===== /home/yeff/public_html/devon/panel/data/master_architecture_index.md =====
-rwxr-xr-x 1 root root 50K Apr  9 08:49 /home/yeff/public_html/devon/panel/data/master_architecture_index.md

# DEVON - MASTER ARCHITECTURE INDEX

<!-- CHECKPOINT_2026_04_03_SEMANTIC_RUNTIME_UI -->

## Checkpoint 2026-04-03 — Semantic Runtime Reading Canon

### Validated closure
- `build_runtime_contracts.py` already emits canonical runtime contracts with explicit semantics.
- `collect_runtime.py` was refactored so `runtime_status.json` now preserves semantic fields from the registry snapshot into final published runtime rows.
- The Devon collector now emits semantically typed rows including:
  - `row_kind`
  - `semantic_scope`
  - `counts_toward_completion`
  - `display_in_cards`
  - `display_in_donuts`
  - `ui_group`
  - `source_contract`
  - `status_resolution`
  - `rollup_source`
- `stage_rollup` is now a sovereign runtime row type and its `progress_pct` is the canonical source for stage completion in the UI.
- `project_progress.json` remains the sovereign source for global project completion.
- `export_panel_runtime.sh` was validated as the Devon → Waresite publication bridge for:
  - `runtime_snapshot.json`
  - `runtime_status.json`
  - `host_runtime.json`
  - `docker_runtime.json`
  - `project_progress.json`

### Mandatory semantic runtime rule
Any runtime row that feeds UI completion or operational grouping must be published by Devon with explicit semantic boundaries. Minimum required fields:
- `deployment_stage`
- `subcategory`
- `row_kind`
- `semantic_scope`
- `counts_toward_completion`
- `display_in_cards`
- `display_in_donuts`
- `ui_group`
- `source_contract`

### Mandatory UI reading rule
- Waresite UI must read completion only from declared semantics emitted by Devon.
- Global project completion must read from `project_progress.json`.
- Stage completion must read from `stage_rollup.progress_pct`.
- Subcategory cards must not render percentage donuts when `completionRows == 0`.
- If a runtime row is visible but not eligible for completion, the UI must render `MISSING / not eligible`, never `0%`.
- No semantic mixing between rollup rows and item rows in the same completion calculation.

### Canonical closure reached on 2026-04-03
The semantic runtime bottleneck is considered closed under the following validated path:
1. Devon server changes observable state
2. `collect_runtime.py` regenerates sovereign runtime artifacts
3. `export_panel_runtime.sh` synchronizes runtime artifacts to Waresite
4. Operator Panel reads published semantics without manual donut patching for new server-side evidence

### Operational implication
- The UI is now render-only relative to runtime semantics.
- Newly installed or configured Devon components must appear through collector + export, not through Waresite-side workaround patches.
- Future work returns to Devon server configuration and host/runtime expansion.

<!-- /CHECKPOINT_2026_04_03_SEMANTIC_RUNTIME_UI -->


### Material Devon runtime-contract artifacts now validated
The following files already exist materially on the Devon server and must be treated as the current runtime-contract artifacts in force:

- Canonical expected-runtime manifest: `/opt/devon/canon/runtime_expected_manifest.json`
- Canonical probe registry: `/opt/devon/canon/runtime_probe_registry.json`
- Contract builder/compiler: `/opt/devon/bin/build_runtime_contracts.py`

These artifacts are the current material base for runtime expectation + probe execution mapping.
They already exist and therefore must be referenced explicitly in continuity and master before any attempt to invent parallel contract files.

version: v3.0
status: ACTIVE
mode: CANONICAL_ROOT
role: supreme_reference

## 1. SYSTEM IDENTITY
Devon is a first-party cognitive development control plane.

It is designed to:
- architect
- validate
- generate
- canonize
- execute
- benchmark
- observe
- promote

All operations follow:
- sandbox-first execution
- evidence-based validation
- PASS / FAIL / MISSING rules


## 1.1 OPERATIONAL CONTEXT RULE

All Devon operations MUST start with canonical context reconstruction.

Mandatory command:
`/home/yeff/public_html/devon/context_dump.sh`

Rules:
- no analysis without dump
- no patch without dump
- no context = MISSING
- ChatGPT memory is NOT a valid source of truth
- only server evidence defines system state

This rule is non-optional and applies to all execution flows.


## 2. GLOBAL STATUS MODEL
PASS = observable evidence exists and validation passes
FAIL = observable evidence exists and validation fails
MISSING = no observable evidence
PLANNED = formally defined but not yet materially present

No inference allowed.

## 3. SUPREME REFERENCE LAW
If a file is not registered in this master index, it does not exist for Devon canonical governance.

This file is the highest human-readable reference for:
- canonical file existence
- file role
- phase ownership
- authority ownership
- precedence and conflict resolution
- structured canon registration

## 4. CANONICAL ROOT

Devon canonical structure is composed of two distinct but complementary roots:

### 4.1 DATA ROOT (UI / Runtime / Contracts)
`/home/yeff/public_html/devon/panel/data/`

Purpose:
- UI data source
- runtime artifacts
- contracts and schemas
- documentation hub bridge

### 4.2 GOVERNANCE ROOT (Operational Canon)
`/home/yeff/public_html/devon/canon/`

Purpose:
- operational rules
- decision registry
- execution flow
- project scope and boundaries
- continuity and next actions

Rule:
- panel/data = system state
- canon = system governance

Both roots are mandatory and must remain strictly separated.

## 5. DOCUMENTATION MODEL
Devon canonical documentation is composed of:
- authority documents
- satellite documents
- structured canonical JSON artifacts
- runtime/support JSON artifacts
- panel/documentation bridge artifacts

Rule:
one concept = one primary authority

A concept may be referenced by multiple files, but only one file may define its sovereign canonical meaning.

## 6. DOCUMENT PRECEDENCE RULE
If two files mention the same concept, precedence is:

1. this master index decides registration and ownership
2. the designated authority file defines the sovereign meaning
3. structured canonical JSON defines machine-readable enforcement
4. satellite files may contextualize but may not redefine
5. runtime/support files may operationalize but may not redefine canon

## 7. CANONICAL ORGANIZATION MODEL

This master index is organized by two mandatory axes:

1. canonical layer
2. installation / configuration order

Rule:
- layer defines cognitive and operational classification
- phase origin preserves real installation and configuration sequence
- no layer may break deployment order
- no categorization may override operational dependency

System flow:
Strategy → Architecture → Delivery → Runtime → Trust → Memory

Cross-layer mandatory controls:
- release artifact hygiene must be defined before unrestricted promotion
- distribution and packaging observability must exist before runtime evidence is treated as operationally complete
- environment-specific exposure policy must exist before memory-bearing runtime is treated as trusted

## 8. LAYERED CANONICAL INDEX

### 8.1 STRATEGY LAYER
Purpose:
defines what is being built, why it exists, under which scope, rules and environment constraints.

Installation/configuration order:
this layer comes first.

Phase origin:
- Phase 01 - Overview & Scope

Authority and registered files:

#### 8.1.1 System Root and Registration

===== /home/yeff/public_html/devon/panel/data/devon_continuity.md =====
-rwxr-xr-x 1 root root 15K Apr  9 00:20 /home/yeff/public_html/devon/panel/data/devon_continuity.md

# DEVON CONTINUITY

<!-- CHECKPOINT_2026_04_09_CANON_CLEANUP_MONITORING -->

## Checkpoint 2026-04-09 — Canon Cleanup + Monitoring Layer

### O que foi feito
- Limpeza completa de arquivos órfãos no Waresite /panel/data
- Limpeza de baks no Devon /opt/devon/bin e /opt/devon/canon
- runtime_row_semantics_canonical.json criado no disco e registrado no master
- monitoring_canonical.json criado — define CPU, memory, disk, network, containers, nginx, security
- sse_bridge_canonical.json criado — transport SSE PLANNED, push_snapshot ainda ACTIVE
- master_architecture_index.md atualizado: seção 8.7, Phase 10, 11.2, 11.3
- hub_index.json atualizado: 10 phases, 12 categories, monitoring_observability adicionado
- project_progress_canonical.json e project_progress_model.json registrados em overview_scope
- runtime_row_semantics_canonical registrado em observability_audit
- Export script Devon corrigido para sincronizar canon completo (panel_export/current)
- DH funcionando e refletindo tudo corretamente

### Próximo passo
- Refatorar Operator Panel (UI) — novo chat
- Após UI: implementar SSE bridge Devon → Waresite
- Após SSE: remover export_panel_runtime.sh

<!-- /CHECKPOINT_2026_04_09_CANON_CLEANUP_MONITORING -->


<!-- CHECKPOINT_2026_04_03_SEMANTIC_RUNTIME_UI -->

## Checkpoint 2026-04-03 — Semantic Runtime Reading Canon

### Real state validated
- Devon is already emitting real runtime for host, docker, pipeline and project progress.
- Waresite is already consuming published runtime rows from Devon.
- The UI numbers are not being filled manually.
- The current problem is semantic, not cosmetic and not “manual digit editing”.

### Structural diagnosis
- The Operator Panel is still grouping runtime rows with insufficient semantic separation.
- Some visual groups are mixing rollup rows, matrix-derived rows and item-level runtime rows.
- This makes some donuts mathematically calculated but semantically invalid.
- The correct correction is not another ad hoc UI patch.
- The correct correction is explicit semantic typing in the runtime publication contract.

### Sovereign rule now in force
- Devon must publish runtime truth with explicit row semantics.
- Waresite UI must only consume published runtime truth and declared row meaning.
- Canon stays canonical.
- Runtime stays operational.
- UI stays render-only.
- No manual UI recognition workflow is allowed as normal operating mode.
- No ambiguous row grouping is allowed for completion semantics.

### Mandatory next correction
- Canonize the runtime row semantics model.
- Keep the probe-registry model as mandatory architecture.
- Bind every emitted row to an explicit `row_kind` and `semantic_scope`.
- Refactor `collect_runtime.py` and export artifacts to publish semantically typed rows.
- Keep `Canon -> DH -> UI` intact, but eliminate semantic ambiguity in runtime consumption.

<!-- /CHECKPOINT_2026_04_03_SEMANTIC_RUNTIME_UI -->


### Material Devon runtime-contract artifacts now validated
The following files already exist materially on the Devon server and are the current runtime-contract base in force:

- `/opt/devon/canon/runtime_expected_manifest.json`
- `/opt/devon/canon/runtime_probe_registry.json`
- `/opt/devon/bin/build_runtime_contracts.py`

Operational reading:
- `runtime_expected_manifest.json` is the expected-runtime manifest.
- `runtime_probe_registry.json` is the probe registry.
- `build_runtime_contracts.py` is the builder/compiler that generates these contracts.

Rule now fixed:
- Do not invent a parallel canonical file when the contract base already exists materially in Devon.
- Any semantic/runtime correction must start from these files first.

## 1. MEMORY

### 1.1 Project Identity
- Devon is the cognitive development control plane of the YEFF architecture.
- Waresite server hosts the canonical documentation, Documentation Hub, and Operational UI.
- Devon server is the origin of real runtime, host, container, and execution data.
- The Operational UI does not define truth. It validates and exposes canonical truth.

### 1.2 Canonical References
- Canonical root: `/home/yeff/public_html/devon/panel/data/master_architecture_index.md`
- Canonical child-files: markdown and JSON artifacts referenced by the canonical root
- Canonical contracts: JSON/YAML files consumed by the Documentation Hub and Operational UI
- Canonical continuity file: `/home/yeff/public_html/devon/panel/data/devon_continuity.md`

### 1.3 Fixed Rules
- Evidence first, patch after.
- No guessing.
- No fake status or fake progress.
- Allowed status model is evidence-based and boolean.
- If something does not exist observably, the only allowed status is `MISSING`.
- Operational UI validates canonical contracts. It does not invent architecture.
- Waresite hosts canonical documentation and UI.
- Devon hosts real runtime and operational execution.
- Any new operational discovery must follow canonical expansion order.
- Canonical expansion order is mandatory: `Canon -> DH -> UI`.

### 1.4 Canonized Decisions
- The project truth is defined by canonical documentation, not by chat memory.
- `master_architecture_index.md` remains the canonical root.
- `devon_continuity.md` is the canonical continuity layer between chats.
- The continuity model is divided into two macrosections: `MEMORY` and `TODO`.
- The Operational UI is the operational validation layer, not the source of truth.
- Any new item discovered during server installation/configuration must be canonized before entering DH or UI.

### 1.5 Completed Milestones
- Documentation Hub baseline is already established.
- Operational UI baseline has been finalized as current operational reference.
- The continuity strategy between chats has been defined.
- Canonical expansion flow has been defined.
- Waresite has been defined as the canonical documentation host.
- Devon has been defined as the real runtime source.

### 1.6 Stable Context
- There are two distinct servers in this architecture:
  - Waresite: canonical documentation, DH, Operational UI
  - Devon: runtime origin, host state, containers, execution
- Server work must converge to canon already defined in Waresite.
- Canon must always lead implementation.

## 2. TODO

### 2.1 Current Focus
- Replace ambiguous UI/runtime reading with a sovereign Devon-side semantic publication model.
- Canonize the runtime probe-registry pattern as mandatory architecture.
- Canonize the runtime row semantics contract as mandatory architecture.
- Prepare the collector refactor from hardcoded runtime logic to registry-driven, semantically typed publication.
- Preserve existing `/opt/devon` runtime, export and bridge assets during the redesign.

### 2.2 Open Operational Fronts
- Define the canonical runtime probe registry artifact and its schema.
- Define the canonical runtime row semantics artifact and its schema.
- Bind every observable stage/subcategory/item to a deterministic probe rule.
- Bind every emitted runtime row to explicit semantic type and counting boundary.
- Refactor `collect_runtime.py` to execute the registry instead of per-case hardcoded logic.
- Stop any workflow where Waresite UI must be patched just to recognize an already-installed Devon component.
- Stop any workflow where Waresite UI must guess row meaning from loose grouping.
- Keep sync/export bridge stable while the collector model is upgraded.

### 2.3 Active Blockers
- Runtime publication is still partially hardcoded in `collect_runtime.py`.
- UI/runtime alignment still depends on case-specific downstream adjustments.
- There is no sovereign registry-driven runtime publication contract yet.
- There is no sovereign runtime row semantics contract yet.
- Current runtime granularity is incomplete for several stage/subcategory views.
- Current row grouping still allows semantic mixing between rollup rows and item rows.
- This creates operational drag and wastes time/energy during Devon server setup.

### 2.4 Next Operational Step
- The next technical deliverable is not another UI patch.
- The next technical deliverable is to evolve the existing Devon contract base, not invent a parallel contract base.
- Start from `/opt/devon/canon/runtime_expected_manifest.json`.
- Start from `/opt/devon/canon/runtime_probe_registry.json`.
- Start from `/opt/devon/bin/build_runtime_contracts.py`.
- The next chat must start from the runtime publication architecture problem, not from another installation micro-fix.
- Waresite UI must remain consumer-only while Devon becomes the complete runtime publisher.
- UI completion semantics must only be computed from semantically typed rows emitted by Devon.

### 2.5 Deferred Items
- Any DH/UI reflection not yet required for immediate continuity use.
- Any runtime/service component not yet evidenced on the Devon server.
- Any UI expansion for components that are not yet canonized.

### 2.6 Devon Host Real Status
#### 2.6.1 Observed Host Baseline
- Hostname observed: `Devon` / `vmi2858754`
- OS observed: Ubuntu 22.04.5 LTS
- Kernel observed: Linux 5.15.0-170-generic
- Architecture observed: x86-64
- CPU observed: 6 vCPU
- Memory observed: 11 GiB RAM
- Disk observed: 100 GB total with approximately 94 GB available
- Current exposed listening service observed: SSH on port 22 only

#### 2.6.2 Observed Security/Network Status
- Firewall status observed: `active`
- UFW policy observed: `deny (incoming), allow (outgoing), disabled (routed)`
- Allowed inbound rule observed: `22/tcp`
- iptables default policy observed: `INPUT DROP`, `FORWARD DROP`, `OUTPUT ACCEPT`
- Reverse proxy observed: `MISSING`
- TLS baseline observed: `MISSING`

#### 2.6.3 Observed Tooling Status
- Python3: `PRESENT`
- Git: `PRESENT`
- Curl: `PRESENT`
- Docker: `MISSING`
- Docker Compose: `MISSING` by consequence of Docker absence
- Nginx: `MISSING`

#### 2.6.4 Observed Devon Paths and Assets
- `/opt/devon`: `PRESENT`
- `/opt/devon/bin`: `PRESENT`
- `/opt/devon/runtime`: `PRESENT`
- `/opt/devon/canon`: `PRESENT`
- `/srv`: `PRESENT`
- `/app`: `MISSING`

#### 2.6.5 Observed Reusable Devon Runtime Assets
- `/opt/devon/bin/collect_runtime.py`
- `/opt/devon/bin/export_panel_runtime.sh`
- `/opt/devon/runtime/host_runtime.json`
- `/opt/devon/runtime/docker_runtime.json`
- `/opt/devon/runtime/runtime_status.json`
- `/opt/devon/runtime/panel_export/current`
- `/opt/devon/canon/*.yaml`

#### 2.6.6 Canonical Reading of Current Host
- The Devon host already contains canonical/runtime/export structure under `/opt/devon`.
- The Devon host does not yet contain container runtime baseline.
- The Devon host does not yet contain reverse proxy/TLS baseline.
- The Devon host must be expanded without breaking existing `/opt/devon` assets or the Waresite bridge.

===== /home/yeff/public_html/devon/panel/data/hub_index.json =====
-rwxr-xr-x 1 root root 46K Apr  9 00:01 /home/yeff/public_html/devon/panel/data/hub_index.json

{
  "phases": [
    {
      "id": "phase-01",
      "step": "Phase 01",
      "name": "Overview & Scope",
      "summary": "master root, project scope, manifest and continuity checkpoint.",
      "badge": "overview_scope",
      "layers": [
        {
          "title": "Overview & Scope",
          "desc": "master registration, project framing, entry manifest and continuity checkpoint.",
          "chips": [
            "master root",
            "project scope",
            "entry manifest",
            "checkpoint"
          ]
        }
      ]
    },
    {
      "id": "phase-02",
      "step": "Phase 02",
      "name": "Architecture & Engineering Canon",
      "summary": "cognitive architecture, governance, artifact structure, contracts, naming, state legitimacy, build promotion, deployment structure and contextual satellites.",
      "badge": "architecture_engineering_canon",
      "layers": [
        {
          "title": "Architecture & Engineering Canon",
          "desc": "authority and satellite documents that define Devon structural canon.",
          "chips": [
            "architecture",
            "governance",
            "contracts",
            "naming",
            "state legitimacy",
            "deployment"
          ]
        }
      ]
    },
    {
      "id": "phase-03",
      "step": "Phase 03",
      "name": "Cognitive Flow Canon",
      "summary": "deterministic orchestration, LLM role, retrieval role, validation order and execution gating.",
      "badge": "cognitive_flow_canon",
      "layers": [
        {
          "title": "Cognitive Flow Canon",
          "desc": "interpreter, decision, validation, execution, memory and retrieval in governed flow.",
          "chips": [
            "interpreter",
            "FSM",
            "validation",
            "execution",
            "memory",
            "retrieval"
          ]
        }
      ]
    },
    {
      "id": "phase-04",
      "step": "Phase 04",
      "name": "Containerization Canon",
      "summary": "container topology, isolation and host versus container runtime boundaries.",
      "badge": "containerization_canon",
      "layers": [
        {
          "title": "Containerization Canon",
          "desc": "runtime boundaries and isolation, without redefining sovereign architecture.",
          "chips": [
            "topology",
            "isolation",
            "runtime boundaries"
          ]
        }
      ]
    },
    {
      "id": "phase-05",
      "step": "Phase 05",
      "name": "Latency & Performance Canon",
      "summary": "latency model, hot path versus cold path, bounded execution and fallback behavior.",
      "badge": "latency_performance_canon",
      "layers": [
        {
          "title": "Latency & Performance Canon",
          "desc": "time traceability across modules, stages and end-to-end lifecycle.",
          "chips": [
            "latency",
            "hot path",
            "cold path",
            "fallback"
          ]
        }
      ]
    },
    {
      "id": "phase-06",
      "step": "Phase 06",
      "name": "Noise Reduction Canon",
      "summary": "signal preservation, redundancy elimination and unnecessary hop reduction.",
      "badge": "noise_reduction_canon",
      "layers": [
        {
          "title": "Noise Reduction Canon",
          "desc": "remove architectural waste and keep deterministic path lean.",
          "chips": [
            "signal",
            "redundancy elimination",
            "less path"
          ]
        }
      ]
    },
    {
      "id": "phase-07",
      "step": "Phase 07",
      "name": "Observability & Audit Canon",
      "summary": "audit-linked visibility, evidence continuity and operational observability.",
      "badge": "observability_audit_canon",
      "layers": [
        {
          "title": "Observability & Audit Canon",
          "desc": "traceability for runtime, memory and protected execution.",
          "chips": [
            "observability",
            "audit",
            "evidence continuity"
          ]
        }
      ]
    },
    {
      "id": "phase-08",
      "step": "Phase 08",
      "name": "Security Canon",
      "summary": "security governance, trust model, access boundaries, memory protection and monitoring.",
      "badge": "security_canon",
      "layers": [
        {
          "title": "Security Canon",
          "desc": "security governance with structured implementation artifacts.",
          "chips": [
            "zero trust",
            "access control",
            "memory protection",
            "monitoring"
          ]
        }
      ]
    },
    {
      "id": "phase-09",
      "step": "Phase 09",
      "name": "Operational Flows Canon",
      "summary": "execution sequence, operating flow mapping and operational order integrity.",
      "badge": "operational_flows_canon",
      "layers": [
        {
          "title": "Operational Flows Canon",
          "desc": "runtime sequence and flow order without redefining sovereign authorities.",
          "chips": [
            "operational flow",
            "sequence",
            "order integrity"
          ]
        }
      ]
    },
    {
      "id": "phase-10",
      "step": "Phase 10",
      "name": "Monitoring & Real-time Observability",
      "summary": "real-time host, container and service monitoring with SSE transport to the Operator Panel.",
      "badge": "monitoring_observability",
      "layers": [
        {
          "title": "Monitoring & Real-time Observability",
          "desc": "CPU, memory, disk, network, container health, security services and SSE bridge canon.",
          "chips": [
            "cpu",
            "memory",
            "containers",
            "network",
            "security",
            "SSE"
          ]
        }
      ]
    }
  ],
  "categories": [
    {
      "id": "overview_scope",
      "title": "Overview & Scope",
      "sub": "master registration, project scope, manifest and continuity checkpoint.",
      "badge": "phase 01",
      "docs": [
        {
          "id": "master_architecture_index",
          "title": "Master Architecture Index",
          "path": "../panel/data/master_architecture_index.md",
          "phase": "phase-01",
          "layer": "overview_scope",
          "role": "Supreme canonical root and registration authority.",
          "fits": "Defines registration, precedence, authority ownership and completeness rules.",
          "depends_on": [
            "panel_manifest",
            "project_scope"
          ],
          "used_by": [],
          "architecture_view": "Supreme human-readable root for all Devon canon.",
          "label": "Master Architecture Index",
          "type": "text"
        },
        {

===== /home/yeff/public_html/devon/panel/data/panel_canonical_tree.json =====
-rw-r--r-- 1 root root 12K Mar 23 10:06 /home/yeff/public_html/devon/panel/data/panel_canonical_tree.json

{
  "canon_meta": {
    "canon_id": "devon-panel-tree",
    "version": "1.0.0",
    "status": "ACTIVE",
    "ui_reference_mode": "claude_like_workspace_plus_devon_governance"
  },
  "panel_root": {
    "navigation_mode": "deployment_order",
    "primary_layout": {
      "left_column": "chat_and_operator_flow",
      "center_column": "artifact_or_preview",
      "right_column": "evidence_contracts_timeline"
    },
    "global_widgets": [
      "deployment_stage_switcher",
      "card_grid",
      "evidence_drawer",
      "contract_drawer",
      "dependency_graph",
      "validation_timeline",
      "server_scope_selector",
      "project_scope_selector",
      "memory_scope_selector"
    ]
  },
  "deployment_sections": [
    {
      "section_id": "S00",
      "display_name": "Host Readiness",
      "cards": [
        {
          "card_id": "core-host-readiness",
          "display_name": "Host Readiness",
          "subcategories": [
            "filesystem",
            "root_context",
            "python_runtime",
            "git_runtime",
            "docker_runtime",
            "canonical_directories"
          ]
        }
      ]
    },
    {
      "section_id": "S01",
      "display_name": "Canon Control Plane",
      "cards": [
        {
          "card_id": "project-scope",
          "display_name": "Project Scope",
          "subcategories": [
            "mission",
            "principles",
            "scope",
            "file_index"
          ]
        },
        {
          "card_id": "deployment-order",
          "display_name": "Deployment Order",
          "subcategories": [
            "stages",
            "dependencies",
            "blockers",
            "promotion_gates"
          ]
        },
        {
          "card_id": "card-contracts",
          "display_name": "Card Contracts",
          "subcategories": [
            "identity",
            "interfaces",
            "dependencies",
            "evidence",
            "status_rules"
          ]
        }
      ]
    },
    {
      "section_id": "S02",
      "display_name": "Server Registry",
      "cards": [
        {
          "card_id": "server-registry",
          "display_name": "Server Registry",
          "subcategories": [
            "control_plane",
            "sandbox_hosts",
            "production_hosts",
            "shared_services",
            "benchmark_nodes",
            "storage_nodes"
          ]
        }
      ]
    },
    {
      "section_id": "S03",
      "display_name": "Foundation Infrastructure",
      "cards": [
        {
          "card_id": "infrastructure",
          "display_name": "Infrastructure",
          "subcategories": [
            "containers",
            "networking",
            "reverse_proxy",
            "secrets",
            "volumes"
          ]
        },
        {
          "card_id": "storage-state",
          "display_name": "Storage & State",
          "subcategories": [
            "structured_state",
            "cache",
            "vector_state",
            "artifact_storage"
          ]
        }
      ]
    },
    {
      "section_id": "S04",
      "display_name": "Memory Control Plane",
      "cards": [
        {
          "card_id": "memory-manager",
          "display_name": "Memory Manager",
          "subcategories": [
            "control_plane",
            "partition_registry",
            "router",
            "retention_policy",
            "audit_policy",
            "namespace_contract"
          ]
        }
      ]
    },
    {
      "section_id": "S05",
      "display_name": "Core Runtime",
      "cards": [
        {
          "card_id": "core-runtime",
          "display_name": "Core Runtime",
          "subcategories": [
            "api_runtime",
            "app_server",
            "router_registry",
            "environment_loader",
            "health_endpoints"
          ]
        }
      ]
    },
    {
      "section_id": "S06",
      "display_name": "Observability & Audit Base",
      "cards": [
        {
          "card_id": "observability-audit",
          "display_name": "Observability & Audit",
          "subcategories": [
            "logs",
            "metrics",
            "traces",
            "audit_events",
            "evidence_store"
          ]
        }
      ]
    },
    {
      "section_id": "S07",
      "display_name": "Remote & Sandbox Orchestration",
      "cards": [
        {
          "card_id": "remote-orchestration",
          "display_name": "Remote Orchestration",
          "subcategories": [
            "ssh_profiles",
            "node_probes",
            "remote_runner",
            "access_policy"
          ]
        },
        {
          "card_id": "sandbox-environments",
          "display_name": "Sandbox Environments",
          "subcategories": [
            "mirror_strategy",
            "sanitization",
            "parity_validation",
            "promotion_gate",
            "rollback_readiness"
          ]
        }
      ]
    },
    {
      "section_id": "S08",
      "display_name": "Cognition Base",
      "cards": [
        {
          "card_id": "language-understanding",
          "display_name": "Language Understanding",
          "subcategories": [
            "tokenization",
            "task_extraction",
            "semantic_analysis",
            "prompt_interpretation"
          ]
        },

===== /home/yeff/public_html/devon/panel/data/runtime_status.json =====
-rw-r--r-- 1 root root 109K Apr  9 10:11 /home/yeff/public_html/devon/panel/data/runtime_status.json

{
  "contract_version": "1.3.0",
  "source_contract": "devon-panel-pipeline-runtime",
  "observed_at_utc": "2026-04-09T13:11:09Z",
  "runtime_snapshot": [
    {
      "runtime_id": "stage-benchmark_learning",
      "item_id": null,
      "canonical_matrix_id": null,
      "deployment_stage": "benchmark_learning",
      "subcategory": "stage_rollup",
      "technology": "registry_stage_rollup",
      "required": true,
      "probe_ref": null,
      "maps_to_pipeline_step": null,
      "row_kind": "stage_rollup",
      "semantic_scope": "stage",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "stage_rollup",
      "source_contract": "devon-panel-pipeline-runtime",
      "status_resolution": "contract_sequence(required_counted_items)",
      "rollup_source": "runtime_items+contract_sequence",
      "status": "PENDING",
      "overall_status": "PENDING",
      "evidence_state": "OBSERVED",
      "presence": "PASS",
      "functionality": null,
      "evidence": {
        "observed_item_count": 3,
        "counted_item_count": 0,
        "pass_steps": 0,
        "fail_steps": 0,
        "total_steps": 11
      },
      "observed_at_utc": "2026-04-09T13:11:09Z",
      "progress_pct": 0,
      "current_step": "preconditions",
      "step_statuses": [
        {
          "step": "preconditions",
          "status": "MISSING"
        },
        {
          "step": "install",
          "status": "MISSING"
        },
        {
          "step": "configure",
          "status": "MISSING"
        },
        {
          "step": "boot",
          "status": "MISSING"
        },
        {
          "step": "healthcheck",
          "status": "MISSING"
        },
        {
          "step": "integration",
          "status": "MISSING"
        },
        {
          "step": "functional_validation",
          "status": "MISSING"
        },
        {
          "step": "evidence_collection",
          "status": "MISSING"
        },
        {
          "step": "backup_or_snapshot",
          "status": "MISSING"
        },
        {
          "step": "rollback",
          "status": "MISSING"
        },
        {
          "step": "promotion_gate",
          "status": "MISSING"
        }
      ],
      "last_run_at": "2026-04-09T13:11:09Z",
      "started_at": null,
      "finished_at": null,
      "duration_ms": null,
      "evidence_source": "/opt/devon/runtime/runtime_snapshot.json",
      "error_message": null
    },
    {
      "runtime_id": "matrix.mx_120",
      "item_id": "matrix.mx_120",
      "canonical_matrix_id": "MX-120",
      "deployment_stage": "benchmark_learning",
      "subcategory": "test_suites",
      "technology": "benchmark_runner",
      "required": true,
      "probe_ref": null,
      "maps_to_pipeline_step": "Preconditions",
      "row_kind": "matrix_requirement",
      "semantic_scope": "canonical_requirement",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "benchmark_learning:test_suites",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "external_runtime_rollup",
      "rollup_source": "MX-120",
      "status": "MISSING",
      "overall_status": "MISSING",
      "evidence_state": "OBSERVED",
      "presence": "MISSING",
      "functionality": "MISSING",
      "evidence": {
        "error": "probe_ref_not_found:None"
      },
      "observed_at_utc": "2026-04-09T13:11:09Z",
      "progress_pct": 0,
      "current_step": "Preconditions",
      "step_statuses": [
        {
          "step": "observed_runtime",
          "status": "MISSING"
        }
      ],
      "last_run_at": "2026-04-09T13:11:09Z",
      "started_at": null,
      "finished_at": null,
      "duration_ms": null,
      "evidence_source": "/opt/devon/runtime/runtime_snapshot.json",
      "error_message": null
    },
    {
      "runtime_id": "matrix.mx_121",
      "item_id": "matrix.mx_121",
      "canonical_matrix_id": "MX-121",
      "deployment_stage": "benchmark_learning",
      "subcategory": "reward_model",
      "technology": "rl_engine",
      "required": true,
      "probe_ref": "probe.matrix.mx_121",
      "maps_to_pipeline_step": "Preconditions",
      "row_kind": "matrix_requirement",
      "semantic_scope": "canonical_requirement",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "benchmark_learning:reward_model",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": "MX-121",
      "status": "FAIL",
      "overall_status": "FAIL",
      "evidence_state": "OBSERVED",
      "presence": "PRESENT",
      "functionality": "NON_FUNCTIONAL",
      "evidence": {
        "cmd": [
          "bash",
          "-lc",
          "find /opt/devon -maxdepth 3 -type d | grep -Ei 'modules|services|engine' >/dev/null 2>&1"
        ],
        "return_code": 1,
        "stdout": null,
        "stderr": null
      },
      "observed_at_utc": "2026-04-09T13:11:09Z",
      "progress_pct": 0,
      "current_step": "Preconditions",
      "step_statuses": [
        {
          "step": "observed_runtime",
          "status": "FAIL"
        }
      ],
      "last_run_at": "2026-04-09T13:11:09Z",
      "started_at": null,
      "finished_at": null,
      "duration_ms": null,
      "evidence_source": "/opt/devon/runtime/runtime_snapshot.json",
      "error_message": null
    },
    {
      "runtime_id": "matrix.mx_122",
      "item_id": "matrix.mx_122",
      "canonical_matrix_id": "MX-122",
      "deployment_stage": "benchmark_learning",
      "subcategory": "promotion_decision",
      "technology": "learning_loop",
      "required": true,
      "probe_ref": null,
      "maps_to_pipeline_step": "Preconditions",
      "row_kind": "matrix_requirement",
      "semantic_scope": "canonical_requirement",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "benchmark_learning:promotion_decision",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "external_runtime_rollup",
      "rollup_source": "MX-122",
      "status": "MISSING",
      "overall_status": "MISSING",
      "evidence_state": "OBSERVED",
      "presence": "MISSING",
      "functionality": "MISSING",
      "evidence": {
        "error": "probe_ref_not_found:None"
      },
      "observed_at_utc": "2026-04-09T13:11:09Z",
      "progress_pct": 0,
      "current_step": "Preconditions",
      "step_statuses": [
        {
          "step": "observed_runtime",
          "status": "MISSING"
        }

===== /home/yeff/public_html/devon/panel/data/runtime_snapshot.json =====
-rw-r--r-- 1 root root 54K Apr  6 19:31 /home/yeff/public_html/devon/panel/data/runtime_snapshot.json

{
  "contract_version": "1.2.0",
  "source_contract": "devon-runtime-item-snapshot",
  "observed_at_utc": "2026-04-06T22:31:09Z",
  "runtime_items": [
    {
      "runtime_id": "host.filesystem.root",
      "item_id": "host.filesystem.root",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "filesystem",
      "technology": "filesystem_root",
      "required": true,
      "probe_ref": "probe.dir.root",
      "maps_to_pipeline_step": "Preconditions",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:filesystem",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "path": "/",
        "exists": true
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.root.context",
      "item_id": "host.root.context",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "root_context",
      "technology": "root_user_context",
      "required": true,
      "probe_ref": "probe.context.root_user",
      "maps_to_pipeline_step": "Preconditions",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:root_context",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "euid": 0,
        "is_root": true
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.python.runtime",
      "item_id": "host.python.runtime",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "python_runtime",
      "technology": "python3",
      "required": true,
      "probe_ref": "probe.cmd.python3_version",
      "maps_to_pipeline_step": "Install",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:python_runtime",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "cmd": [
          "python3",
          "--version"
        ],
        "return_code": 0,
        "stdout": "Python 3.10.12",
        "stderr": null
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.git.runtime",
      "item_id": "host.git.runtime",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "git_runtime",
      "technology": "git",
      "required": true,
      "probe_ref": "probe.cmd.git_version",
      "maps_to_pipeline_step": "Install",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:git_runtime",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "cmd": [
          "git",
          "--version"
        ],
        "return_code": 0,
        "stdout": "git version 2.34.1",
        "stderr": null
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.ufw.active",
      "item_id": "host.ufw.active",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "security_firewall",
      "technology": "ufw",
      "required": true,
      "probe_ref": "probe.security.ufw_active_ssh",
      "maps_to_pipeline_step": "Configure",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:security_firewall",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "installed": true,
        "active": true,
        "ssh_rule_present": true,
        "raw_status": "Status: active\nLogging: on (low)\nDefault: deny (incoming), allow (outgoing), deny (routed)\nNew profiles: skip\n\nTo                         Action      From\n--                         ------      ----\n22/tcp                     ALLOW IN    Anywhere                   # Devon SSH\n22/tcp (v6)                ALLOW IN    Anywhere (v6)              # Devon SSH"
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.fail2ban.sshd",
      "item_id": "host.fail2ban.sshd",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "security_fail2ban",
      "technology": "fail2ban",
      "required": true,
      "probe_ref": "probe.security.fail2ban_sshd",
      "maps_to_pipeline_step": "Configure",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:security_fail2ban",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "installed": true,
        "active": true,
        "sshd_jail_present": true,
        "sshd_jail_ok": true
      },
      "observed_at_utc": "2026-04-06T22:31:09Z"
    },
    {
      "runtime_id": "host.ssh.hardening",
      "item_id": "host.ssh.hardening",
      "canonical_matrix_id": null,
      "deployment_stage": "host_readiness",
      "subcategory": "security_ssh",
      "technology": "sshd",
      "required": true,
      "probe_ref": "probe.security.sshd_hardening",
      "maps_to_pipeline_step": "Configure",
      "row_kind": "item_runtime",
      "semantic_scope": "operational_completion",
      "counts_toward_completion": true,
      "display_in_cards": true,
      "display_in_donuts": true,
      "ui_group": "host_readiness:security_ssh",
      "source_contract": "devon-runtime-expected-manifest",
      "status_resolution": "probe_ref",
      "rollup_source": null,
      "status": "PASS",
      "overall_status": "PASS",
      "presence": "PRESENT",
      "functionality": "FUNCTIONAL",
      "evidence": {
        "expected": {
          "port": "22",
          "permitrootlogin": "without-password",

===== /home/yeff/public_html/devon/panel/data/project_progress.json =====
-rw-r--r-- 1 root root 5.4K Apr  6 19:31 /home/yeff/public_html/devon/panel/data/project_progress.json

{
  "contract_version": "2.1.0",
  "source_contract": "devon-project-progress-runtime",
  "observed_at_utc": "2026-04-06T22:31:09Z",
  "global_project_progress": {
    "global_status": "PENDING",
    "progress_pct": 11,
    "calculation_mode": "average_stage_rollup_all_runtime_stages",
    "eligible_stages": [
      "benchmark_learning",
      "canon_control_plane",
      "cognition_base",
      "core_runtime",
      "docker_runtime",
      "engineering_modules",
      "foundation_infrastructure",
      "governance_policy",
      "host_readiness",
      "memory_control_plane",
      "observability_audit_base",
      "operator_panel",
      "remote_access_orchestration",
      "sandbox_orchestration",
      "server_registry",
      "storage_state"
    ],
    "included_stage_count": 16,
    "excluded_stage_count": 0,
    "observed_stage_count": 16,
    "observed_coverage_weight_pct": 100,
    "contributing_stages": [
      {
        "stage_key": "benchmark_learning",
        "label": "benchmark_learning",
        "runtime_stage": "benchmark_learning",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "canon_control_plane",
        "label": "canon_control_plane",
        "runtime_stage": "canon_control_plane",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "cognition_base",
        "label": "cognition_base",
        "runtime_stage": "cognition_base",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "core_runtime",
        "label": "core_runtime",
        "runtime_stage": "core_runtime",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "docker_runtime",
        "label": "docker_runtime",
        "runtime_stage": "docker_runtime",
        "weight_pct": null,
        "stage_progress_pct": 100,
        "stage_status": "PASS",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "engineering_modules",
        "label": "engineering_modules",
        "runtime_stage": "engineering_modules",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "foundation_infrastructure",
        "label": "foundation_infrastructure",
        "runtime_stage": "foundation_infrastructure",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "governance_policy",
        "label": "governance_policy",
        "runtime_stage": "governance_policy",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "host_readiness",
        "label": "host_readiness",
        "runtime_stage": "host_readiness",
        "weight_pct": null,
        "stage_progress_pct": 71,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "memory_control_plane",
        "label": "memory_control_plane",
        "runtime_stage": "memory_control_plane",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "observability_audit_base",
        "label": "observability_audit_base",
        "runtime_stage": "observability_audit_base",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "operator_panel",
        "label": "operator_panel",
        "runtime_stage": "operator_panel",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "remote_access_orchestration",
        "label": "remote_access_orchestration",
        "runtime_stage": "remote_access_orchestration",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "sandbox_orchestration",
        "label": "sandbox_orchestration",
        "runtime_stage": "sandbox_orchestration",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "server_registry",
        "label": "server_registry",
        "runtime_stage": "server_registry",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      },
      {
        "stage_key": "storage_state",
        "label": "storage_state",
        "runtime_stage": "storage_state",
        "weight_pct": null,
        "stage_progress_pct": 0,
        "stage_status": "PENDING",
        "evidence_state": "OBSERVED"
      }
    ],
    "reason_if_missing": null,
    "observed_at_utc": "2026-04-06T22:31:09Z"
  }
}

===== /home/yeff/public_html/devon/panel/data/host_runtime.json =====
-rw-r--r-- 1 root root 3.4K Apr  9 10:11 /home/yeff/public_html/devon/panel/data/host_runtime.json

{
  "contract_version": "1.1.0",
  "source_contract": "devon-panel-host-runtime",
  "observed_at_utc": "2026-04-09T13:11:09Z",
  "host_snapshot": {
    "host_id": "devon-control-plane",
    "hostname": "Devon",
    "overall_status": "PASS",
    "cpu": {
      "status": "PASS",
      "usage_pct": 0.0,
      "core_count": 6
    },
    "memory": {
      "status": "PASS",
      "used_mb": 591.97,
      "total_mb": 11956.82,
      "usage_pct": 4.95
    },
    "disk": {
      "status": "PASS",
      "used_gb": 3.97,
      "total_gb": 96.73,
      "usage_pct": 4.11
    },
    "load": {
      "status": "PASS",
      "load_1m": 0.23,
      "load_5m": 0.13,
      "load_15m": 0.09
    },
    "network": {
      "status": "PASS",
      "rx_bytes": 1169951537,
      "tx_bytes": 591907518
    },
    "services": [
      {
        "name": "docker",
        "status": "PASS",
        "active": true
      },
      {
        "name": "nginx",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "apache2",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "httpd",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "php-fpm",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "mysql",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "mariadb",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "redis-server",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "redis",
        "status": "FAIL",
        "active": false
      },
      {
        "name": "ssh",
        "status": "PASS",
        "active": true
      },
      {
        "name": "fail2ban",
        "status": "PASS",
        "active": true
      }
    ],
    "ports": [
      {
        "port": 22,
        "status": "PASS"
      },
      {
        "port": 53,
        "status": "PASS"
      }
    ],
    "mounts": [
      {
        "target": "/",
        "usage_pct": "5%",
        "size": "97G",
        "used": "4.0G",
        "status": "PASS"
      }
    ],
    "security": {
      "status": "PASS",
      "ufw": {
        "status": "PASS",
        "installed": true,
        "active": true,
        "ssh_rule_present": true,
        "raw_status": "Status: active\nLogging: on (low)\nDefault: deny (incoming), allow (outgoing), deny (routed)\nNew profiles: skip\n\nTo                         Action      From\n--                         ------      ----\n22/tcp                     ALLOW IN    Anywhere                   # Devon SSH\n22/tcp (v6)                ALLOW IN    Anywhere (v6)              # Devon SSH"
      },
      "fail2ban": {
        "status": "PASS",
        "installed": true,
        "active": true,
        "sshd_jail_present": true,
        "sshd_jail_ok": true
      },
      "ssh_hardening": {
        "status": "PASS",
        "port": 22,
        "permitrootlogin": "without-password",
        "passwordauthentication": "no",
        "pubkeyauthentication": "yes",
        "x11forwarding": "no",
        "allowtcpforwarding": "no"
      }
    }
  },
  "status_rules": {
    "PASS": "observable host evidence exists and validation passes",
    "FAIL": "observable host evidence exists and validation fails",
    "MISSING": "host evidence does not exist observably"
  }
}

===== /home/yeff/public_html/devon/panel/data/docker_runtime.json =====
-rw-r--r-- 1 root root 950 Apr  9 10:11 /home/yeff/public_html/devon/panel/data/docker_runtime.json

{
  "contract_version": "1.0.0",
  "source_contract": "devon-panel-docker-runtime",
  "observed_at_utc": "2026-04-09T13:11:09Z",
  "runtime_snapshot": {
    "runtime_id": "docker-runtime-devon-control-plane",
    "host_id": "devon-control-plane",
    "overall_status": "PASS",
    "docker_engine": {
      "status": "PASS",
      "installed": true,
      "active": true,
      "version": "29.3.1"
    },
    "compose": {
      "status": "PASS",
      "installed": true,
      "version": "v5.1.1"
    },
    "containers": [],
    "images": {
      "status": "PASS",
      "total": 0
    },
    "volumes": {
      "status": "PASS",
      "total": 0
    },
    "networks": {
      "status": "PASS",
      "total": 3
    }
  },
  "status_rules": {
    "PASS": "observable docker evidence exists and validation passes",
    "FAIL": "observable docker evidence exists and validation fails",
    "MISSING": "docker evidence does not exist observably"
  }
}

