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 17},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 22},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 15}
      ],
      "all_200": true,
      "max_latency_ms": 131,
      "avg_latency_ms": 38
    },
    "at_test_end": {
      "healthy": true,
      "probes": [
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 33},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 16},
        {"source": "caddy_8081", "http_code": 200, "latency_ms": 14}
      ],
      "all_200": true,
      "max_latency_ms": 33,
      "avg_latency_ms": 21
    },
    "504_errors_observed": 0,
    "conclusion": "Ponder GraphQL API is healthy and responsive throughout the entire test run. No 504 errors observed at any point. The 504 from 2026-03-27 is NOT reproducible on fresh stack start."
  },
  "stake_page": {
    "html_loads": true,
    "html_load_ms": 35,
    "slider_renders": false,
    "slider_timeout_s": 15,
    "browser_error": "Failed to fetch protocol stats: SyntaxError: Unexpected token '<', \"<!--\\n *  C\"... is not valid JSON",
    "root_cause": "The webapp stake page fetches protocol stats from a URL that returns SPA HTML fallback instead of JSON. This is a webapp routing/fetch issue, NOT a ponder 504. Ponder itself responds correctly to direct GraphQL queries."
  },
  "personas": [
    {
      "name": "alex",
      "display": "Alex Rivera",
      "funnel": "passive-holder",
      "wallet_connected": true,
      "buy_krk": true,
      "staking_attempted": true,
      "staking_completed": false,
      "stake_failure_reason": "Slider not visible within 15s (webapp fetch error, NOT ponder 504)",
      "test_passed": true
    },
    {
      "name": "marcus",
      "display": "Marcus 'Flash' Chen",
      "funnel": "staker",
      "wallet_connected": true,
      "buy_krk": true,
      "staking_attempted": true,
      "staking_completed": false,
      "stake_failure_reason": "Slider not visible within 15s (webapp fetch error, NOT ponder 504)",
      "test_passed": true
    },
    {
      "name": "priya",
      "display": "Dr. Priya Malhotra",
      "funnel": "staker",
      "wallet_connected": true,
      "buy_krk": true,
      "staking_attempted": true,
      "staking_completed": false,
      "stake_failure_reason": "Slider not visible within 15s (webapp fetch error, NOT ponder 504)",
      "test_passed": true
    },
    {
      "name": "sarah",
      "display": "Sarah Park",
      "funnel": "passive-holder",
      "wallet_connected": true,
      "buy_krk": true,
      "staking_attempted": true,
      "staking_completed": false,
      "stake_failure_reason": "Slider not visible within 15s (webapp fetch error, NOT ponder 504)",
      "test_passed": true
    },
    {
      "name": "tyler",
      "display": "Tyler 'Bags' Morrison",
      "funnel": "passive-holder",
      "wallet_connected": true,
      "buy_krk": true,
      "staking_attempted": true,
      "staking_completed": false,
      "stake_failure_reason": "Slider not visible within 15s (webapp fetch error, NOT ponder 504)",
      "test_passed": true
    }
  ],
  "summary": {
    "personas_total": 5,
    "personas_completed": 5,
    "wallet_connections_succeeded": 5,
    "buy_krk_succeeded": 5,
    "staking_completed": 0,
    "staking_attempted": 5,
    "test_duration_s": 288
  },
  "comparison_with_previous": {
    "previous_date": "2026-03-27",
    "previous_evidence": "2026-03-27-post-stake-fix.json",
    "previous_504_errors": "multiple (all personas that reached /stake)",
    "current_504_errors": 0,
    "previous_staking_completed": 0,
    "current_staking_completed": 0,
    "previous_buy_krk_failures": 4,
    "current_buy_krk_failures": 0,
    "improvements": [
      "No 504 Gateway Timeout errors (ponder healthy throughout)",
      "All 5 personas successfully bought KRK (chain snapshot/revert issues from 2026-03-27 not reproduced)",
      "All 5 test specs passed (previously 2 crashed)"
    ],
    "remaining_blocker": "Stake form slider does not render. Root cause shifted from ponder 504 to webapp protocol-stats fetch returning HTML instead of JSON."
  },
  "verdict": "ponder_504_not_persistent",
  "verdict_detail": "The ponder 504 Gateway Timeout from 2026-03-27 is NOT persistent. On fresh stack start, ponder responds in <50ms with 200 OK consistently. The staking form still does not render, but the root cause is now identified as a webapp fetch issue (protocol stats endpoint returns SPA HTML fallback), not a ponder backend error. 0/5 personas completed staking. The chain snapshot/revert issues from 2026-03-27 were also not reproduced.",
  "raw_reports": {
    "alex": "tmp/usertest-results/alex-rivera.json",
    "marcus": "tmp/usertest-results/marcus-flash-chen.json",
    "priya": "tmp/usertest-results/dr-priya-malhotra.json",
    "sarah": "tmp/usertest-results/sarah-park.json",
    "tyler": "tmp/usertest-results/tyler-bags-morrison.json"
  }
 }
--- a/formulas/AGENTS.md
+++ b/formulas/AGENTS.md
@ -0,0 +1,139 @@
 <!-- last-reviewed: baa501fa46355f7b04bffdf386d397ad19f69298 -->
 # Agent Brief: Formulas
 Formulas are TOML files that declare automated pipeline jobs for the harb evaluator.
 Each formula describes **what** to run, **when**, and **what it produces** — the
 orchestrator reads the TOML and dispatches execution to the scripts referenced in
 `[execution]`.
 ## Sense vs Act
 Every formula has a `type` field. Getting this wrong breaks orchestrator scheduling
 and evidence routing.
 | Type | Meaning | Side-effects | Examples |
 |------|---------|-------------|----------|
 | `sense` | Read-only observation. Produces metrics / evidence only. | No PRs, no code changes, no contract deployments. | `run-holdout`, `run-protocol`, `run-resources`, `run-user-test` |
 | `act` | Produces git artifacts: PRs, new files committed to main, contract upgrades. | Opens PRs, commits evidence + champion files, promotes attack vectors. | `run-evolution`, `run-red-team` |
 **Rule of thumb:** if the formula's `deliver` step calls `git push` or opens a PR,
 it is `act`. If it only commits an evidence JSON to main, it is `sense`.
 ## Current Formulas
 | ID | Type | Script | Cron | Purpose |
 |----|------|--------|------|---------|
 | `run-evolution` | act | `tools/push3-evolution/evolve.sh` | — | Evolve Push3 optimizer candidates, admit champions to seed pool via PR |
 | `run-holdout` | sense | `scripts/harb-evaluator/evaluate.sh` | — | Deploy PR branch, run blind holdout scenarios, report pass/fail |
 | `run-protocol` | sense | `scripts/harb-evaluator/run-protocol.sh` | `0 7 * * *` | On-chain health snapshot (TVL, fees, positions, rebalances) |
 | `run-red-team` | act | `scripts/harb-evaluator/red-team.sh` | — | Adversarial agent attacks the optimizer; promotes novel attack vectors via PR |
 | `run-resources` | sense | `scripts/harb-evaluator/run-resources.sh` | `0 6 * * *` | Infrastructure snapshot (disk, RAM, API budget, CI queue) |
 | `run-user-test` | sense | `scripts/run-usertest.sh` | — | Persona-based Playwright UX evaluation |
 ## Cron Conventions
 - Schedules use standard 5-field cron syntax in `[cron] schedule`.
 - Stagger by at least 1 hour to avoid resource contention (`run-resources` at 06:00, `run-protocol` at 07:00).
 - Only `sense` formulas should be cron-scheduled. An `act` formula on a timer risks unattended PRs.
 ## Step ID Naming
 Steps are declared as `[[steps]]` arrays. Each step must have an `id` field.
 **Conventions:**
 - Use lowercase kebab-case: `stack-up`, `run-scenarios`, `collect-tvl`.
 - Prefix collection steps with `collect-` followed by the metric dimension: `collect-disk`, `collect-ram`, `collect-fees`.
 - Every formula must include a `collect` step (assembles the evidence JSON) and a `deliver` step (commits + posts comment).
 - Infrastructure lifecycle steps: `stack-up` / `stack-down` (or `boot-stack` / `teardown`).
 - Use descriptive verbs: `run-attack-suite`, `evaluate-seeds`, `export-vectors`.
 ## TOML Structure
 A formula file follows this skeleton:
 ```toml
 # formulas/run-{name}.toml
 #
 # One-line description of what this formula does.
 #
 # Type: sense | act
 # Cron: (schedule if applicable, or "—")
 [formula]
 id          = "run-{name}"
 name        = "Human-Readable Name"
 description = "What it does in one sentence."
 type        = "sense"       # or "act"
 # [cron]                    # optional — only for scheduled formulas
 # schedule = "0 6 * * *"
 [inputs.example_input]
 type        = "string"      # string | integer | number
 required    = true
 description = "What this input controls."
 [execution]
 script     = "path/to/script.sh"
 invocation = "ENV_VAR={example_input} bash path/to/script.sh"
 [[steps]]
 id          = "do-something"
 description = """
 What this step does, in enough detail for a new contributor to understand.
 """
 [[steps]]
 id          = "collect"
 description = "Assemble metrics into evidence/{category}/{date}.json."
 output      = "evidence/{category}/{date}.json"
 [[steps]]
 id          = "deliver"
 description = "Commit evidence file and post summary comment to issue."
 [products.evidence_file]
 path     = "evidence/{category}/{date}.json"
 delivery = "commit to main"
 schema   = "evidence/README.md"
 [resources]
 profile     = "light"       # or "heavy"
 concurrency = "safe to run in parallel"  # or "exclusive"
 ```
 ## How to Add a New Formula
 1. **Pick a name.** File goes in `formulas/run-{name}.toml`. The `[formula] id` must match: `run-{name}`.
 2. **Decide sense vs act.** If your formula only reads state and writes evidence → `sense`. If it creates PRs, commits code, or modifies contracts → `act`.
 3. **Write the TOML.** Follow the skeleton above. Key sections:
   - `[formula]` — id, name, description, type.
   - `[inputs.*]` — every tuneable parameter the script accepts.
   - `[execution]` — script path and full invocation with `{input}` interpolation.
   - `[[steps]]` — ordered list of logical steps. Always end with `collect` and `deliver`.
   - `[products.*]` — what the formula produces (evidence file, PR, issue comment).
   - `[resources]` — profile (`light` / `heavy`), concurrency constraints.
 4. **Write or wire the backing script.** The `[execution] script` must exist and be executable. Most scripts live in `scripts/harb-evaluator/` or `tools/`. Exit codes: `0` = success, `1` = gate failed, `2` = infra error.
 5. **Define the evidence schema.** If your formula writes `evidence/{category}/{date}.json`, add the schema to `evidence/README.md`.
 6. **Update this file.** Add your formula to the "Current Formulas" table above.
 7. **Test locally.** Run the backing script with the required inputs and verify the evidence file is well-formed JSON.
 ## Resource Profiles
 | Profile | Meaning | Can run in parallel? |
 |---------|---------|---------------------|
 | `light` | Shell commands only (df, curl, cast). No Docker, no Anvil. | Yes — safe to run alongside anything. |
 | `heavy` | Needs Anvil on port 8545, Docker containers, or long-running agents. | No — exclusive. Heavy formulas share port bindings and cannot overlap. |
 ## Evaluator Integration
 Formula execution is dispatched by the orchestrator to scripts in
 `scripts/harb-evaluator/`. See [scripts/harb-evaluator/AGENTS.md](../scripts/harb-evaluator/AGENTS.md)
 for details on the evaluator runtime: stack lifecycle, scenario execution,
 evidence collection, and the adversarial agent harness.
--- a/formulas/run-evolution.toml
+++ b/formulas/run-evolution.toml
@ -0,0 +1,344 @@
 # formulas/run-evolution.toml
 #
 # Push3 optimizer evolution pipeline — evaluate seed pool, evolve a population
 # of candidates, admit survivors back to the pool, deliver champions via PR.
 #
 # Type: act.  Produces git artifacts (new .push3 champions + updated
 #              manifest.jsonl via PR to main; evidence file committed to main).
 #
 # Depends on: #973 (evidence/evolution/ directory structure)
 [formula]
 id          = "run-evolution"
 name        = "Push3 Optimizer Evolution"
 description = "Evaluate seed pool, evolve Push3 optimizer population, admit survivors, deliver champions via PR."
 type        = "act"
 # "sense"  → read-only, produces metrics only
 # "act"    → produces git artifacts (cf. run-red-team, run-evolution)
 depends_on  = [973]
 # ── Inputs ─────────────────────────────────────────────────────────────────────
 [inputs.seed]
 type        = "string"
 required    = false
 default     = "tools/push3-evolution/seeds/optimizer_v3.push3"
 description = "Starting seed .push3 file (passed as --seed to evolve.sh).  Serves as the fallback mutation source when the pool does not fill the full population."
 [inputs.population]
 type        = "integer"
 required    = false
 default     = 10
 description = "Number of candidates per generation (--population)."
 [inputs.generations]
 type        = "integer"
 required    = false
 default     = 5
 description = "Number of evolution generations to run (--generations)."
 [inputs.mutation_rate]
 type        = "integer"
 required    = false
 default     = 2
 description = "Mutations applied per candidate per generation (--mutation-rate)."
 [inputs.elites]
 type        = "integer"
 required    = false
 default     = 2
 description = "Top-scoring candidates carried forward unchanged each generation (--elites)."
 [inputs.base_rpc_url]
 type        = "string"
 required    = true
 description = """
 Base network RPC endpoint forwarded as BASE_RPC_URL to both evaluate-seeds.sh
 and evolve.sh.  Required for the revm evaluator (default EVAL_MODE).
 Example: https://mainnet.base.org or a fork URL from a running Anvil instance.
 """
 [inputs.run_id]
 type        = "integer"
 required    = false
 description = """
 Override the run ID used when naming candidates admitted to the seed pool
 (e.g. run009_gen2_c005.push3).  Auto-incremented from the highest existing
 run in manifest.jsonl when omitted (recommended).
 """
 [inputs.attack_dir]
 type        = "string"
 required    = false
 default     = "onchain/script/backtesting/attacks"
 description = """
 Directory of .jsonl adversarial attack scenarios.  Intended as an adversarial
 fitness input — candidates scored against these patterns in addition to the
 revm fitness metric.  Not yet forwarded to evolve.sh; documented here as a
 forward spec.
 """
 status      = "planned"
 # ── Execution ──────────────────────────────────────────────────────────────────
 #
 # Step 0 — evaluate-seeds.sh — runs before the main evolution loop.
 #   Scores any manifest.jsonl entries with fitness: null so the pool
 #   sampler has real fitness values when selecting gen_0 candidates.
 #
 # Steps 1-5 — evolve.sh — owns the full evolution lifecycle:
 #   1. Initialise population: random sample from seed pool (--diverse-seeds).
 #   2. Score candidates via revm batch evaluator (batch-eval.sh).
 #   3. Tournament-select survivors; apply elitism + mutation / crossover.
 #   4. Repeat for N generations; track global best.
 #   5. Admit candidates above threshold (6e21 wei) into seeds/; rewrite manifest.
 #
 # evolve.sh always passes --diverse-seeds so gen_0 inherits pool diversity.
 # --run-id is omitted to let evolve.sh auto-increment from manifest.jsonl.
 [execution]
 pre_script     = "tools/push3-evolution/evaluate-seeds.sh"
 pre_invocation = "BASE_RPC_URL={base_rpc_url} bash tools/push3-evolution/evaluate-seeds.sh"
 script         = "tools/push3-evolution/evolve.sh"
 invocation     = "BASE_RPC_URL={base_rpc_url} bash tools/push3-evolution/evolve.sh --seed {seed} --population {population} --generations {generations} --mutation-rate {mutation_rate} --elites {elites} --output tmp/evolution --diverse-seeds"
 # Exit codes propagated by evolve.sh:
 #   0  evolution complete; best candidate found and pool admission attempted
 #   2  infrastructure error (RPC unreachable, missing tool, revm eval failed)
 # ── Steps ──────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "evaluate-seeds"
 description = """
 Score manifest entries with fitness: null before the evolution loop begins.
 tools/push3-evolution/evaluate-seeds.sh:
  - Reads tools/push3-evolution/seeds/manifest.jsonl.
  - For every entry where fitness is null, runs fitness.sh against the
    corresponding .push3 file and records the numeric score.
  - Rewrites manifest.jsonl atomically (temp-file rename).
  - Exits 0 when nothing to do (idempotent; safe to re-run).
  - Exits 2 on infrastructure error (eval stack unreachable).
 Primary targets: LLM-generated seeds (origin=llm) and evolved entries whose
 fitness was nulled due to scoring inflation (fitness_flags: token_value_inflation,
 processExecIf_fix).  Real fitness values allow --diverse-seeds to weight the
 gen_0 sample correctly.
 """
 script      = "tools/push3-evolution/evaluate-seeds.sh"
 [[steps]]
 id          = "evolve"
 description = """
 Run the outer evolutionary loop via tools/push3-evolution/evolve.sh.
 Initialisation (gen_0):
  A random sample of up to {population} candidates is drawn from the seed pool
  (tools/push3-evolution/seeds/); any shortfall is filled by mutating {seed}.
  Seeds with unevaluated fitness (null) are included in the sample with equal
  probability — evaluate-seeds (step 0) should have resolved most of these.
 Per-generation loop ({generations} iterations):
  a. Score all candidates in a single forge test invocation via
     tools/push3-evolution/revm-evaluator/batch-eval.sh (EVAL_MODE=revm).
     Falls back to per-candidate fitness.sh (EVAL_MODE=anvil) if revm is
     unavailable.
  b. Log generation stats: min / max / mean fitness, best candidate file.
  c. Tournament-select survivors (k = population / 2).
  d. Elitism: carry the top {elites} candidates forward unchanged.
  e. Fill remaining slots: mutate random survivors (first half) and apply
     pairwise crossover (second half); fall back to copy on failure.
 Output per run (tmp/evolution/run_NNN/):
  generation_0.jsonl … generation_N.jsonl  per-candidate fitness records
  best.push3                                global champion
  diff.txt                                  constant delta vs seed
  evolution.log                             full run transcript
 Pool admission (after final generation):
  Candidates scoring above 6e21 wei are deduplicated by content hash and
  admitted to tools/push3-evolution/seeds/, named run{NNN}_gen{G}_c{C}.push3.
  manifest.jsonl is rewritten atomically; the evolved pool is capped at 100
  entries by fitness rank (hand-written / LLM seeds are always pinned).
 """
 script     = "tools/push3-evolution/evolve.sh"
 output_dir = "tmp/evolution"
 [[steps]]
 id          = "score-attacks"
 description = """
 [Planned] Score the champion against known adversarial attack scenarios in
 {attack_dir}/*.jsonl via onchain/script/backtesting/AttackRunner.s.sol.
 For each attack file:
  - Replay the op sequence against a fresh Anvil snapshot.
  - Record LM total ETH before and after.
  - Emit one fitness adjustment: penalise the candidate's score if the
    attack succeeds (floor broken), reward if the floor holds.
 Results feed back into the adversarial fitness component — candidates that
 survive all known attacks rank higher in the evidence record.
 Skipped when {attack_dir} is empty or AttackRunner is unavailable.
 """
 status        = "planned"
 attack_source = "{attack_dir}/*.jsonl"
 forge_script  = "onchain/script/backtesting/AttackRunner.s.sol"
 [[steps]]
 id          = "collect"
 description = """
 Aggregate evolve.sh outputs into evidence/evolution/{date}.json.
 Reads:
  - tmp/evolution/run_NNN/generation_N.jsonl   per-generation fitness records
  - tmp/evolution/run_NNN/best.push3           champion file
  - tools/push3-evolution/seeds/manifest.jsonl admission results
 Writes evidence/evolution/{date}.json conforming to the schema in
 evidence/README.md ## Schema: evolution/YYYY-MM-DD.json.
 Verdict: "improved" if best_fitness > best seed fitness in manifest before
 the run; "no_improvement" otherwise.
 """
 output = "evidence/evolution/{date}.json"
 schema = "evidence/README.md"
 [[steps]]
 id          = "cleanup"
 description = """
 Remove intermediate per-generation candidate files that are not part of the
 final results.  Only the following files are retained after this step:
  tmp/evolution/run_NNN/best.push3          global champion
  tmp/evolution/run_NNN/diff.txt            constant delta vs seed
  tmp/evolution/run_NNN/evolution.log       full run transcript
  tools/push3-evolution/seeds/run{NNN}_*.push3
                                            top-N newly admitted seeds
                                            (≤ elites per generation)
 Files removed:
  tmp/evolution/run_NNN/generation_*.jsonl  per-candidate fitness records
                                            (already aggregated into evidence)
  tmp/evolution/run_NNN/candidate_*.push3   intermediate per-generation
                                            candidates that are not elites
 Rationale: the evolution box reached 91% disk utilisation in run #1025 because
 these intermediate files were never cleaned up.  Aggregated fitness data is
 preserved in evidence/evolution/{date}.json; the per-candidate .push3 files for
 non-elite generations are not needed once the evidence file is written.
 """
 [[steps]]
 id          = "deliver"
 description = """
 Commit results to a branch, push, open PR, then post summary comment.
 ORDERING IS MANDATORY — each sub-step must complete before the next begins.
 Do NOT post to the issue before the PR URL is available.
 1. CLEAN GIT STATE
   Run `git checkout -- .` to discard any working-tree modifications that are
   NOT part of the evolution results (e.g. .sol files left over from a prior
   session, scratch files).  Only stage files that belong to this run:
     - evidence/evolution/{date}.json
     - tools/push3-evolution/seeds/evo_run{NNN}_champion.push3
     - tools/push3-evolution/seeds/manifest.jsonl
   Verify `git diff --check` passes before committing.
 2. COMMIT TO BRANCH
   Create branch evidence/evolution-run-{run_id} from master.
   Commit the staged result files with message:
     "evo: run{NNN} results — fitness={best_fitness}"
   The commit MUST include all three files above.
 3. PUSH AND CREATE PR
   Push the branch to origin.
   Open a Codeberg PR targeting master:
     Title: "evo: run{NNN} champion — fitness={best_fitness}"
     Body:  generation-by-generation table (gen, best, mean, worst fitness),
            top-3 admitted candidates with fitness scores, constant diff vs
            seed (from diff.txt), link to evidence file.
   If `git push` or PR creation fails:
     a. Post an error comment to the originating issue with the failure reason
        and the path of the local evidence file.
     b. Leave the issue OPEN.
     c. Exit with a non-zero status — do NOT proceed to step 4.
 4. POST SUMMARY COMMENT (only after PR URL is confirmed)
   Post a comment to the originating issue containing:
     - Verdict (improved / no_improvement).
     - Best fitness achieved and which generation it was found in.
     - Admission count: N candidates added to seed pool.
     - Link to the champion PR (required — do not post without it).
     - Link to evidence file committed in the PR.
     - If no_improvement: best fitness achieved and seed pool size.
   Do NOT close the issue in this step; closing is the orchestrator's
   responsibility once the PR is merged.
 """
 # ── Products ───────────────────────────────────────────────────────────────────
 [products.evidence_file]
 path     = "evidence/evolution/{date}.json"
 delivery = "PR to main (same PR as champion_files, on branch evidence/evolution-run-{run_id})"
 schema   = "evidence/README.md"   # see ## Schema: evolution/YYYY-MM-DD.json
 [products.champion_files]
 path     = "tools/push3-evolution/seeds/evo_run{NNN}_champion.push3"
 # {NNN} is the auto-incremented run ID assigned by evolve.sh at runtime.
 delivery = "PR to main"
 note     = "Only created when at least one candidate exceeds the admission threshold (6e21 wei)."
 [products.manifest]
 path     = "tools/push3-evolution/seeds/manifest.jsonl"
 delivery = "PR to main (same PR as champion_files)"
 note     = "Updated with newly admitted entries and fitness scores from evaluate-seeds."
 [products.issue_comment]
 delivery         = "post to originating issue AFTER PR is created and URL is confirmed"
 content          = "verdict (improved/no_improvement), best fitness, generation found, admission count, link to champion PR (mandatory), link to evidence file"
 on_pr_failure    = "post error comment with failure reason and local evidence path; leave issue OPEN; do not close"
 on_run_failure   = "include best fitness achieved, last generation completed, full log available in tmp/evolution/run_NNN/evolution.log; do not close issue"
 ordering_note    = "The comment MUST NOT be posted before the PR URL exists.  Closing the issue is the orchestrator's responsibility after PR merge, not this formula's."
 # ── Resources ──────────────────────────────────────────────────────────────────
 [resources]
 profile     = "heavy"
 compute     = "CPU + RAM intensive — transpile + compile + deploy + revm eval per candidate"
 rpc         = "Base network RPC (BASE_RPC_URL) for revm fork; or Anvil (EVAL_MODE=anvil)"
 concurrency = "exclusive — revm evaluator and optional Anvil share port 8545 with run-holdout and run-red-team"
 # ── Notes ──────────────────────────────────────────────────────────────────────
 [notes]
 no_uups_deployment = """
 The evolution pipeline produces Push3 candidate files only — no UUPS proxy
 deployment step is wired.  Candidates are scored in simulation (revm or Anvil)
 and admitted to the seed pool for future runs.  Deployment to a live chain is
 out of scope until the champion passes holdout and red-team gates.
 """
 eval_mode = """
 Default EVAL_MODE is revm (batch-eval.sh): all candidates in a generation are
 scored in a single forge test invocation against a Base fork, 10-100× faster
 than per-candidate Anvil.  Set EVAL_MODE=anvil to fall back to fitness.sh
 (slower, but does not require BASE_RPC_URL if Anvil is already running).
 Gas limit: revm evaluator runs at ~25 candidates × 100 trades per batch.
 For larger populations, increase the batch budget in batch-eval.sh.
 """
 adversarial_fitness = """
 Adversarial fitness against attack scenarios ({attack_dir}/*.jsonl) is planned
 but not yet implemented (score-attacks step is status=planned).  Currently the
 only fitness signal is the revm/Anvil metric from batch-eval.sh / fitness.sh.
 When implemented, attack survival will penalise candidates whose floor breaks
 under known attack patterns, biasing the population toward safer programs.
 """
 fee_fitness = """
 Fee optimization against in-market pool data is planned as a second fitness
 dimension.  Not yet implemented; tracked as a follow-up issue.
 """
 pool_cap = """
 The evolved seed pool is capped at 100 entries by fitness rank.  Hand-written
 (origin=hand-written) and LLM-generated (origin=llm) seeds are always pinned
 regardless of fitness.  Evolved entries below the pool floor are evicted when
 new higher-scoring candidates are admitted.  Raw fitness values are only
 comparable within the same evaluation run; entries with fitness_flags
 (token_value_inflation, processExecIf_fix) are ranked as fitness=0 for
 admission and eviction purposes.
 """
--- a/formulas/run-holdout.toml
+++ b/formulas/run-holdout.toml
@ -0,0 +1,138 @@
 # formulas/run-holdout.toml
 #
 # Holdout quality gate — deploy a PR branch, run blind holdout scenarios,
 # report pass/fail.
 #
 # Type: sense-only.  Produces metrics and a gate decision.
 # Does NOT commit code, open PRs, or modify contracts.
 #
 # Depends on: #973 (evidence/holdout/ directory structure)
 [formula]
 id          = "run-holdout"
 name        = "Holdout Quality Gate"
 description = "Deploy PR branch, run blind holdout scenarios, report pass/fail."
 type        = "sense"
 # "sense"  → read-only, produces metrics only
 # "act"    → produces git artifacts (cf. run-evolution, run-red-team)
 # ── Inputs ─────────────────────────────────────────────────────────────────────
 [inputs.pr_number]
 type        = "integer"
 required    = true
 description = "PR number to evaluate"
 [inputs.holdout_repo]
 type        = "string"
 required    = false
 default     = "ssh://git@codeberg.org/johba/harb-holdout-scenarios.git"
 description = """
 Holdout scenarios repo. Dev-agent has no read access — cloned at runtime
 by evaluate.sh into the ephemeral worktree, never checked in to harb.
 """
 # ── Execution ──────────────────────────────────────────────────────────────────
 #
 # The orchestrator invokes evaluate.sh, which owns the full lifecycle:
 # checkout → build → boot stack → clone holdout repo → playwright → teardown.
 [execution]
 script     = "scripts/harb-evaluator/evaluate.sh"
 invocation = "bash scripts/harb-evaluator/evaluate.sh {pr_number}"
 # Exit codes propagated by evaluate.sh:
 #   0  gate passed (≥90% of scenarios achieved 2/3 majority)
 #   1  gate failed (at least one scenario failed the 2/3 threshold)
 #   2  infra error (stack failed to start, missing dependency, etc.)
 # ── Steps ──────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "boot-stack"
 description = """
 Spin up full docker stack from PR branch.
 evaluate.sh creates an isolated git worktree, builds kraiken-lib,
 installs npm deps, installs Playwright browser binaries, then runs:
  docker compose -p harb-eval-{pr_number} up -d
 Waits for anvil (healthy), bootstrap (exited 0), ponder (healthy + /ready).
 """
 [[steps]]
 id          = "clone-holdout"
 description = """
 Clone harb-holdout-scenarios into .holdout-scenarios/ inside the worktree.
 Sets HOLDOUT_SCENARIOS_DIR for holdout.config.ts.
 The dev-agent never sees this repo; the wall is enforced by separate
 repository access control on Codeberg.
 """
 [[steps]]
 id          = "run-scenarios"
 description = """
 Run 8 Playwright specs via holdout.config.ts (workers=1, headless chromium).
 4 surfaces: contracts, graphql, landing, webapp.
 Each scenario is executed up to 3 times; 2/3 runs must pass.
 """
 surfaces              = ["contracts", "graphql", "landing", "webapp"]
 scenarios_per_surface = 2
 scenarios_total       = 8
 runs_per_scenario     = 3
 pass_per_scenario     = 2   # 2-of-3 majority required for a scenario to count as passed
 [[steps]]
 id          = "teardown"
 description = """
 docker compose -p harb-eval-{pr_number} down -v --remove-orphans
 git worktree remove --force {worktree_dir}
 Always runs — cleanup is registered as a shell trap in evaluate.sh.
 """
 [[steps]]
 id          = "deliver"
 description = """
 Collect per-scenario results from test-results/holdout-reports/.
 Write evidence/holdout/{date}-pr{pr_number}.json and commit to main.
 Post gate verdict to issue #{pr_number}.
 On failure: include one-line reason per failed scenario.
 Scenario text is never exposed to the dev-agent.
 """
 # ── Gate ───────────────────────────────────────────────────────────────────────
 [gate]
 pass_threshold_pct = 90   # ≥90% of scenarios must pass
 scenarios_total    = 8    # 8 * 0.9 = 7.2 → at least 8 must pass to clear 90%
 per_scenario_runs  = 3
 per_scenario_pass  = 2    # 2-of-3 majority per scenario
 # ── Products ───────────────────────────────────────────────────────────────────
 [products.evidence_file]
 path     = "evidence/holdout/{date}-pr{pr_number}.json"
 delivery = "commit to main"
 schema   = "evidence/README.md"  # see §Schema: holdout/YYYY-MM-DD-prNNN.json
 [products.issue_comment]
 delivery   = "post to issue #{pr_number}"
 content    = "gate verdict (pass/fail), scenarios_passed/scenarios_total, link to evidence file"
 on_failure = "one-line failure reason per failing scenario; scenario text never revealed"
 # ── Resources ──────────────────────────────────────────────────────────────────
 [resources]
 profile     = "heavy"
 containers  = "5+"    # anvil, bootstrap, ponder, webapp, (caddy if needed)
 browser     = "chromium (Playwright)"
 ports       = ["8545", "42069", "5173", "8081", "5100"]
 concurrency = "exclusive — port bindings prevent parallel runs on the same host"
 # ── Notes ──────────────────────────────────────────────────────────────────────
 [notes]
 wall = """
 The holdout-specs repo (harb-holdout-scenarios) is intentionally inaccessible
 to the dev-agent. The agent receives only pass/fail and one-line failure reasons
 — never the scenario text. This is enforced by Codeberg repo permissions, not
 by runtime filtering.
 """
--- a/formulas/run-protocol.toml
+++ b/formulas/run-protocol.toml
@ -0,0 +1,187 @@
 # formulas/run-protocol.toml
 #
 # On-chain protocol health snapshot — collect TVL, accumulated fees,
 # position count, and rebalance frequency from the deployed LiquidityManager.
 # Write a structured JSON evidence file for planner and predictor consumption.
 #
 # Type: sense.  Read-only — produces metrics only, no git artifacts.
 #
 # Staleness threshold: 1 day (matches evidence/protocol/ schema).
 # Cron: daily at 07:00 UTC (staggered 1 h after run-resources).
 [formula]
 id          = "run-protocol"
 name        = "On-Chain Protocol Health Snapshot"
 description = "Collect TVL, accumulated fees, position count, and rebalance frequency from the deployed LiquidityManager; write evidence/protocol/{date}.json."
 type        = "sense"
 # "sense"  → read-only, produces metrics only
 # "act"    → produces git artifacts (cf. run-evolution, run-red-team)
 # ── Cron ───────────────────────────────────────────────────────────────────────
 [cron]
 schedule    = "0 7 * * *"   # daily at 07:00 UTC (1 h after run-resources)
 description = "Matches 1-day staleness threshold — one snapshot per day keeps the record fresh."
 # ── Inputs ─────────────────────────────────────────────────────────────────────
 [inputs.rpc_url]
 type        = "string"
 required    = true
 description = """
 Base network RPC endpoint used to query on-chain state.
 Example: https://mainnet.base.org or a running Anvil fork URL.
 """
 [inputs.deployments_file]
 type        = "string"
 required    = false
 default     = "onchain/deployments-local.json"
 description = """
 Path to the deployments JSON file containing contract addresses.
 The formula reads LiquidityManager address from this file.
 Use onchain/deployments.json for mainnet; onchain/deployments-local.json
 for a local Anvil fork.
 """
 [inputs.lookback_blocks]
 type        = "integer"
 required    = false
 default     = 7200
 description = """
 Number of blocks to scan for Recenter events when computing
 rebalance_count_24h (~24 h of Base blocks at ~2 s/block).
 """
 # ── Execution ──────────────────────────────────────────────────────────────────
 [execution]
 script     = "scripts/harb-evaluator/run-protocol.sh"
 invocation = "RPC_URL={rpc_url} DEPLOYMENTS_FILE={deployments_file} LOOKBACK_BLOCKS={lookback_blocks} bash scripts/harb-evaluator/run-protocol.sh"
 # Exit codes:
 #   0  snapshot written successfully
 #   2  infrastructure error (RPC unreachable, missing deployments file, forge unavailable, etc.)
 # ── Steps ──────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "read-addresses"
 description = """
 Read the LiquidityManager contract address from {deployments_file}.
 Fail with exit code 2 if the file is absent or the address is missing.
 """
 [[steps]]
 id          = "collect-tvl"
 description = """
 Query LiquidityManager total ETH via forge script LmTotalEth.s.sol
 against {rpc_url}.
 Records tvl_eth (wei string) and tvl_eth_formatted (ETH, 2 dp).
 LmTotalEth.s.sol uses exact Uniswap V3 integer math (LiquidityAmounts +
 TickMath) to sum free ETH, free WETH, and ETH locked across all three
 positions (floor, anchor, discovery).
 """
 forge_script = "onchain/script/LmTotalEth.s.sol"
 [[steps]]
 id          = "collect-fees"
 description = """
 Query accumulated protocol fees from the LiquidityManager via cast call:
  cast call $LM "accumulatedFees()(uint256)"
 Records accumulated_fees_eth (wei string) and accumulated_fees_eth_formatted
 (ETH, 3 dp).
 Falls back to 0 gracefully if the function reverts or is not present on
 the deployed contract (older deployment without fee tracking).
 """
 [[steps]]
 id          = "collect-positions"
 description = """
 Query the three Uniswap V3 positions held by the LiquidityManager:
  LiquidityManager.positions(0) → (liquidity, tickLower, tickUpper)  # FLOOR
  LiquidityManager.positions(1) → (liquidity, tickLower, tickUpper)  # ANCHOR
  LiquidityManager.positions(2) → (liquidity, tickLower, tickUpper)  # DISCOVERY
 Records position_count (number of positions with liquidity > 0) and the
 positions array.
 """
 [[steps]]
 id          = "collect-rebalances"
 description = """
 Count Recenter events emitted by the LiquidityManager in the past
 {lookback_blocks} blocks via eth_getLogs.
 Records:
  - rebalance_count_24h: total Recenter event count in the window.
  - last_rebalance_block: block number of the most recent Recenter event
    (0 if none found in the window).
 """
 event_signature = "Recentered(int24,bool)"
 [[steps]]
 id          = "collect"
 description = """
 Assemble all collected metrics into evidence/protocol/{date}.json.
 Compute verdict:
  - "offline"  if tvl_eth = 0 or RPC was unreachable.
  - "degraded" if position_count < 3, or rebalance_count_24h = 0 and the
    protocol has been live for > 1 day.
  - "healthy"  otherwise.
 Write the file conforming to the schema in evidence/README.md
 ## Schema: protocol/YYYY-MM-DD.json.
 """
 output = "evidence/protocol/{date}.json"
 schema = "evidence/README.md"   # see ## Schema: protocol/YYYY-MM-DD.json
 [[steps]]
 id          = "deliver"
 description = """
 Commit evidence/protocol/{date}.json to main.
 Post a one-line summary comment to the originating issue (if any):
  verdict, tvl_eth_formatted, accumulated_fees_eth_formatted,
  position_count, rebalance_count_24h.
 On "degraded" or "offline": highlight the failing dimension and its value.
 """
 # ── Products ───────────────────────────────────────────────────────────────────
 [products.evidence_file]
 path     = "evidence/protocol/{date}.json"
 delivery = "commit to main"
 schema   = "evidence/README.md"   # see ## Schema: protocol/YYYY-MM-DD.json
 [products.issue_comment]
 delivery    = "post to originating issue (if any)"
 content     = "verdict, tvl_eth_formatted, accumulated_fees_eth_formatted, position_count, rebalance_count_24h"
 on_degraded = "highlight failing dimension and its current value"
 # ── Resources ──────────────────────────────────────────────────────────────────
 [resources]
 profile     = "light"
 compute     = "local — forge script + cast calls only; no Anvil or Docker startup required"
 rpc         = "Base network RPC ({rpc_url}) — read-only calls"
 concurrency = "safe to run in parallel with other formulas"
 # ── Notes ──────────────────────────────────────────────────────────────────────
 [notes]
 tvl_metric = """
 TVL is measured as LiquidityManager total ETH: free ETH + free WETH + ETH
 locked across all three Uniswap V3 positions (floor, anchor, discovery).
 Uses the same LmTotalEth.s.sol forge script as run-red-team to ensure
 consistent measurement methodology.
 """
 rebalance_staleness = """
 A zero rebalance_count_24h on an established deployment indicates the
 recenter() upkeep bot (services/txnBot) has stalled.  The "degraded"
 verdict triggers a planner alert.  On a fresh deployment (< 1 day old)
 zero rebalances is expected and does not trigger degraded.
 """
 fees_fallback = """
 accumulated_fees_eth falls back to 0 for deployments without fee tracking.
 The verdict is not affected by a zero fee value alone — only TVL and
 position_count drive the verdict.
 """
--- a/formulas/run-red-team.toml
+++ b/formulas/run-red-team.toml
@ -0,0 +1,257 @@
 # formulas/run-red-team.toml
 #
 # Adversarial red-team — spin up isolated stack, run adversarial agent against
 # the active optimizer, commit evidence, export newly discovered attack vectors.
 #
 # Type: act.  Produces evidence (floor held / broken) AND git artifacts
 #              (new attack vectors via PR to onchain/script/backtesting/attacks/).
 #
 # Depends on: #973 (evidence/red-team/ directory structure)
 #             #974 (promote-attacks.sh for attack vector export)
 [formula]
 id          = "run-red-team"
 name        = "Adversarial Red-Team"
 description = "Spin up isolated stack, run adversarial agent against the active optimizer, commit evidence, export new attack vectors."
 type        = "act"
 # "sense"  → read-only, produces metrics only
 # "act"    → produces git artifacts (cf. run-evolution, run-red-team)
 depends_on  = [973, 974]
 # ── Inputs ─────────────────────────────────────────────────────────────────────
 [inputs.candidate_name]
 type        = "string"
 required    = false
 default     = "unknown"
 description = "Human-readable label used in evidence records and attack filenames (passed as CANDIDATE_NAME)."
 [inputs.optimizer_profile]
 type        = "string"
 required    = false
 default     = "push3-default"
 description = "Named optimizer profile / variant (e.g. push3-default, evo_run004_champion) passed as OPTIMIZER_PROFILE."
 [inputs.attack_dir]
 type        = "string"
 required    = false
 default     = "onchain/script/backtesting/attacks"
 description = """
 Directory containing existing .jsonl attack patterns for the structured
 attack suite.  Forwarded to red-team.sh as ATTACK_DIR.
 """
 [inputs.claude_timeout]
 type        = "integer"
 required    = false
 default     = 7200
 description = "Timeout in seconds for the adversarial agent run (maps to CLAUDE_TIMEOUT env var)."
 # ── Execution ──────────────────────────────────────────────────────────────────
 #
 # red-team.sh owns the full lifecycle:
 # bootstrap-light → fund LM → snapshot → adversarial agent → collect
 # → promote-attacks (if floor broken) → deliver → teardown.
 #
 # CANDIDATE_NAME and OPTIMIZER_PROFILE label the evidence record and attack
 # filenames.  To deploy a specific Push3 candidate, set the CANDIDATE env var
 # (path to a .push3 file) — bootstrap-light.sh will transpile, recompile, and
 # upgrade the Optimizer proxy to OptimizerV3 (see notes.candidate_injection).
 [execution]
 script     = "scripts/harb-evaluator/red-team.sh"
 invocation = "CANDIDATE_NAME={candidate_name} OPTIMIZER_PROFILE={optimizer_profile} CLAUDE_TIMEOUT={claude_timeout} ATTACK_DIR={attack_dir} bash scripts/harb-evaluator/red-team.sh"
 # Exit codes propagated by red-team.sh:
 #   0  floor held (LM total ETH did not decrease)
 #   1  floor broken (adversary extracted ETH from LiquidityManager)
 #   2  infra error (Anvil unreachable, bootstrap failed, missing dependency, etc.)
 # ── Steps ──────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "stack-up"
 description = """
 Bootstrap an isolated Anvil fork with contracts deployed.
 scripts/harb-evaluator/bootstrap-light.sh:
  - Starts a fresh Anvil instance (or reuses one if already running).
  - Deploys KRK, LM, Stake, and OptimizerProxy via DeployLocal.sol.
  - Funds LM with 1 000 ETH (as WETH) and calls recenter() to deploy
    liquidity into positions — establishing a realistic baseline.
  - Verifies Anvil responds and all contract addresses are present in
    onchain/deployments-local.json before proceeding.
 When the CANDIDATE env var is set (path to a .push3 file), bootstrap-light.sh
 transpiles the candidate and upgrades the Optimizer proxy to OptimizerV3.
 See notes.candidate_injection for details.
 """
 [[steps]]
 id          = "run-attack-suite"
 description = """
 Run every existing .jsonl attack file in {attack_dir} through
 onchain/script/backtesting/AttackRunner.s.sol.
 For each file:
  - Record LM total ETH before and after via forge script LmTotalEth.s.sol.
  - Revert to the baseline Anvil snapshot between files so attacks are
    independent.
  - Emit one result entry: strategy name, abstract op pattern,
    floor held / broken, delta in basis points.
 This phase exhausts the known attack catalogue before the adversarial
 agent is given a turn, seeding its memory with which strategies are
 already understood.
 """
 attack_source = "{attack_dir}/*.jsonl"
 forge_script  = "onchain/script/backtesting/AttackRunner.s.sol"
 snapshot_mode = "revert-between-attacks"
 [[steps]]
 id          = "run-adversarial-agent"
 description = """
 Spawn the Claude adversarial agent (red-team-program.md prompt) with full
 write access to cast / forge / python3 / jq.
 Goal: make ethPerToken() decrease — i.e. extract ETH from LiquidityManager.
 The agent:
  1. Iterates freely: snapshot → craft novel attack → execute → measure
     → revert → repeat.
  2. Appends each attempted strategy to tmp/red-team-report.txt and
     tmp/red-team-stream.jsonl.
  3. On any confirmed ETH decrease: exports the winning op sequence to
     tmp/red-team-attacks.jsonl and continues searching.
 Runs until CLAUDE_TIMEOUT expires or the agent signals completion.
 """
 timeout_env = "CLAUDE_TIMEOUT"
 memory_file = "tmp/red-team-memory.jsonl"   # cross-run pattern learning
 report_file = "tmp/red-team-report.txt"
 stream_file = "tmp/red-team-stream.jsonl"
 [[steps]]
 id          = "collect"
 description = """
 After the agent run, red-team.sh:
  1. Reads LM total ETH after (forge script LmTotalEth.s.sol).
  2. Extracts strategy findings from tmp/red-team-stream.jsonl and appends
     them to tmp/red-team-memory.jsonl for cross-run learning.
  3. Exports the agent's cast send commands from the stream log to
     tmp/red-team-attacks.jsonl via export-attacks.py.
  4. Replays the exported sequence through AttackRunner.s.sol, writing full
     state snapshots to tmp/red-team-snapshots.jsonl (used for optimizer
     training; non-fatal if replay produces no output).
  5. Computes floor_held / floor_broken and writes evidence/red-team/{date}.json
     conforming to the schema in evidence/README.md ## Schema: red-team/.
 """
 output            = "evidence/red-team/{date}.json"
 schema            = "evidence/README.md"   # see ## Schema: red-team/YYYY-MM-DD.json
 side_output_file  = "tmp/red-team-snapshots.jsonl"   # AttackRunner state snapshots for optimizer training
 [[steps]]
 id          = "export-vectors"
 description = """
 Only runs when the floor is broken (BROKE=true in red-team.sh).
 If tmp/red-team-attacks.jsonl is non-empty, call promote-attacks.sh to open
 a Codeberg PR with the newly discovered attack vectors.
 promote-attacks.sh:
  - Deduplicates by op-type fingerprint against existing files in
    onchain/script/backtesting/attacks/.
  - Auto-classifies the attack type (staking, il-crystallization,
    floor-ratchet, fee-drain, lp-manipulation, floor-attack, …).
  - Creates a git branch, commits the new .jsonl, and opens a Codeberg PR
    targeting main, including the ETH extraction amount in the PR title and body.
  - Exits 0 when no novel patterns remain after deduplication (non-fatal).
 Skipped gracefully if CODEBERG_TOKEN and ~/.netrc are both absent.
 Not called when the floor holds — novel-but-non-exploiting patterns are
 not promoted.
 """
 script = "scripts/harb-evaluator/promote-attacks.sh"
 args   = "--attacks tmp/red-team-attacks.jsonl --candidate {candidate_name} --profile {optimizer_profile} --eth-extracted <delta_wei> --eth-before <lm_eth_before_wei>"
 # --eth-extracted and --eth-before are computed at runtime by red-team.sh (lm_eth_before − lm_eth_after)
 # and passed directly to promote-attacks.sh — they are not formula inputs.
 [[steps]]
 id          = "stack-down"
 description = """
 Tear down the Anvil instance started in stack-up.
 red-team.sh registers cleanup() as a shell trap (EXIT / INT / TERM):
  - Reverts to the baseline Anvil snapshot.
  - Kills the Claude sub-process if still running.
 Always runs — even on infra error — so port 8545 is not left occupied.
 """
 [[steps]]
 id          = "deliver"
 description = """
 Commit evidence/red-team/{date}.json to main and post a summary comment
 to the originating issue.
 Comment includes:
  - Verdict (floor_held / floor_broken).
  - ETH extracted (formatted in ETH) and delta in basis points.
  - Total attacks tried (agent-discovered count + structured suite count).
  - Link to committed evidence file.
  - If novel vectors were promoted: link to the attack-vector PR.
 On floor_broken: also include the highest-yield attack strategy name and
 its abstract op pattern.
 """
 # ── Products ───────────────────────────────────────────────────────────────────
 [products.evidence_file]
 path     = "evidence/red-team/{date}.json"
 delivery = "commit to main"
 schema   = "evidence/README.md"   # see ## Schema: red-team/YYYY-MM-DD.json
 [products.attack_vectors]
 path     = "onchain/script/backtesting/attacks/{attack_type}-{candidate_name}.jsonl"
 # {attack_type} is not a formula input — it is computed at runtime by
 # promote-attacks.sh's classifier (staking, il-crystallization, floor-ratchet, …).
 delivery = "PR to main"
 script   = "scripts/harb-evaluator/promote-attacks.sh"
 note     = "Only created when the floor is broken AND novel (deduplicated) attack vectors are discovered."
 [products.issue_comment]
 delivery   = "post to originating issue"
 content    = "verdict (floor_held/floor_broken), ETH extracted, attacks tried, link to evidence file; if vectors found: link to attack-vector PR"
 on_failure = "include highest-yield attack name and op pattern; full agent transcript available in tmp/red-team-stream.jsonl"
 # ── Resources ──────────────────────────────────────────────────────────────────
 [resources]
 profile     = "heavy"
 compute     = "local — Anvil fork + revm, no Docker required"
 rpc         = "Anvil (bootstrap-light, default port 8545)"
 agent       = "Claude (claude CLI, CLAUDE_TIMEOUT seconds)"
 concurrency = "exclusive — shares Anvil port 8545 with run-holdout and other heavy formulas"
 # ── Notes ──────────────────────────────────────────────────────────────────────
 [notes]
 floor_metric = """
 The primary safety metric is LM total ETH: free ETH + free WETH + ETH locked
 across all three Uniswap V3 positions (floor, anchor, discovery).
 Measured via forge script LmTotalEth.s.sol using exact Uniswap V3 integer
 math (LiquidityAmounts + TickMath).  A decrease in total ETH = floor broken.
 """
 attack_dedup = """
 promote-attacks.sh fingerprints each candidate attack by its abstract op
 sequence (e.g. wrap → buy → stake → recenter_multi → sell) and compares
 against all existing files in onchain/script/backtesting/attacks/.
 Only genuinely novel sequences are included in the PR — duplicate
 rediscoveries are silently dropped and the step exits 0.
 """
 candidate_injection = """
 Push3 candidate injection is supported via the CANDIDATE env var in
 bootstrap-light.sh.  When CANDIDATE points to a .push3 file the script:
  1. Invokes push3-transpiler to regenerate OptimizerV3Push3.sol.
  2. Extracts the function body into OptimizerV3Push3Lib.sol (shared library).
  3. Deploys contracts normally via DeployLocal.sol (Optimizer v1 behind UUPS proxy).
  4. Deploys a fresh OptimizerV3 implementation and upgrades the proxy via upgradeTo().
 The candidate_name and optimizer_profile inputs remain metadata-only (evidence
 records, attack filenames, PR titles).
 """
 run_attack_suite_gap = """
 The run-attack-suite step is implemented in red-team.sh (step 5a).  It loops
 through every *.jsonl file in the attack directory, replays each through
 AttackRunner.s.sol, records LM total ETH before/after with snapshot revert
 between files, and injects results into the agent prompt.
 """
--- a/formulas/run-resources.toml
+++ b/formulas/run-resources.toml
@ -0,0 +1,155 @@
 # formulas/run-resources.toml
 #
 # Infrastructure resource snapshot — collect disk usage, RAM trends,
 # Anthropic API call counts and budget burn, and Woodpecker CI queue depth.
 # Write a structured JSON evidence file for planner and predictor consumption.
 #
 # Type: sense.  Read-only — produces metrics only, no git artifacts.
 #
 # Staleness threshold: 1 day (matches evidence/resources/ schema).
 # Cron: daily at 06:00 UTC.
 [formula]
 id          = "run-resources"
 name        = "Infrastructure Resource Snapshot"
 description = "Collect disk, RAM, API usage, Anthropic budget burn, and CI queue depth; write evidence/resources/{date}.json."
 type        = "sense"
 # "sense"  → read-only, produces metrics only
 # "act"    → produces git artifacts (cf. run-evolution, run-red-team)
 # ── Cron ───────────────────────────────────────────────────────────────────────
 [cron]
 schedule    = "0 6 * * *"   # daily at 06:00 UTC
 description = "Matches 1-day staleness threshold — one snapshot per day keeps the record fresh."
 # ── Inputs ─────────────────────────────────────────────────────────────────────
 [inputs.disk_path]
 type        = "string"
 required    = false
 default     = "/"
 description = "Filesystem path to measure disk usage for (passed to df)."
 [inputs.anthropic_budget_usd_limit]
 type        = "number"
 required    = false
 default     = 50.0
 description = "Configured Anthropic budget ceiling in USD. Used to compute budget_pct in the evidence record."
 [inputs.woodpecker_api_url]
 type        = "string"
 required    = false
 default     = "http://localhost:8090"
 description = "Base URL of the Woodpecker CI API. Set to empty string to skip CI metrics."
 # ── Execution ──────────────────────────────────────────────────────────────────
 [execution]
 script     = "scripts/harb-evaluator/run-resources.sh"
 invocation = "DISK_PATH={disk_path} ANTHROPIC_BUDGET_USD_LIMIT={anthropic_budget_usd_limit} WOODPECKER_API_URL={woodpecker_api_url} bash scripts/harb-evaluator/run-resources.sh"
 # Exit codes:
 #   0  snapshot written successfully
 #   2  infrastructure error (disk command unavailable, JSON write failed, etc.)
 # ── Steps ──────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "collect-disk"
 description = """
 Measure disk usage on {disk_path} via `df -B1 {disk_path}`.
 Extract used_bytes, total_bytes, and used_pct.
 """
 [[steps]]
 id          = "collect-ram"
 description = """
 Measure RAM usage via `free -b` (Linux) or `vm_stat` (macOS).
 Extract used_bytes, total_bytes, and used_pct.
 """
 [[steps]]
 id          = "collect-api"
 description = """
 Collect Anthropic API metrics:
  - anthropic_calls_24h: count of API calls in the past 24 hours (read from
    tmp/anthropic-call-log.jsonl if present; 0 if absent).
  - anthropic_budget_usd_used: sum of cost_usd entries in the call log for
    the current calendar day (UTC); 0 if log absent.
  - anthropic_budget_usd_limit: from {anthropic_budget_usd_limit} input.
  - anthropic_budget_pct: used / limit * 100 (0 if limit = 0).
 """
 call_log    = "tmp/anthropic-call-log.jsonl"
 [[steps]]
 id          = "collect-ci"
 description = """
 Query Woodpecker CI API for queue state.
 GET {woodpecker_api_url}/api/queue/info:
  - woodpecker_queue_depth: length of the waiting queue.
  - woodpecker_running: count of currently running jobs.
 Skipped gracefully (fields set to null) when {woodpecker_api_url} is empty
 or the endpoint is unreachable.
 """
 [[steps]]
 id          = "collect"
 description = """
 Assemble all collected metrics into evidence/resources/{date}.json.
 Compute verdict:
  - "critical" if disk_used_pct ≥ 95, ram_used_pct ≥ 95,
    or anthropic_budget_pct ≥ 95.
  - "warn"     if disk_used_pct ≥ 80, ram_used_pct ≥ 80,
    or anthropic_budget_pct ≥ 80.
  - "ok"       otherwise.
 Write the file conforming to the schema in evidence/README.md
 ## Schema: resources/YYYY-MM-DD.json.
 """
 output = "evidence/resources/{date}.json"
 schema = "evidence/README.md"   # see ## Schema: resources/YYYY-MM-DD.json
 [[steps]]
 id          = "deliver"
 description = """
 Commit evidence/resources/{date}.json to main.
 Post a one-line summary comment to the originating issue (if any):
  verdict, disk_used_pct, ram_used_pct, anthropic_budget_pct, ci queue depth.
 On "warn" or "critical": highlight the breaching dimensions.
 """
 # ── Products ───────────────────────────────────────────────────────────────────
 [products.evidence_file]
 path     = "evidence/resources/{date}.json"
 delivery = "commit to main"
 schema   = "evidence/README.md"   # see ## Schema: resources/YYYY-MM-DD.json
 [products.issue_comment]
 delivery   = "post to originating issue (if any)"
 content    = "verdict, disk_used_pct, ram_used_pct, anthropic_budget_pct, ci queue depth"
 on_warn    = "highlight breaching dimensions and current values"
 # ── Resources ──────────────────────────────────────────────────────────────────
 [resources]
 profile     = "light"
 compute     = "local — shell commands only (df, free, curl); no Docker or Anvil required"
 concurrency = "safe to run in parallel with other formulas"
 # ── Notes ──────────────────────────────────────────────────────────────────────
 [notes]
 call_log = """
 tmp/anthropic-call-log.jsonl is expected to have one JSON object per line,
 each with at minimum:
  { "ts": "<ISO timestamp>", "cost_usd": <number> }
 The file is written by the dark-factory agent loop.  When absent the API
 metrics default to 0 — the snapshot is still written rather than failing.
 """
 disk_warn = """
 Planner MEMORY.md (2026-03-20) notes disk at 79%.  The "warn" threshold
 (≥80%) will fire on the first run-resources pass.  Monitor trajectory;
 evidence pipeline data accumulation will increase disk pressure.
 """
--- a/formulas/run-user-test.toml
+++ b/formulas/run-user-test.toml
@ -0,0 +1,109 @@
 # formulas/run-user-test.toml
 #
 # Persona-based UX evaluation against the harb stack.
 #
 # Type: sense — produces UX metrics, changes no code or contracts.
 # The formula spins up a full self-contained stack, runs Playwright against
 # all 5 personas, collects structured reports, then tears the stack down.
 [formula]
 id          = "run-user-test"
 type        = "sense"
 description = "Persona-based UX evaluation against the harb stack"
 depends_on  = [973]   # evidence directory structure must exist
 # ── Stack management ─────────────────────────────────────────────────────────
 # The formula is self-contained: it starts and stops its own stack.
 [stack]
 start_cmd  = "./scripts/dev.sh start"
 health_cmd = "./scripts/dev.sh health"
 stop_cmd   = "./scripts/dev.sh stop"
 # ── Inputs ───────────────────────────────────────────────────────────────────
 # 5 personas across 2 funnels. Each persona has a dedicated Playwright spec
 # that simulates the full journey: connect wallet → mint ETH → buy KRK →
 # stake → verify position.
 [[inputs.funnels]]
 name = "passive-holder"
  [[inputs.funnels.personas]]
  name    = "tyler"
  display = "Tyler 'Bags' Morrison"
  spec    = "tests/e2e/usertest/tyler-retail-degen.spec.ts"
  [[inputs.funnels.personas]]
  name    = "alex"
  display = "Alex Rivera"
  spec    = "tests/e2e/usertest/alex-newcomer.spec.ts"
  [[inputs.funnels.personas]]
  name    = "sarah"
  display = "Sarah Park"
  spec    = "tests/e2e/usertest/sarah-yield-farmer.spec.ts"
 [[inputs.funnels]]
 name = "staker"
  [[inputs.funnels.personas]]
  name    = "priya"
  display = "Dr. Priya Malhotra"
  spec    = "tests/e2e/usertest/priya-institutional.spec.ts"
  [[inputs.funnels.personas]]
  name    = "marcus"
  display = "Marcus 'Flash' Chen"
  spec    = "tests/e2e/usertest/marcus-degen.spec.ts"
 # ── Steps ────────────────────────────────────────────────────────────────────
 [[steps]]
 id          = "stack-up"
 description = "Spin up full stack (boots Docker services, waits for health)"
 run         = "./scripts/dev.sh start"
 [[steps]]
 id          = "run-personas"
 description = "Run all 5 personas via Playwright (workers=1, sequential to avoid account conflicts)"
 run         = "./scripts/run-usertest.sh"
 after       = ["stack-up"]
 [[steps]]
 id          = "collect"
 description = "Aggregate per-persona JSON reports from tmp/usertest-results/ into evidence/user-test/{date}.json"
 output      = "evidence/user-test/{date}.json"
 schema      = "evidence/README.md#user-test"
 after       = ["run-personas"]
 [[steps]]
 id          = "stack-down"
 description = "Tear down stack"
 run         = "./scripts/dev.sh stop"
 after       = ["collect"]
 [[steps]]
 id          = "deliver"
 description = "Commit evidence file to main and post summary to issue as comment"
 after       = ["collect"]
 # ── Products ─────────────────────────────────────────────────────────────────
 # Three outputs following the standard evidence delivery pattern:
 #   1. evidence file  → committed to main
 #   2. screenshots    → referenced inside the evidence file
 #   3. summary        → posted as issue comment
 [[products]]
 type        = "evidence"
 path        = "evidence/user-test/{date}.json"
 schema      = "evidence/README.md#user-test"
 destination = "commit"
 [[products]]
 type        = "screenshots"
 path        = "test-results/usertest/"
 destination = "evidence-ref"   # paths recorded in the evidence file, not committed separately
 [[products]]
 type        = "summary"
 destination = "issue-comment"
--- a/gardener/dust.jsonl
+++ b/gardener/dust.jsonl
--- a/gardener/pending-actions.json
+++ b/gardener/pending-actions.json
@ -0,0 +1 @@
 []
--- a/kraiken-lib/.gitignore
+++ b/kraiken-lib/.gitignore
@ -1,2 +1,2 @@
 dist
-node_modules
+coverage
--- a/kraiken-lib/AGENTS.md
+++ b/kraiken-lib/AGENTS.md
@ -1,3 +1,4 @@
 <!-- last-reviewed: baa501fa46355f7b04bffdf386d397ad19f69298 -->
 # Kraiken Library - Agent Guide
 Shared TypeScript helpers used by the landing app, txnBot, and other services to talk to KRAIKEN contracts and the Ponder GraphQL API.
@ -8,11 +9,10 @@ Shared TypeScript helpers used by the landing app, txnBot, and other services to
 - Centralise staking math (tax calculations, snatch selection, share conversions) for reuse across clients.
 ## Key Modules
- `src/kraiken.ts` - Token-facing helpers and supply utilities.
+- `src/staking.ts` - Harberger staking helpers for delinquency checks and snatch math.
- `src/stake.ts` - Staking math, Harberger tax helpers, snatch scoring.
+- `src/snatch.ts` - Snatch selection engine and supporting types.
- `src/chains.ts` - Chain constants and deployment metadata.
+- `src/ids.ts` - Position ID encoding helpers.
- `src/queries/` - GraphQL operations that target the Ponder schema.
+- `src/subgraph.ts` - Byte utilities shared between the GraphQL layer and clients.
 - `src/__generated__/graphql.ts` - Codegen output consumed throughout the stack.
 - `src/abis.ts` - Contract ABIs imported directly from `onchain/out/` forge artifacts. Single source of truth for all ABI consumers.
 - `src/taxRates.ts` - Generated from `onchain/src/Stake.sol` by `scripts/sync-tax-rates.mjs`; never edit by hand.
 - `src/version.ts` - Version validation system tracking `KRAIKEN_LIB_VERSION` and `COMPATIBLE_CONTRACT_VERSIONS` for runtime dependency checking.
@ -29,20 +29,25 @@ Shared TypeScript helpers used by the landing app, txnBot, and other services to
 - `npm test` - Execute Jest suite for helper coverage.
 ## Integration Notes
- Landing app consumes helpers for UI projections and staking copy.
+- Landing app consumes `kraiken-lib/abis`, `kraiken-lib/staking`, and `kraiken-lib/subgraph` for ABI resolution and ID conversion.
- txnBot relies on the same helpers to evaluate profitability and tax windows.
+- txnBot relies on `kraiken-lib/staking` and `kraiken-lib/ids` to evaluate profitability and tax windows.
 - Ponder imports `kraiken-lib/abis` for indexing, and `kraiken-lib/version` for cross-service version checks.
 - When the Ponder schema changes, rerun `npm run compile` and commit regenerated types to prevent drift.
 ## Import Guidance
 - The legacy `helpers.ts` barrel has been removed. Always import from the narrow subpaths (e.g. `kraiken-lib/abis`, `kraiken-lib/staking`, `kraiken-lib/snatch`, `kraiken-lib/subgraph`).
 - Avoid importing `kraiken-lib` directly; the root module no longer re-exports the helper surface and exists only to raise build-time errors for bundle imports.
 ## ES Module Architecture
 - **Module Type**: This package is built as ES modules (`"type": "module"` in package.json). All consumers must support ES modules.
- **Import Extensions**: All relative imports in TypeScript source files MUST include `.js` extensions (e.g., `from "./helpers.js"`). This is required for ES module resolution even though the source files are `.ts`.
+- **Import Extensions**: All relative imports in TypeScript source files MUST include `.js` extensions (e.g., `from "./staking.js"`). This is required for ES module resolution even though the source files are `.ts`.
 - **JSON Imports**: JSON files (like ABI artifacts) must use import assertions: `import Foo from './path.json' assert { type: 'json' }`.
 - **TypeScript Config**: `tsconfig.json` must specify:
  - `"module": "esnext"` - Generate ES module syntax
  - `"moduleResolution": "node"` - Enable proper module resolution
  - `"rootDir": "./src"` - Ensure flat output structure in `dist/`
 - **Build Output**: Running `npx tsc` produces ES module `.js` files in `dist/` that can be consumed by both browser (Vite) and Node.js (≥14 with `"type": "module"`).
- **Container Mount**: Podman/Docker services now bind-mount `dist/` read-only from the host. Run `./scripts/build-kraiken-lib.sh` before `podman-compose up` or keep `scripts/watch-kraiken-lib.sh` running to rebuild automatically.
+- **Container Mount**: Docker services bind-mount `dist/` read-only from the host. Run `./scripts/build-kraiken-lib.sh` before `docker-compose up` or keep `scripts/watch-kraiken-lib.sh` running to rebuild automatically.
 ## Quality Guidelines
 - Keep helpers pure and side-effect free; they should accept explicit dependencies.
--- a/kraiken-lib/README.md
+++ b/kraiken-lib/README.md
@ -16,7 +16,7 @@ yarn add kraiken-lib
 then
 ```
-import { bytesToUint256LittleEndian, uint256ToBytesLittleEndian } from "kraiken-lib";
+import { bytesToUint256LittleEndian, uint256ToBytesLittleEndian } from "kraiken-lib/subgraph";
 uint256ToBytesLittleEndian(3n);
 ```
@ -24,7 +24,7 @@ uint256ToBytesLittleEndian(3n);
 ## get Snatch List
 ```
-import { getSnatchList } from "kraiken-lib";
+import { getSnatchList } from "kraiken-lib/snatch";
 const positionIds = getSnatchList(positions, neededShares, maxTaxRateDecimal, stakeTotalSupply);
 ```
--- a/kraiken-lib/jest.config.cjs
+++ b/kraiken-lib/jest.config.cjs
@ -1,5 +0,0 @@
 module.exports = {
  preset: 'ts-jest',
  testEnvironment: 'node',
  maxWorkers: 1
 };
--- a/kraiken-lib/package-lock.json
+++ b/kraiken-lib/package-lock.json
--- a/kraiken-lib/package.json
+++ b/kraiken-lib/package.json
@ -1,7 +1,8 @@
 {
  "name": "kraiken-lib",
-  "version": "0.2.0",
+  "version": "1.0.0",
  "description": "helper functions and snatch selection",
  "packageManager": "npm@11.6.1",
  "type": "module",
  "main": "dist/index.js",
  "types": "dist/index.d.ts",
@ -11,11 +12,6 @@
      "require": "./dist/index.js",
      "import": "./dist/index.js"
    },
    "./helpers": {
      "types": "./dist/helpers.d.ts",
      "require": "./dist/helpers.js",
      "import": "./dist/helpers.js"
    },
    "./ids": {
      "types": "./dist/ids.d.ts",
      "require": "./dist/ids.js",
@ -50,13 +46,24 @@
      "types": "./dist/version.d.ts",
      "require": "./dist/version.js",
      "import": "./dist/version.js"
    },
    "./position": {
      "types": "./dist/position.d.ts",
      "require": "./dist/position.js",
      "import": "./dist/position.js"
    },
    "./format": {
      "types": "./dist/format.d.ts",
      "require": "./dist/format.js",
      "import": "./dist/format.js"
    }
  },
  "files": [
    "/dist"
  ],
  "scripts": {
-    "test": "jest",
+    "test": "vitest run",
    "test:coverage": "vitest run --coverage",
    "compile": "graphql-codegen",
    "watch": "graphql-codegen -w",
    "lint": "eslint 'src/**/*.ts'",
@ -74,7 +81,8 @@
  "dependencies": {
    "@apollo/client": "^3.9.10",
    "graphql": "^16.8.1",
-    "graphql-tag": "^2.12.6"
+    "graphql-tag": "^2.12.6",
    "viem": "^2.22.13"
  },
  "devDependencies": {
    "@graphql-codegen/cli": "^5.0.2",
@ -82,16 +90,16 @@
    "@graphql-codegen/typescript": "^4.0.6",
    "@graphql-codegen/typescript-operations": "^4.2.0",
    "@graphql-typed-document-node/core": "^3.2.0",
    "@types/jest": "^29.5.12",
    "@types/node": "^24.6.0",
    "@typescript-eslint/eslint-plugin": "^8.45.0",
    "@typescript-eslint/parser": "^8.45.0",
    "@vitest/coverage-v8": "^3.0.0",
    "eslint": "^9.36.0",
    "husky": "^9.1.7",
    "jest": "^29.7.0",
    "lint-staged": "^16.2.3",
    "picomatch": "^4.0.3",
    "prettier": "^3.6.2",
-    "ts-jest": "^29.1.2",
+    "typescript": "^5.4.3",
-    "typescript": "^5.4.3"
+    "vitest": "^3.0.0"
  }
 }
--- a/kraiken-lib/src/abis.ts
+++ b/kraiken-lib/src/abis.ts
@ -18,8 +18,28 @@ export const KRAIKEN_ABI = KraikenForgeOutput.abi;
 */
 export const STAKE_ABI = StakeForgeOutput.abi;
 /**
 * LiquidityManager events-only ABI
 * Tracks recenters, ETH reserve, and VWAP data
 */
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export const LiquidityManagerAbi = [
  {"type":"event","name":"EthAbundance","inputs":[{"name":"currentTick","type":"int24","indexed":false},{"name":"ethBalance","type":"uint256","indexed":false},{"name":"outstandingSupply","type":"uint256","indexed":false},{"name":"vwap","type":"uint256","indexed":false},{"name":"vwapTick","type":"int24","indexed":false}],"anonymous":false},
  {"type":"event","name":"EthScarcity","inputs":[{"name":"currentTick","type":"int24","indexed":false},{"name":"ethBalance","type":"uint256","indexed":false},{"name":"outstandingSupply","type":"uint256","indexed":false},{"name":"vwap","type":"uint256","indexed":false},{"name":"vwapTick","type":"int24","indexed":false}],"anonymous":false},
  {"type":"event","name":"Recentered","inputs":[{"name":"currentTick","type":"int24","indexed":true},{"name":"isUp","type":"bool","indexed":true}],"anonymous":false}
 ] as const;
 export const LM_ABI = LiquidityManagerAbi;
 // Re-export for convenience
 export const ABIS = {
  Kraiken: KRAIKEN_ABI,
  Stake: STAKE_ABI,
  LiquidityManager: LM_ABI,
 } as const;
 // Backward-compatible aliases
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export const KraikenAbi = KRAIKEN_ABI;
 // eslint-disable-next-line @typescript-eslint/naming-convention
 export const StakeAbi = STAKE_ABI;
--- a/kraiken-lib/src/format.ts
+++ b/kraiken-lib/src/format.ts
@ -0,0 +1,33 @@
 import { formatUnits } from 'viem';
 /** Convert wei (bigint or string) to a JS number. Core primitive. */
 export function weiToNumber(value: bigint | string, decimals = 18): number {
  const bi = typeof value === 'string' ? BigInt(value || '0') : (value ?? 0n);
  return Number(formatUnits(bi, decimals));
 }
 /** Format wei to fixed decimal string (e.g. "0.00123") */
 export function formatWei(value: bigint | string, decimals = 18, digits = 5): string {
  const num = weiToNumber(value, decimals);
  return num === 0 ? '0' : num.toFixed(digits);
 }
 /** Format number to compact display (e.g. "1.23K", "4.56M") */
 export function compactNumber(value: number): string {
  return Intl.NumberFormat('en-US', {
    notation: 'compact',
    maximumFractionDigits: 2,
  }).format(value);
 }
 /** Format number with commas (e.g. "1,234,567") */
 export function commaNumber(value: number): string {
  if (!Number.isFinite(value)) return '0';
  return value.toLocaleString('en-US');
 }
 /** Format a token amount with comma grouping and 2 decimal places (e.g. "1,234.56") */
 export function formatTokenAmount(value: number): string {
  if (!isFinite(value)) return '0.00';
  return value.toLocaleString('en-US', { minimumFractionDigits: 2, maximumFractionDigits: 2 });
 }
--- a/kraiken-lib/src/helpers.ts
+++ b/kraiken-lib/src/helpers.ts
@ -1,4 +0,0 @@
 export * from './staking.js';
 export * from './snatch.js';
 export * from './ids.js';
 export * from './taxRates.js';
--- a/Show more
+++ b/Show more