Status
Every subproject,
wired up.
Architecture diagrams baked at build time from each subproject's self-emitted slot in data/status/. Live-state strip shows version, last build, and a status pill. The pill is color and icon both — color-blind safe.
Quantapix
Cloud-base, outreach, production-assistance, and observe-only watchers.
AWS cloud-base for every Quantapix surface. Four CloudFront-fronted static sites, one t4g.small EC2 fronting two FastAPI apps, GitHub OIDC for CI, KMS-CMK-backed SecureStrings.
Browser
End user. Resolves the apex hostname (e.g. quantapix.com, femfas.net) and pulls HTML/CSS/JS over HTTPS. No cookies, no auth, no JS state — every site under designing/web/+documenting/web/ is fully static.
Route 53
One hosted zone per apex domain. Apex A+AAAA ALIAS records point at the CloudFront distribution; www. redirects to apex via a separate distribution or CNAME. Five zones live: two canonical (quantapix.com, femfas.net) carrying the four site stamps plus the two api.* A-records, three legacy redirect zones (qnarre.com, femfas.com, qaltum.net) intentionally kept.
CloudFront
One distribution per site. PriceClass_100 (US/EU edges only — cheapest). HTTP/2 + HTTP/3, HSTS via security-headers policy, OAC origin-access. Cache: *.html short (300s, must-revalidate); everything else immutable (1y). 403/404 both map to /404.html.
CloudFront Fn
Viewer-request CloudFront Function. Four canonical Functions: qagents-rewrite-index (quantapix.com), qagents-rewrite-index-femfas (femfas.net), qagents-rewrite-index-qnarre, qagents-rewrite-index-qresev (Phase 4 product shells). Rewrites /route → /route/index.html so the S3 REST origin can serve Astro static builds. Required because OAC is the origin-access mode (the static-website endpoint would skip this step but loses bucket-policy scoping). The Phase-3 orphan astro-rewrite-index was deleted 2026-05-11 (INVENTORY § 8 drift #6 closed).
S3 (OAC)
One bucket per site, named for the apex (quantapix.com, femfas.net, …). REST endpoint, BlockPublicAccess on, versioning + 30-day noncurrent lifecycle. Bucket policy grants s3:GetObject only to the CloudFront service principal scoped by AWS:SourceArn — no public reads, no IAM users.
static dist/
Output of pnpm -C <sub>/web build. Astro emits /<route>/index.html for every page + hashed asset bundles under _astro/. scripts/deploy.sh wipes the bucket then runs two-pass aws s3 sync --delete (HTML short-cache, everything else immutable) + a CloudFront /* invalidation.
ACM cert
One ACM cert per distribution, in us-east-1 (CloudFront's only certificate region). DNS-validated via the matching Route 53 zone. Auto-renewed; pinned to the distribution's viewer-protocol-policy (HTTPS-only, modern TLS).
quantapix.com — Astro + React islands, S3 + CloudFront. The site you are reading. Status page rides this same pipeline.
designing/web
Source tree for quantapix.com — Astro 5 + React islands. Tokens at web/src/styles/tokens.css are copied verbatim from the Claude Design bundle at data/renders/designing-design/; bridge tokens for the diagram kit live in tokens-bridge.css. The /status page itself is generated from this tree.
astro build
Static-site compilation. pnpm verify = lint-tokens (no hex literals outside tokens.css; no upstream-bundle brand leaks) + astro check + build. The build also bakes data/status/<sub>.json hub slots into the /status page at this step via src/lib/status-loader.ts.
S3 quantapix.com
Bucket quantapix.com in us-east-1. Same hardening pattern as the femfas.net bucket — OAC origin access, BlockPublicAccess on, versioning + 30-day noncurrent lifecycle. Wipe-and-replace deploy is reversible via the versioned objects.
CloudFront
Distribution E27NQG9Y1ZPLGH. Same shape as documenting's — PriceClass_100, HTTP/2 + HTTP/3, HSTS preload, the same URI-rewrite Function for Astro's directory-index resolution, the same 403 + 404 → /404.html mapping. The shared deploy contract lives in qagents/CLAUDE.md § "AWS deploys".
Playwright e2e
Live-site smoke test. After every deploy: PW_BASE_URL=https://quantapix.com pnpm -C web test:e2e flips Playwright's baseURL to the CDN. Three project matrices run — chromium-desktop, chromium-mobile, chromium-reduced-motion — across the marketing site + the /status deep pages.
femfas.net v2 — Astro + React islands fronted by S3 + CloudFront. Public dockets, redacted filings, the long-form record.
documenting/web
Source tree for femfas.net v2 — Astro 5 + React islands. Pages under web/src/pages/; copy lives in one module at web/src/copy.ts (engineer-debugging voice, ASCII outer string delimiters). PDFs at web/public/*.pdf keep their v1 filenames; new filings under web/public/assets/{filings,letters}/.
astro build
Static-site compilation. pnpm verify = lint + astro check + build; nothing reaches S3 without it green. Output is dist/ — entirely static, no SSR. Built artifacts feed the same two-pass aws s3 sync --delete as designing/web.
S3 femfas.net
Bucket femfas.net in us-east-1. CloudFront reaches it via Origin Access Control (not OAI); BlockPublicAccess on at both account and bucket. Versioning + 30-day noncurrent lifecycle from setup-bucket-hardening.sh. The wipe-and-replace deploy is reversible because of versioning.
CloudFront
Distribution E1HSASY4B6ODER. PriceClass_100 (US/EU edges only). HTTP/2 + HTTP/3, HSTS preload. Cache: *.html short (300s, must-revalidate); everything else immutable (1y). Viewer-request CloudFront Function rewrites /route → /route/index.html; 403 + 404 both map to /404.html.
Playwright e2e
Live-site smoke test. After every deploy: PW_BASE_URL=https://femfas.net pnpm -C web test:e2e flips Playwright's baseURL to the CDN and runs the same suite against it. Failures here vs. local preview surface CDN-only behaviors — trailing-slash redirects, hydration races, cache anomalies.
Operational-axis Lean4 kernel + cross-axis representation research. Axiomatizes qagents operations (git first) with the same kernel + LLM-facts + lake-build architecture as proving/ and accounting/; owns the hub/ guide-rails. T1 (branch-lock exclusion) and T3 (worktree divergence detection) proved by the /dao coding-v.-testing lane over extracted repo snapshots.
5 topics × 10 subjects video-explainer arc. Janet narrates animated cards + D3.js / Cytoscape.js graphics over a HeyGen → Remotion → DaVinci Resolve pipeline. Scripts only here; rendering downstream.
6-month public donation drive (2026-06-01 → 2026-12-01) backing the qagents open-source framework and the pro se federal/state litigation work it supports. Four cost buckets, monthly public ledger.
Open-source release subproject. Owns publishing/quantapix/ + the /publish pipeline (sweep → redact → compile → push to github.com/quantapix/*).
sweep
collect
verify
compile
push
Daily watcher over the qagents constellation. 06:00 cron-fires a top-tier-model coordinator that spawns three top-tier subagents (checker / planner / reporter) plus one Haiku verifier in parallel. Observe-only — outputs are dated .md under checks/ / tasks/ / reports/.
launchd 06:00
Daily LaunchAgent fires run_routine.sh managing daily at 06:00 local on every weekday (and Sat/Sun). The plist is generated by data/schedules/launchd/install.sh; the ROUTINES entry is managing:daily:06:00:0,1,2,3,4,5,6. Per-run budget cap defaults to MAX_BUDGET_USD=9.00.
coordinator
The coordinator prompt lives at managing/.claude/coordinator-prompt.txt. It spawns the four subagents below in parallel via the Task tool with isolated contexts (each subagent sees its own inputs only). Coordinator exits after the four return one-line completions — no accumulated context bleed.
checker
Top 5 issues across consistency / correctness / functionality. Functionality is always highest priority. Reads the whole qagents tree read-only, hits live websites via WebFetch, queries the public GitHub org via gh. Output: managing/checks/<date>.md.
planner
10 most pressing items for the day, ranked. Draws from today's checks, yesterday's untackled tasks, and visible backlog (PLAN.md + Memory.md across subprojects). Output: managing/tasks/<date>.md.
reporter
% completion of yesterday's checks + tasks, with evidence — commit hashes, file changes, closed issues, deploy log lines. Distinguishes done / in progress / not touched. Output: managing/reports/<date>.md.
verifier
Structural validation only — non-empty + schema-shape. Walks pending/**, writes a machine-readable pass-list to managing/checks/<date>.pending.json and appends a human-readable ## Pending verification section to the day's checks file. The pass-list drives the lock-protected rsync in data/schedules/launchd/verify-pending.sh.
managing/<dirs>/
Dated outputs land under managing/{checks,tasks,reports}/<date>.md. The verifier's pass-list also drives the post-fire rsync that promotes verified pending/** artifacts into canonical data/ under .data-write-lock. The only commit lane managing/ owns — message prefix [managing] verify <date>:.
Adversarial sibling of managing/. On-demand /open shorting; one top-tier-model subagent per target produces 10 numbered "shorting positions" under shorting/positions/<target>/<date>.md. Observe-only; findings route to managing/.
Qnarre
Legal-complaint verifier — UI shell + Lean4 kernel.
depends on: Quantapix › serving
Axiomatic verifier for legal complaints. Astro + React-island shell fronted by FastAPI; SSE streams predicate events from the proving/ Lean kernel. Early-beta 6/1/2026.
Lean4 axiomatic kernel for the legal domain. RICO + Title VI + §§ 1981/1983/1985(3). Predicates return ⟨bool, evidence, citation⟩; the kernel does no I/O. Each verifier run produces a per-predicate report.json + proof-DAG graph.json + intro-rule loci.json — surfaced here as the recent-runs table + latest-run diagram + predicate roster.
Qresev
Portfolio evaluator — UI shell + Lean4 kernel + data feeds + paper PMs.
depends on: Quantapix › serving
Axiomatic evaluator for stocks and portfolios. Same shape as Qnarre, different OHLCV. Defined-risk options only — six-strategy allow-list enforced at both the UI and the kernel. Early-beta 6/1/2026.
Lean4 axiomatic kernel for the financial domain. TREND + MOMENTUM + OPTIONS-RISK + SECTOR + DRAWDOWN over portfolios. Defined-risk options only — six strategies enforced at the Strategy enum type level and re-checked by the OPTIONS-RISK predicates. Each verifier run produces a per-predicate report.json + proof-DAG graph.json + intro-rule loci.json — surfaced here as the recent-runs table + latest-run diagram + predicate roster.
VSCode extension. DuckDB+Parquet OHLCV store, lightweight-charts v5, yfinance/Stooq ingest, Alpaca IEX live feed. Symbols / Sectors / Portfolios trees feed the chart + aggregate panels.
yfinance / Stooq
Daily-bar ingest via scripts/ingest.py (yfinance multi-symbol fetch, Stooq fallback). Writes canonical OHLCV columns {ts,o,h,l,c,v,adj_c} to financial/parquet/ohlcv-equities/<SYM>.parquet in the post-charter flat layout.
Alpaca IEX
Intraday live feed (REST snapshots + WebSocket trades/bars) via the Alpaca IEX SIP. Bar shape matches the canonical OHLCV columns at the client boundary — vendor field names never leak past the adapter.
DuckDB + Parquet
OHLCV-equities + TA-reference parquet store. Read by the extension via DuckDB views (no row-level Python). Today: 526 OHLCV symbols, 526 with TA-Lib reference companions. GICS sector/industry mapping lives at financial/parquet/gics-symbols.parquet (present).
analyzing ext
VSCode extension host. Activity-bar trees (Symbols / Sectors / Portfolios) feed two webviews — ChartPanel (single-symbol) and AggregatePanel (multi-symbol roll-up). Webviews bundled via esbuild from src/webview/; extension host code in src/.
lightweight-charts v5
TradingView lightweight-charts v5 in the ChartPanel webview. Honors Layer A tokens; chart-color migration to tokens-chart.css deferred per display-modes-2026-05-07 § 9.
Three competing PMs (aggressive / moderate / conservative) on Alpaca paper. Holding periods are days to months — not day-trading. Defined-risk options only; non-allow-listed strategies hard-refused.