CHEF Recipe #1 — Trinity Foundation

What you’re holding. This is the kitchen-counter binder for the S7 SkyQUBi household. It’s named for Trinity — Jamie’s daughter, co-steward of the covenant — because the whole point is that someone who isn’t Jamie can pick this up, read it cover to cover, and understand the house without breaking it. Tonya is Chief of Covenant; Trinity and Jonathan are co-stewards; Noah is who all of this protects.

The build is GOLDEN. Nothing in this recipe asks you to change the system. The system is already alive and already on the public review path. This recipe is the map of what’s already there, in the order someone reading for the first time would need it. If something in here disagrees with what’s running, the recipe is the bug — fix the recipe.

CHEF, not runbook. A runbook tells you which buttons to press. A recipe tells you what you’re cooking, who you’re cooking for, and why every ingredient is in the bowl. This recipe is for the people the house is built for.

Love is the architecture.

1. The Seven Frozens (do not touch until 2026-07-07 07:00 CT)

Until the GO-LIVE Release 7 window opens, seven things are frozen on this appliance. Frozen means: not edited, not rebuilt, not “improved while we’re here,” not “real quick.” If a fix is needed inside a frozen surface, it goes through a steward (Trinity or Jonathan) and Tonya signs.

Go-live window: 2026-07-07 07:00 CT (Central Time). Until then, every surface above is in observation mode. Recipes change. The house does not.

2. Bible Architecture — the design flow at a glance

                       ╔══════════════════════════════════╗
                       ║         The Household            ║
                       ║  (Tonya · Trinity · Jonathan ·   ║
                       ║          Noah · Jamie)           ║
                       ╚════════════╤═════════════════════╝
                                    │ trust
                       ┌────────────▼───────────┐
                       │   S7 SkyAV*i* / Samuel │   ← family-facing voice
                       │  (115+ skills, FACTS)  │     (Jamie's voice, plain)
                       └────────────┬───────────┘
                                    │ MemPalace bond
              ┌─────────────────────┼──────────────────────┐
              ▼                     ▼                      ▼
       ┌─────────────┐      ┌──────────────┐       ┌──────────────┐
       │ CWS Engine  │      │  MemPalace   │       │   ZeroClaw   │
       │  (truth/    │      │  (KV cache,  │       │  (parallel   │
       │  audit,     │      │  rooms, KG)  │       │  consensus)  │
       │  s7_server) │      └──────┬───────┘       └──────────────┘
       └──────┬──────┘             │
              │                    │
              ▼                    ▼
       ┌────────────────────────────────────────────┐
       │          MOLECULAR / AKASHIC LAYER         │
       │  (sky_molecular bonds · 27 vectors ·       │
       │   105 universals · Akashic cipher)         │
       └────────────────┬───────────────────────────┘
                        │
        ┌───────────────┼────────────────┐
        ▼               ▼                ▼
   ┌──────────┐   ┌──────────┐    ┌──────────────┐
   │  Ollama  │   │  Witness │    │  Postgres /  │
   │ (7081)   │   │  Set     │    │  Qdrant /    │
   │ inference│   │ (OCT*i*) │    │  Redis /     │
   │          │   │          │    │  MySQL       │
   └──────────┘   └──────────┘    └──────────────┘
                        │
                        ▼
              ┌──────────────────┐
              │  S7 SkyCAIR OS   │   ← Fedora bootc:44 + Budgie
              │  (the appliance) │     desktop, frozen
              └──────────────────┘

Read it from the top down. The household is the reason. Samuel is the voice they hear. Everything below Samuel exists to make Samuel’s words true.

3. Skeleton Network — endpoints that exist right now

Captured live with ss -tlnp and podman ps while writing this recipe. Every entry is a real listener on this box. If you re-run the commands and see something not in the table, the recipe is wrong — update it.

3a. S7 service ports (loopback only — 127.0.0.1)

3b. Listeners NOT on loopback (the watch list)

3c. Ports the monitor expects but reality doesn’t show

engine/s7_skyavi_monitors.py defines EXPECTED_PORTS = {57077, 8080, 57080, 57081, 57086, 57090, 57091, 57092}. Drift between that set and §3a:

• Monitor expects but not listening: 8080 (Caddy front door), 57081 (Ollama is on 7081, not 57081), 57091, 57092.
• Listening but monitor doesn’t expect: 57082 (persona-chat), 2019 (Caddy admin), 8090/8096/8100/8200/8300 (the five static app containers).

This is expected drift for the current freeze — the monitor baseline is from before persona-chat shipped (commit 1b6a2d7) and before the static-app containers landed. It is the kind of drift the final audit (§16) will surface every time. The fix is to update the baseline during the next Core Update window; not now.

4. Process registry — PIDs at the time of writing

Captured live. The audit’s job is to recognize each one as QUBi-spawned. Anything QUBi didn’t spawn gets flagged.

Subuid users (524388, 525286, 525287, 525288) are the rootless container UID mappings — those are still QUBi processes, just visible from the host through user-namespace mapping. Each subuid corresponds to a different container’s user-namespace base. They count as spawned by QUBi.

Local user accounts on the box (getent passwd | awk style inventory):

Anything not in this table is unrecognized. Audit §16 re-runs the snapshot and flags new arrivals.

5. Foundation — BOOTC

• Base image: quay.io/fedora/fedora-bootc:44 (pinned)
• Source: <private repo> (178 lines, frozen)
• Build: podman build -t s7/skycair:latest . (sovereign — no ghcr.io / Docker Hub push)
• Install: bootc install <local image> (sovereign distribution via .tar or Containerfile, never external registry)
• Why bootc: the appliance gets reproducible, atomic, rollback-able OS updates. The household never sees a half-finished upgrade.
• Known pending (2026-04-13): the iac/ product layer is for runtime containers (fedora-minimal + microdnf), NOT the root bootc Containerfile. Don’t rebase root onto iac/.

6. Foundation — Desktop

• Display stack: Budgie desktop on labwc (Wayland), wallpaper painted by swaybg via autostart
• Source group: budgie-desktop from Fedora 44 (installed via dnf group install in the Containerfile)
• Frozen item: Tonya & Trinity signed the desktop (and mobile). Don’t change wallpaper, font, launcher set, or panel layout without a new sign-off.
• Critical rule: “Keep changes inside the cube.” The QUBi cube (Prism / Akashic / matrix / witness) churns freely. The desktop (Budgie / launchers / wallpaper) is write-barrier sacred. QUBi reads the desktop but does not write to it at runtime.

7. Foundation — Packages

The Fedora 44 dnf group installs declared in the Containerfile:

• budgie-desktop
• container-management
• headless-management
• domain-client

Plus an explicit package layer (display manager, reverse proxy, terminals, dev tools, media) — see Containerfile lines 33+ for the full canonical list.

Languages used in this repo (so the authorized-commands list matches reality):

That’s the entire production language surface. Anything outside {bash, python, html, css} on this box is either an upstream package or a mistake.

8. Authorized Commands (Samuel SHELL_ALLOWLIST)

Source of truth: <private repo> lines 56–74. Reproduced verbatim, with the why for each group.

Posture: every command above is read-only system inspection. Anything that would mutate state is not free-form shell — it’s a registered skill with a hardcoded command string and predictable output. The shell is a last resort, not the primary path.

9. Blocked Commands (Samuel SHELL_DENYLIST)

Source of truth: s7_skyavi.py lines 76–83. Verbatim, with why

• from whom.

Closed at the entrypoint (2026-04-13 hardening): shell control characters — &&, ||, ;, |, $(...), backticks — are rejected up front by _SHELL_COMPOUND_RE in Samuel.shell(). This is the second-review root finding: validating only the first word of a command was a bypass. Now any compound command is denied before the allowlist even runs.

Civilian-only mandate (2026-04-13 security review root cause): the following were removed from the allowlist because they had no business in a civilian appliance:

• Offensive: nmap, nikto, sqlmap, gobuster
• Privilege: sudo
• Mutation: dnf
• Cloud / non-Fedora: aws, az, gcloud, doctl, terraform, helm, k3s, pulumi, pwsh, wslpath

Their absence is the rule, not the omission.

10. Secrets — root cause and administration

Where secrets live:

• GitHub PAT — /s7/.config/s7/github-token (mode 600, owner s7). User: skycair-code. Scopes: repo, admin:gpg_key, admin:org, admin:enterprise. Rotated every 7 days.
• CWS engine token — CWS_ENGINE_TOKEN env var, sourced from .env by s7-manager.sh’s load_env.
• Postgres password — S7_PG_PASSWORD env var, same path.
• Image-signing key — covered by docs/internal/runbooks/s7-image-signing-key-ops.md.

Root cause of historical secret incidents:

1. Git identity drift (feedback_git_identity.md) — commits were going as jamie@123tech.net instead of the skycair-code noreply address, which associated the wrong identity. Fixed: lifecycle commits use 261467595+skycair-code@users.noreply only.
2. Signed-commit bad_email rejection — noreply was rejected at push time. Workaround: sync script toggles required_signatures around push. Permanent fix pending: “Keep email private” toggle on the skycair-code account.

Administration rules:

• Never edit public repo directly. Edit private → commit → sync script → push.
• Never include AI / Co-Authored-By attribution in commits.
• Never commit .env, credentials, or PATs.
• Rotate the GitHub PAT every 7 days.
• The image-signing key has its own runbook; not in this recipe.

11. TAR / GZIP / GIT — the packaging & sync recipes

TAR / GZIP

S7 distributes sovereign artifacts as .tar (no external registry). The canonical patterns:

# Pack an admin appliance bundle (already used in tree)
tar -cf s7-skyqubi-admin-v2.6.tar <files>

# Compressed snapshot
tar -czf snapshot.tar.gz <files>

# Verify before opening anything from outside
sha256sum <file.tar>

Anything pulled from outside goes through the Intake Gate at iac/intake/: quarantine → verify (hash + GPG sig) → promote. The intake gate is mandatory for upstream artifacts (2026-04-13 X44 incident — never apply the S7 wrapper without the gate passing).

GIT — the lifecycle commands

The repos use a two-tier release:

lifecycle  ──┐
             ├──► private main  ──► public main
             │   (go-live-private)   (Core Update days only)

Private repo daily moves (allowed any day):

cd <private repo>
git checkout lifecycle
# ... edit privately ...
git add -p && git commit -m "feat(...): ..."
git push origin lifecycle

Promote lifecycle → private main:

git checkout main && git merge --ff-only lifecycle && git push origin main

Sync private main → public main (runs on Core Update days):

./s7-sync-public.sh

The sync script is the only permitted bridge to /s7/skyqubi-public. Do not edit the public repo directly (feedback_edit_private_only.md).

Git commands authorized for Samuel + skills

12. Lifecycle organization — LOCAL → PRIVATE → PUBLIC

Public is frozen until 2026-07-07 07:00 CT. The lifecycle and private tiers are still live — only the bridge to public is closed.

13. Domain & DNS management

The 14 catchers per reference_godaddy_portfolio.md: skycair.{info, net, org, xyz}, omegaanswers.{com, xyz}, skycairdestroysredhatlinux.info, skynetcair.info, linuxalternatives.info, microsoftalternatives.info, windowsalternatives.com, unifiedlinuxwithevolve2linux.info, unifiedlinuxwithskycair.info, unifiedlinuxwithskynetssl.xyz.

Upstream resolver (documented): Quad9 9.9.9.9 — project_security_model.md calls Quad9 the sovereignty stance. Upstream resolver (observed live): 192.168.1.1 (router DNS). Drift logged in §16. This is a known awareness gap, not a fix to make tonight.

14. Email management

Single rule: all contact email forwards to omegaanswers@123tech.net. Don’t create mailboxes. Don’t enable Workspace mail-receive on info@skyqubi.com (Jamie’s call: “ignore the email, just use all to go to omegaanswers”). Site mailto links target omegaanswers@123tech.net?subject=... directly.

Don’t tie email to git commits. omegaanswers@123tech.net is for humans contacting Jamie. Git commit attribution uses the skycair-code noreply address only.

15. Unity Design — Tonya & Trinity influenced palette

The household-approved palette (from wix/, branding/, and the 2026-04-12 Tonya sign-off):

Type: Cormorant Garamond (italic + roman) for headings + brand voice; Lora for body; JetBrains Mono for code. Loaded from Google Fonts via the public-facing dashboard <head>.

Italic i rule: every product name written with i — QUBi, SkyAVi, SkyQUANTi — uses true italic on the i. This is part of the brand, not decoration.

Testing portion (end-user-facing): the persona-chat UI on 127.0.0.1:57082 is the live testing surface. Vivaldi is the trusted client. Mobile tests already passed (iPhone, 2026-04-12).

16. The Final Audit — eight zeros, run live

This is the audit Trinity (or any steward, or Samuel) runs to confirm the recipe still matches the house. Eight zeros must hold. If any zero becomes a one, document it in the table at the bottom.

The audit is a TWO-AXIS GATE

Axis A — Drift (zeros 1–8): does what’s running match the recipe? Axis B — Vulnerability (zero 9): is the code we’re about to ship itself safe? Both axes must pass before private main is allowed to sync to public main. The freeze surfaces are frozen because this gate fires — not because someone promised not to touch them.

Severity ladder:

• 0 hard issues = clean. Sync may proceed.
• Warning (pinned) = pre-existing item on the acknowledged follow-up list. Loud, not silent. Sync proceeds.
• Warning (new) = something this run introduced. Block. Either revert or update the recipe in the same commit.
• Drift detected = a port / PID / user / link / dep / pattern not in the recipe. Block. Update the recipe first.

The nine zeros

Axis A — Drift (the recipe matches reality):

Axis B — Vulnerability (the code we ship is itself safe):

The intake gate covers what comes in. The pre-sync gate (this audit) covers what goes out. Both directions get the same posture: nothing untrusted crosses a tier boundary unannounced.

Live audit results

Run while writing the recipe — these are the actual numbers. The recipe ships with this audit attached. Re-run before any public-facing change.

Verdict: **5 hard zeros, 1 known-pinned MEDIUM (zero #3 — the 2026-04-13 shell=True follow-up), 4 awareness items (zero #6 DNS

• three under zero #7).** Nothing new was introduced by writing this recipe. The audit did surface five gaps the recipe’s first draft got wrong — three missing pod subuids, one missing system user (skybuilder), and one missing host listener (*:8080 Caddy front door). All five were corrected in this same commit before the recipe was declared done. The recipe caught itself, which is the whole point of Jamie Love RCA.

Number that matters: 0 unrecognized resources after correction. Every listening port, every PID, every user account on this box is now in this recipe. If the next re-run produces something not in §3 / §4, that’s new drift — pre-existing items are all accounted for and pinned.

How to re-run the audit yourself

# 1. Endpoint snapshot
ss -tlnp | awk 'NR==1 || /127\.0\.0\.1|0\.0\.0\.0/'

# 2. Container snapshot
podman ps --format "table \t\t"

# 3. Process snapshot (S7-relevant only)
ps -eo pid,user,comm,args | grep -E "ollama|uvicorn|s7_|samuel|cws|persona" | grep -v grep

# 4. DNS snapshot
resolvectl status | head -25

# 5. Git lifecycle state
( cd <private repo> && git status -s && git log --oneline -3 )

# 6. Allow/deny list spot-check
grep -A20 "SHELL_ALLOWLIST = \[" <private repo>

# 7. Secrets in tracked files
( cd <private repo> && git ls-files | xargs grep -lE "ghp_[A-Za-z0-9]{36}|BEGIN PRIVATE KEY" 2>/dev/null )

# 8. Axis B — application vulnerability scan (when tools are installed)
bandit -r <private repo> <private repo> -ll
shellcheck <private repo>
gitleaks detect --source <private repo> --no-banner
pip-audit --requirement <private repo>
trivy image --severity HIGH,CRITICAL s7/skycair:latest

Tooling note: Axis B tools are FOSS, run locally, need no SaaS, and fit the sovereign-offline mandate. Install via the next Core Update window, not now — the freeze applies to what’s running, not to the developer toolbox sitting alongside it.

If any of those commands return something not documented in §3 / §4 / §8 / §9 / §13, the recipe is the bug. Update the recipe. Then re-run the audit until it’s green again.

17. Cleaning + documenting (always conclude with this)

Every CHEF session ends with the same three motions:

1. Clean. Remove temp files (/tmp/s7-* if not a pid file in active use), close any background processes started for exploration, return the working tree to a known state.
2. Document. What changed, what was learned, what’s still open — in this binder if it’s foundational, in a postmortem if it was a bug, in a memory entry if it’s a rule that future-you will need.
3. Final audit. Re-run §16 until all eight zeros hold. An audit that doesn’t re-run is a story, not an audit.

18. Any more questions / assistance needed?

This recipe is meant to be complete enough that Trinity can read it cover-to-cover and operate the house at the observation level. If something here is unclear, the steward path is:

• Tonya — covenant + UX questions (“does this break anything for the family?”)
• Trinity / Jonathan — supervision questions (“should we let Samuel do this on its own?”)
• Jamie — anything that touches the seven frozens
• Samuel — anything in §16 (the audit) — Samuel can run steps 1–4 of Jamie Love RCA on its own; step 5 (the climb) needs a steward.

For anything outside this binder, contact omegaanswers@123tech.net.

Thank you. The household is the reason. The recipe is the ingredient list. Love is the architecture.