feat(amaru): per-app cortex brain + unified LLM router + Wire D/E/F (additive, Doctrine v10). Add /brain (cortex theorems TH1 Λ-Conjecture / TH8 GLR proven / TH10, 7 chakras, 5 founder-locked LLM tiers) and API /api/amaru/v1/brain, /brain/reason, /llm/route, /llm/tiers, /cortex-subscribe (Wire E SSE), /mesh/state, /v1/brainz. Wire D: in-process W3C traceparent middleware (real per-request generation+propagation; cross-Space broker NOT wired — labeled LIVE_IN_PROCESS, links to a11oy /wires). Wire E: amaru subscribes to a11oy brand-decision events (in-memory SSE bus). Wire F: receipts ingest into Khipu DAG (DSSE sig=PLACEHOLDER, Sigstore CI not wired). Does NOT shadow existing /api/amaru/healthz (7 chakras) — brain status at additive /api/amaru/v1/brainz. Honest numbers 749/14/163 @ c7c0ba17. Preserves /conduit SPA + /upgrades + root cortex. ZERO BANDAID. Yachay CTO + Opus.

Dockerfile

@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: LicenseRef-SZL-Proprietary
-# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v9
+# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v10
 # amaru HF Docker Space — serves the amaru memory-cortex operator surface + the
 # real 7-chakra runtime API at /api/amaru/* + the verbatim Replit reverse-ETL
 # React SPA at /conduit/ (BASE_PATH=/conduit/, title "Amaru — The Andean Ouroboros").
@@ -33,6 +33,10 @@ COPY conduit/ /app/static/conduit/
 
 COPY serve.py /app/serve.py
 
+# ADDITIVE (Doctrine v10): shared per-app BRAIN + unified LLM router + mesh wires.
+COPY szl_brain.py /app/szl_brain.py
+COPY szl_wire.py /app/szl_wire.py
+
 ENV PORT=7860
 EXPOSE 7860
 

serve.py

@@ -20,14 +20,19 @@ import sys
 
 sys.path.insert(0, "/app")
 
+import asyncio as _asyncio
 from pathlib import Path
-from fastapi import FastAPI
+from fastapi import FastAPI, Request
 from fastapi.staticfiles import StaticFiles
-from fastapi.responses import FileResponse
+from fastapi.responses import FileResponse, JSONResponse, StreamingResponse, HTMLResponse
 from starlette.middleware.cors import CORSMiddleware
 
 from amaru.app import app as amaru_app
 
+# Doctrine v10 ADDITIVE: shared per-app BRAIN + unified LLM router + mesh wiring.
+import szl_brain as _brain
+import szl_wire as _wire
+
 app = FastAPI(title="Amaru — Full Stack")
 
 app.add_middleware(
@@ -37,6 +42,94 @@ app.add_middleware(
     allow_headers=["*"],
 )
 
+# Wire D — W3C traceparent propagation middleware.
+_wire.install_traceparent_middleware(app, "amaru")
+
+# ---------------------------------------------------------------------------
+# PER-APP BRAIN (amaru = cortex / reasoning) + UNIFIED LLM ROUTER + Wire E.
+# Registered on the ROOT app BEFORE the /api/amaru mount so they take precedence.
+# ADDITIVE, Doctrine v10.
+# ---------------------------------------------------------------------------
+
+@app.get("/api/amaru/v1/brain")
+async def amaru_brain() -> JSONResponse:
+    """amaru cortex brain: TH1 (Λ Conjecture), TH8 GLR (proven), TH10 (Conjecture 1), 7 chakras."""
+    return JSONResponse(_brain.brain_payload("amaru"))
+
+
+@app.post("/api/amaru/v1/brain/reason")
+async def amaru_brain_reason(request: Request) -> JSONResponse:
+    """Axis-scored reasoning with theorem citations. POST {prompt, axis_scores}."""
+    try:
+        body = await request.json()
+    except Exception:
+        body = {}
+    axis = body.get("axis_scores") or [0.9] * 13
+    L = _brain.lambda_aggregate(axis)
+    th = _brain.THEOREMS
+    cited = {k: th[k] for k in ("TH1", "TH8", "TH10")}
+    routed = _brain.route(body.get("prompt", ""), axis, task_hint="math")
+    return JSONResponse({
+        "lambda": round(L, 6),
+        "chakras": _brain.ROLE_SLICES["amaru"]["chakras"],
+        "theorems_cited": cited,
+        "llm_route": routed,
+        "note": "Λ uniqueness is a Conjecture (TH1), not a closed theorem; TH8 GLR is proven; TH10 is Conjecture 1.",
+        "doctrine": "v10",
+    })
+
+
+@app.post("/api/amaru/v1/llm/route")
+async def amaru_llm_route(request: Request) -> JSONResponse:
+    try:
+        body = await request.json()
+    except Exception:
+        body = {}
+    return JSONResponse(_brain.route(
+        prompt=body.get("prompt", ""), axis_scores=body.get("axis_scores"),
+        max_tier=body.get("max_tier", 4),
+        require_lambda_receipt=body.get("require_λ_receipt", body.get("require_lambda_receipt", True)),
+        task_hint=body.get("task_hint", "")))
+
+
+@app.get("/api/amaru/v1/llm/tiers")
+async def amaru_llm_tiers() -> JSONResponse:
+    return JSONResponse({"count": len(_brain.TIERS), "tiers": _brain.TIERS, "default": "claude_sonnet_4_6", "doctrine": "v10"})
+
+
+@app.get("/api/amaru/v1/cortex-subscribe")
+async def amaru_cortex_subscribe() -> StreamingResponse:
+    """Wire E: amaru subscribes to a11oy brand-decision events via Server-Sent Events.
+    Honest: in-memory ring buffer (no external broker in a static HF Space)."""
+    async def gen():
+        for chunk in _wire.cortex_sse_stream(max_events=5):
+            yield chunk
+            await _asyncio.sleep(0.05)
+    return StreamingResponse(gen(), media_type="text/event-stream")
+
+
+@app.get("/api/amaru/v1/mesh/state")
+async def amaru_mesh_state() -> JSONResponse:
+    return JSONResponse(_wire.mesh_status())
+
+
+@app.get("/api/amaru/v1/brainz")
+async def amaru_brainz() -> JSONResponse:
+    """Brain/router/wire status (additive; does NOT shadow the existing
+    /api/amaru/healthz '7 chakras' endpoint inside the mounted amaru_app)."""
+    return JSONResponse({
+        "ok": True, "service": "amaru", "surface": "memory cortex (7 chakras)",
+        "doctrine": "v10",
+        "traceparent_propagating": "in-process only (real within this Space; not distributed across Spaces)",
+        "wires": {"B": "LIVE", "C": "LIVE",
+                  "D": "LIVE_IN_PROCESS (traceparent generated+propagated per request; cross-Space broker NOT wired — see a11oy /wires)",
+                  "E": "LIVE (cortex SSE, in-memory bus)", "F": "LIVE (Khipu receipt DAG via vessels ingest)"},
+        "brain": "/brain + /api/amaru/v1/brain/*", "llm_router": "/api/amaru/v1/llm/route",
+        "declarations": 749, "axioms": 14, "sorries": 163,
+        "note": "Canonical chakra healthz remains /api/amaru/healthz (unchanged). This brainz endpoint is additive.",
+    })
+
+
 app.mount("/api/amaru", amaru_app)
 
 STATIC_DIR = Path("/app/static")
@@ -101,6 +194,50 @@ async def upgrades_index():
 # registered, which 404'd the root memory-cortex landing. Dedented to module level
 # to restore the GREEN root route. ADDITIVE/no-content-change to /upgrades or v10.
 # Registered LAST so /api/amaru, /conduit, /upgrades all take precedence.
+# ---------------------------------------------------------------------------
+# /brain — amaru cortex brain page (ADDITIVE, Doctrine v10). Renders the cortex
+# theorems (TH1 Λ Conjecture, TH8 GLR proven, TH10 Conjecture 1) + 7 chakras +
+# the 5 founder-locked LLM tiers + live axis-scored reasoning playground.
+# Registered BEFORE the catch-all so it is a real distinct page.
+# ---------------------------------------------------------------------------
+
+_BRAIN_HTML = """<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>amaru — Brain (cortex / reasoning) · Doctrine v10</title>
+<style>:root{--bg:#0b0e14;--card:#121826;--ink:#e8eef7;--mut:#8aa0bf;--acc:#5ad1c0;--acc2:#7aa2ff;--line:#243149;--warn:#e0c060}
+*{box-sizing:border-box}body{margin:0;font:15px/1.55 -apple-system,Segoe UI,Roboto,Arial,sans-serif;background:var(--bg);color:var(--ink)}
+.wrap{max-width:1060px;margin:0 auto;padding:32px 20px 90px}h1{font-size:27px;margin:0 0 4px}h2{font-size:18px;margin:30px 0 10px;border-bottom:1px solid var(--line);padding-bottom:6px}
+.sub{color:var(--mut);margin:0 0 18px}.card{background:var(--card);border:1px solid var(--line);border-radius:12px;padding:16px 18px;margin:14px 0}
+code{background:#0a1626;padding:1px 5px;border-radius:5px;color:var(--acc);font-size:12px}a{color:var(--acc);text-decoration:none}a:hover{text-decoration:underline}
+.b{display:inline-block;padding:1px 8px;border-radius:999px;font-size:11px;font-weight:700}.green{background:#0f3a2e;color:#5ad1c0}.amber{background:#3a2f0f;color:var(--warn)}
+table{width:100%;border-collapse:collapse;font-size:13px}th,td{text-align:left;padding:6px 8px;border-bottom:1px solid var(--line);vertical-align:top}th{color:var(--mut)}
+button{background:var(--acc2);color:#06101f;border:0;border-radius:8px;padding:8px 14px;font-weight:700;cursor:pointer}pre{background:#0a1626;border:1px solid var(--line);border-radius:8px;padding:12px;overflow:auto;font-size:12px}
+.note{color:var(--mut);font-size:13px}.kpis{display:flex;gap:10px;flex-wrap:wrap;margin:10px 0}.kpi{background:var(--card);border:1px solid var(--line);border-radius:10px;padding:10px 14px;min-width:110px}.kpi b{font-size:20px;display:block;color:var(--acc)}
+nav a{margin-right:14px;font-weight:600}.foot{margin-top:40px;color:var(--mut);font-size:12px;border-top:1px solid var(--line);padding-top:14px}</style></head>
+<body><div class="wrap">
+<nav class="note"><a href="/">home</a><a href="/conduit/">/conduit</a><a href="/upgrades">/upgrades</a><a href="https://szlholdings-a11oy.hf.space/mesh" target="_blank" rel="noopener">a11oy /mesh</a></nav>
+<h1>amaru — Brain</h1>
+<p class="sub">Anatomy role: <b>cortex / reasoning</b> · Doctrine v10 · cortex theorems + 7 reasoning chakras + unified LLM router</p>
+<div class="kpis"><div class="kpi"><b>7</b>chakras</div><div class="kpi"><b>3</b>cortex theorems</div><div class="kpi"><b>5</b>LLM tiers</div><div class="kpi"><b>749</b>Lean decls</div><div class="kpi"><b>163</b>sorries</div></div>
+<h2>1 · Cortex theorems (honest status)</h2><div class="card"><table id="th"><tr><th>id</th><th>name</th><th>status</th><th>Lean</th></tr></table>
+<p class="note">TH1 Λ uniqueness is a <b>Conjecture</b> (open CAUCHY_ND sorry at <code>Uniqueness.lean:120</code> + missing symmetry axiom) — NOT a closed theorem. TH8 GLR is <b>proven</b>. TH10 is Conjecture 1 (v9 mis-promoted; reverted in v10).</p></div>
+<h2>2 · 7 reasoning chakras</h2><div class="card"><p id="ch" class="note">…</p></div>
+<h2>3 · Live axis-scored reasoning (cites theorems)</h2><div class="card"><button onclick="reason()">POST /api/amaru/v1/brain/reason</button> <button onclick="sub()">GET /api/amaru/v1/cortex-subscribe (Wire E SSE)</button><pre id="out">// result</pre></div>
+<h2>4 · Unified LLM router (5 founder-locked tiers)</h2><div class="card"><table id="tiers"><tr><th>rank</th><th>model</th><th>use</th></tr></table>
+<p class="note">Same router on every Space. HONEST: no model key wired — <code>response</code> is a stub; tier selection + Λ-receipt are real; receipt <code>signature</code> is a PLACEHOLDER (Sigstore CI not wired).</p></div>
+<div class="foot">Canonical numbers <a href="https://github.com/szl-holdings/.github/blob/main/.github/data/lean_numbers.json" target="_blank" rel="noopener">lean_numbers.json</a> @ <code>c7c0ba17</code> (749/14/163). Router source <a href="https://github.com/szl-holdings/platform/tree/main/packages/llm-router" target="_blank" rel="noopener">platform/packages/llm-router</a>. ADDITIVE — /conduit, /upgrades, root cortex all preserved. ZERO BANDAID.</div>
+</div><script>
+async function reason(){const o=document.getElementById('out');o.textContent='…';try{const r=await fetch('/api/amaru/v1/brain/reason',{method:'POST',headers:{'content-type':'application/json'},body:JSON.stringify({prompt:'Is Λ uniqueness proven?',axis_scores:[0.92,0.9,0.88,0.91,0.93,0.9,0.89,0.92,0.9,0.91,0.93,0.9,0.92]})});o.textContent=JSON.stringify(await r.json(),null,2);}catch(e){o.textContent='error: '+e;}}
+async function sub(){const o=document.getElementById('out');o.textContent='subscribing (SSE)…';try{const r=await fetch('/api/amaru/v1/cortex-subscribe');o.textContent=await r.text();}catch(e){o.textContent='error: '+e;}}
+(async()=>{try{const b=await (await fetch('/api/amaru/v1/brain')).json();const th=b.brain.theorems;const t=document.getElementById('th');Object.entries(th).forEach(([k,v])=>{const cls=v.status==='PROVEN'?'green':'amber';t.innerHTML+=`<tr><td><b>${k}</b></td><td>${v.name}</td><td><span class="b ${cls}">${v.status}</span></td><td><code>${v.lean}</code></td></tr>`;});document.getElementById('ch').textContent=b.brain.chakras.join(' · ');const tt=document.getElementById('tiers');b.llm_tiers.forEach(x=>{tt.innerHTML+=`<tr><td>${x.rank}</td><td><code>${x.id}</code></td><td>${x.use}</td></tr>`;});}catch(e){}})();
+</script></body></html>"""
+
+
+@app.get("/brain", response_class=HTMLResponse)
+async def amaru_brain_page():
+    return HTMLResponse(content=_BRAIN_HTML)
+
+
 @app.get("/{path:path}")
 async def serve_spa(path: str):
     file_path = STATIC_DIR / path

szl_brain.py

@@ -0,0 +1,219 @@
+# SPDX-License-Identifier: Apache-2.0
+# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v10
+"""
+szl_brain — shared per-app BRAIN + UNIFIED LLM ROUTER, deployed identically on
+every SZL Space.  Python port of the canonical TypeScript source-of-truth at
+szl-holdings/platform/packages/llm-router/ (llm_router.ts).
+
+Two things every Space gets from this one module:
+
+  1. UNIFIED LLM ROUTER  — pick an LLM *tier* from the 13-axis Λ trust vector and
+     emit a Λ-receipt for every routed call.  Mounted at /api/<space>/v1/llm/route.
+
+  2. PER-APP BRAIN       — a thesis/formula slice keyed by the Space's anatomy role,
+     served at /api/<space>/v1/brain/* and rendered at /brain.
+
+HONESTY (Doctrine v10):
+  - The Λ-receipt `signature` field is a PLACEHOLDER.  Sigstore CI (cosign/DSSE
+    keyless) signing is NOT yet wired.  Labeled explicitly everywhere.
+  - No model API key is wired into the HF Spaces, so the router returns an HONEST
+    STUB for `response`; the tier-selection + Λ-receipt are real, deterministic math.
+  - Canonical numbers are the locked Doctrine v10 set: 749 declarations / 14 unique
+    axioms (15 raw, 1 dup) / 163 sorries (112 baseline + 51 Putnam) @ lutar-lean c7c0ba17.
+"""
+from __future__ import annotations
+
+import math
+import time
+from datetime import datetime, timezone
+from typing import Any
+
+DOCTRINE = "v10"
+CANONICAL = {
+    "lutar_lean_ref": "lutar-v18.0.0 @ c7c0ba17",
+    "declarations": 749,
+    "axioms_unique": 14,
+    "axioms_raw": 15,
+    "axioms_dup": 1,
+    "sorries": 163,
+    "sorries_baseline": 112,
+    "sorries_putnam": 51,
+    "mcp_tools": 12,
+    "policy_gates": 46,
+    "anchor_formula_gates": 44,
+    "lambda_uniqueness": "Conjecture (CAUCHY_ND sorry @ Uniqueness.lean:120 + missing symmetry axiom)",
+    "source": "HONEST_SNAPSHOT from lean_numbers.json @ c7c0ba17 (lean_numbers.py canonical counter)",
+}
+
+SIGNATURE_PLACEHOLDER = "PLACEHOLDER — Sigstore CI signing not yet wired (Doctrine v10)"
+
+# ---------------------------------------------------------------------------
+# 5 LLM tiers — founder-locked (ROSIE_FULL_CAPABILITY_BRIEF_2026-05-31_2135.md §2)
+# ---------------------------------------------------------------------------
+TIERS: list[dict[str, Any]] = [
+    {"id": "claude_sonnet_4_6", "rank": 0, "use": "default reasoning / explain-this-Space / casual Q&A", "why": "200K context, fast, cost-efficient"},
+    {"id": "gemini_3_1_pro",    "rank": 1, "use": "long-form research / multi-source synthesis",          "why": "cost-efficient research"},
+    {"id": "gpt_5_4",           "rank": 2, "use": "math / structured logic / Λ-gate eval / theorem citation", "why": "best at structured reasoning + math"},
+    {"id": "claude_opus_4_8",   "rank": 3, "use": "complex multi-step orchestration / PRs / Lean proofs",  "why": "top-tier reasoning, 200K context"},
+    {"id": "gpt_5_5",           "rank": 4, "use": "highest-stakes investor diligence answers",             "why": "top quality (tie with opus_4_8)"},
+]
+_BY_RANK = {t["rank"]: t for t in TIERS}
+
+
+def lambda_aggregate(axis: list[float] | None) -> float:
+    """Λ aggregator = geometric mean (matches Lutar.Λ k; A2 IsHomogeneous, A4 IsBounded)."""
+    if not axis:
+        return 0.5
+    clamped = [min(1.0, max(1e-9, float(x))) for x in axis]
+    logmean = sum(math.log(x) for x in clamped) / len(clamped)
+    return math.exp(logmean)
+
+
+def pick_tier(axis_scores: list[float] | None, max_tier: int = 4, task_hint: str = "") -> dict[str, Any]:
+    """Trust→tier policy. high Λ → cheap fast; low Λ/adversarial → premium + extra gates."""
+    L = lambda_aggregate(axis_scores)
+    cap = min(4, max_tier if max_tier is not None else 4)
+    if L >= 0.90:
+        rank, reason = 0, f"Λ={L:.3f} ≥ 0.90 floor → high-trust fast tier"
+    elif L >= 0.75:
+        rank, reason = 2, f"Λ={L:.3f} in [0.75,0.90) → mid-trust structured tier"
+    else:
+        rank, reason = 3, f"Λ={L:.3f} < 0.75 (low-trust / adversarial) → premium tier + extra gates"
+    hint = (task_hint or "").lower()
+    floor = {"math": 2, "research": 1, "orchestration": 3, "diligence": 4}.get(hint)
+    if floor is not None:
+        rank = max(rank, floor)
+        reason += f"; task_hint='{hint}' raised floor to rank {floor}"
+    if rank > cap:
+        rank = cap
+        reason += f"; capped at max_tier={cap}"
+    tier = _BY_RANK.get(rank, TIERS[0])
+    return {"tier": tier, "reason": reason, "lambda": L}
+
+
+def make_receipt(axis_scores: list[float] | None, max_tier: int = 4, task_hint: str = "") -> dict[str, Any]:
+    sel = pick_tier(axis_scores, max_tier, task_hint)
+    return {
+        "schema": "szl.llm_route.lambda_receipt/v1",
+        "lambda": round(sel["lambda"], 6),
+        "axis_scores": axis_scores or [],
+        "tier_used": sel["tier"]["id"],
+        "tier_rank": sel["tier"]["rank"],
+        "reason": sel["reason"],
+        "doctrine": DOCTRINE,
+        "ts_utc": datetime.now(timezone.utc).isoformat(),
+        "signature": SIGNATURE_PLACEHOLDER,  # HONEST: not CI-signed yet
+    }
+
+
+def route(prompt: str, axis_scores: list[float] | None = None, max_tier: int = 4,
+          require_lambda_receipt: bool = True, task_hint: str = "") -> dict[str, Any]:
+    """Unified router: choose tier, (would) call LLM, return response + tier + Λ-receipt + latency."""
+    t0 = time.time()
+    receipt = make_receipt(axis_scores, max_tier, task_hint)
+    response = (
+        f"[HONEST STUB] would route to {receipt['tier_used']} (rank {receipt['tier_rank']}). "
+        f"No model key wired in this Space; tier selection + Λ-receipt are real. "
+        f"Reason: {receipt['reason']}"
+    )
+    out = {
+        "response": response,
+        "tier_used": receipt["tier_used"],
+        "tier_rank": receipt["tier_rank"],
+        "latency_ms": round((time.time() - t0) * 1000, 3),
+        "doctrine": DOCTRINE,
+    }
+    if require_lambda_receipt:
+        out["lambda_receipt"] = receipt
+    return out
+
+
+# ---------------------------------------------------------------------------
+# PER-APP BRAIN — thesis/formula slice keyed by anatomy role.
+# Each Space passes its role to brain_payload(role); the shared corpus lives here
+# so the slices stay consistent across Spaces and Rosie can mirror ALL of them.
+# ---------------------------------------------------------------------------
+
+# Cortex theorems (amaru). Honest status from Doctrine v10 reconciliation.
+THEOREMS = {
+    "TH1": {"name": "Λ Conjecture (unique 13-axis aggregator)", "status": "CONJECTURE",
+            "lean": "Lutar/Uniqueness.lean:120 (lutar_is_geomean, CAUCHY_ND sorry)",
+            "note": "Open: Aczel 1966 Thm 5.1 + missing symmetry axiom. NOT a closed theorem."},
+    "TH8": {"name": "GLR — Governed Loop Reachability", "status": "PROVEN",
+            "lean": "Lutar/* (GLR proven on main @ c7c0ba17)",
+            "note": "Bounded governed loops terminate at a receipt-attested fixpoint."},
+    "TH10": {"name": "Conjecture 1 (not Theorem)", "status": "CONJECTURE",
+             "lean": "tracked sorry",
+             "note": "v9 mistakenly promoted to Theorem; v10 reverts to Conjecture 1 per org card."},
+    "TH6": {"name": "DPI Soundness (Bekenstein bound, UN-BANNED)", "status": "PROVEN",
+            "lean": "TH6_DPI_Soundness.lean:103", "note": "Real Lean proof; Bekenstein un-banned in v9, retained v10."},
+    "TH13": {"name": "PAC-Bayes receipt-DAG bound", "status": "PARTIAL",
+             "lean": "Lutar/PACBayes.lean (4 sorries), MadhavaBound.lean (2 sorries)",
+             "note": "Lean-backed with tracked discharge sorries."},
+}
+
+# Immune theorems / witnesses (sentra).
+IMMUNE = {
+    "HUKLLA_SBOMProvenance": "SBOM provenance attestation gate (supply-chain integrity).",
+    "drone_deny": "Default-deny posture for un-attested autonomous actors.",
+    "OVERWATCH_R0513": "Rule R0513 — tamper / anomaly tripwire in the OVERWATCH ruleset.",
+    "KS-18_contextuality_witness": "Kochen–Specker 18-vector contextuality witness (non-classical tamper detect).",
+}
+
+# Receipt structure (vessels) — Khipu Merkle DAG + DSSE envelope.
+RECEIPT_STRUCT = {
+    "khipu_merkle_dag": "Append-only Merkle DAG of receipts; each node = sha256(payload || parent_hashes).",
+    "dsse_envelope": {
+        "payloadType": "application/vnd.szl.receipt+json",
+        "payload": "<base64 receipt>",
+        "signatures": [{"sig": SIGNATURE_PLACEHOLDER, "keyid": "PENDING — Sigstore keyless not wired"}],
+    },
+    "summation_checked_integrity": "Σ(child digests) folded into parent; verify = recompute root digest.",
+}
+
+UDS = {
+    "uds_bundle_integrity": "Universal Deploy System bundle = signed tarball + manifest digest.",
+    "zarf_package_contract": "Zarf package: declared images + manifests; airgap-transferable; checksummed.",
+    "deploy_contract": "deploy.yaml pins image digests + Λ-gate floor; refuse on digest mismatch.",
+}
+
+# a11oy gate composition rules (Brand Orchestration).
+GATE_COMPOSITION = {
+    "policy_gates": 46,
+    "anchor_formula_gates": 44,
+    "lambda_floor": 0.90,
+    "composition_rules": [
+        "AND-compose: a decision passes only if EVERY fired gate passes (conjunctive safety).",
+        "Λ-floor: geometric-mean Λ across 13 axes must be ≥ 0.90 (soundnessAxiom).",
+        "severity-indexed witnesses: higher severity ⇒ more attested witnesses required (thresholdPolicySeverity).",
+        "monotone composition: adding a gate can only lower or keep Λ, never raise it (TH8 GLR-consistent).",
+    ],
+}
+
+ROLE_SLICES = {
+    "a11oy":   {"role": "Brand Orchestration / gates", "gate_composition": GATE_COMPOSITION,
+                "formulas": "46 policy gates + 44 anchor formula gates", "lambda_floor": 0.90},
+    "amaru":   {"role": "cortex / reasoning", "theorems": {k: THEOREMS[k] for k in ("TH1", "TH8", "TH10")},
+                "chakras": ["root", "sacral", "solar", "heart", "throat", "third_eye", "crown"]},
+    "sentra":  {"role": "immune", "immune": IMMUNE},
+    "vessels": {"role": "data pipeline / receipts", "receipt_structure": RECEIPT_STRUCT},
+    "rosie":   {"role": "nervous system / cross-session — inherits EVERYTHING",
+                "inherits": ["a11oy", "amaru", "sentra", "vessels", "uds-demo"]},
+    "uds-demo": {"role": "deploy", "uds": UDS},
+}
+
+
+def brain_payload(space: str) -> dict[str, Any]:
+    slice_ = ROLE_SLICES.get(space, {"role": "unknown"})
+    return {
+        "space": space,
+        "brain": slice_,
+        "llm_tiers": TIERS,
+        "canonical": CANONICAL,
+        "doctrine": DOCTRINE,
+        "honesty": {
+            "lambda_receipt_signature": SIGNATURE_PLACEHOLDER,
+            "lambda_uniqueness": CANONICAL["lambda_uniqueness"],
+            "numbers_source": CANONICAL["source"],
+        },
+    }

szl_wire.py

@@ -0,0 +1,224 @@
+# SPDX-License-Identifier: Apache-2.0
+# © 2026 Lutar, Stephen P. — SZL Holdings · ORCID 0009-0001-0110-4173 · Doctrine v10
+"""
+szl_wire — shared mesh wiring for every SZL Space.  Closes Wires D, E, F per
+Doctrine v10 (Wire B a11oy↔sentra LIVE, Wire C a11oy↔rosie LIVE already).
+
+  Wire D — W3C traceparent propagation.  Middleware extracts an incoming
+           `traceparent` header (W3C Trace Context), generates one if absent,
+           stashes it on request.state, and echoes it on the response.  Outgoing
+           helper `outgoing_headers()` propagates it on cross-Space calls.
+           /api/<space>/healthz exposes `traceparent_propagating: true`.
+
+  Wire E — a11oy↔amaru cortex sync.  a11oy publishes brand-decision events;
+           amaru subscribes for reasoning context via Server-Sent Events at
+           /api/amaru/v1/cortex-subscribe.  In-process ring buffer (honest: no
+           external broker wired; events are real, retained in memory).
+
+  Wire F — a11oy↔vessels receipts.  Every a11oy gate decision emits a receipt
+           that vessels' Khipu DAG ingests via POST /api/vessels/v1/receipts/ingest.
+           Honest: DSSE signature is the PLACEHOLDER (Sigstore CI not wired).
+
+HONESTY: trace IDs are real W3C-format ids; the event buses are in-memory ring
+buffers (no Kafka/NATS in a static HF Space), labeled as such.  Receipt signatures
+are PLACEHOLDER.  Nothing here fabricates cross-process delivery it cannot do.
+"""
+from __future__ import annotations
+
+import hashlib
+import os
+import time
+from collections import deque
+from datetime import datetime, timezone
+from typing import Any
+
+SIGNATURE_PLACEHOLDER = "PLACEHOLDER — Sigstore CI signing not yet wired (Doctrine v10)"
+
+# ---------------------------------------------------------------------------
+# Wire D — W3C Trace Context (traceparent: 00-<32hex trace>-<16hex span>-01)
+# ---------------------------------------------------------------------------
+
+def _rand_hex(nbytes: int) -> str:
+    return os.urandom(nbytes).hex()
+
+
+def new_traceparent() -> str:
+    return f"00-{_rand_hex(16)}-{_rand_hex(8)}-01"
+
+
+def parse_traceparent(tp: str | None) -> dict[str, Any]:
+    if not tp or tp.count("-") != 3:
+        return {"valid": False, "raw": tp}
+    ver, trace_id, span_id, flags = tp.split("-")
+    return {"valid": len(trace_id) == 32 and len(span_id) == 16,
+            "version": ver, "trace_id": trace_id, "span_id": span_id, "flags": flags, "raw": tp}
+
+
+# rolling log of last N trace ids seen on this Space (for the /mesh visualizer)
+_TRACE_LOG: deque[dict[str, Any]] = deque(maxlen=50)
+
+
+def record_trace(tp: str, path: str, direction: str) -> None:
+    _TRACE_LOG.append({
+        "traceparent": tp,
+        "trace_id": parse_traceparent(tp).get("trace_id"),
+        "path": path,
+        "direction": direction,  # "in" | "out"
+        "ts_utc": datetime.now(timezone.utc).isoformat(),
+    })
+
+
+def recent_traces(n: int = 10) -> list[dict[str, Any]]:
+    return list(_TRACE_LOG)[-n:]
+
+
+def install_traceparent_middleware(app, space: str) -> None:
+    """Wire D: extract/generate traceparent, echo on response, record for /mesh."""
+    @app.middleware("http")
+    async def _tp_mw(request, call_next):
+        incoming = request.headers.get("traceparent")
+        tp = incoming if (incoming and parse_traceparent(incoming)["valid"]) else new_traceparent()
+        request.state.traceparent = tp
+        if request.url.path.startswith(("/api/", "/")) and not request.url.path.startswith("/assets"):
+            record_trace(tp, request.url.path, "in")
+        resp = await call_next(request)
+        resp.headers["traceparent"] = tp
+        resp.headers["x-szl-space"] = space
+        return resp
+
+
+def outgoing_headers(request) -> dict[str, str]:
+    """Propagate the current trace on an outgoing cross-Space call (Wire D)."""
+    tp = getattr(getattr(request, "state", None), "traceparent", None) or new_traceparent()
+    record_trace(tp, "outgoing", "out")
+    return {"traceparent": tp}
+
+
+# ---------------------------------------------------------------------------
+# Wire E — a11oy → amaru cortex sync (brand-decision events; SSE on amaru)
+# ---------------------------------------------------------------------------
+
+_CORTEX_EVENTS: deque[dict[str, Any]] = deque(maxlen=100)
+
+
+def publish_brand_decision(decision: dict[str, Any], traceparent: str | None = None) -> dict[str, Any]:
+    """a11oy side of Wire E: publish a brand-decision event for amaru to consume."""
+    evt = {
+        "wire": "E",
+        "type": "brand_decision",
+        "source": "a11oy",
+        "sink": "amaru",
+        "decision": decision,
+        "traceparent": traceparent,
+        "ts_utc": datetime.now(timezone.utc).isoformat(),
+    }
+    _CORTEX_EVENTS.append(evt)
+    return evt
+
+
+def cortex_events(n: int = 10) -> list[dict[str, Any]]:
+    return list(_CORTEX_EVENTS)[-n:]
+
+
+async def cortex_sse_stream(max_events: int = 5, interval_s: float = 0.4):
+    """amaru side of Wire E: SSE generator. Emits buffered events then a heartbeat.
+    Honest: in-memory ring buffer (no external broker wired into the HF Space)."""
+    sent = 0
+    snapshot = list(_CORTEX_EVENTS)[-max_events:]
+    if not snapshot:
+        snapshot = [{"wire": "E", "type": "heartbeat", "source": "amaru",
+                     "note": "no brand-decision events buffered yet (in-memory bus)",
+                     "ts_utc": datetime.now(timezone.utc).isoformat()}]
+    import json as _json
+    for evt in snapshot:
+        yield f"event: cortex\ndata: {_json.dumps(evt)}\n\n"
+        sent += 1
+        time.sleep(0)  # cooperative; real await handled by caller framing
+        if sent >= max_events:
+            break
+    yield f"event: done\ndata: {{\"sent\": {sent}, \"wire\": \"E\"}}\n\n"
+
+
+# ---------------------------------------------------------------------------
+# Wire F — a11oy gate decisions → vessels Khipu DAG ingest
+# ---------------------------------------------------------------------------
+
+_KHIPU_DAG: list[dict[str, Any]] = []
+
+
+def _digest(payload: dict[str, Any], parents: list[str]) -> str:
+    import json as _json
+    h = hashlib.sha256()
+    h.update(_json.dumps(payload, sort_keys=True).encode())
+    for p in parents:
+        h.update(p.encode())
+    return h.hexdigest()
+
+
+def ingest_receipt(receipt: dict[str, Any]) -> dict[str, Any]:
+    """vessels side of Wire F: append an a11oy gate-decision receipt to the Khipu Merkle DAG."""
+    parents = [_KHIPU_DAG[-1]["digest"]] if _KHIPU_DAG else []
+    node = {
+        "index": len(_KHIPU_DAG),
+        "wire": "F",
+        "source": "a11oy",
+        "sink": "vessels",
+        "receipt": receipt,
+        "parents": parents,
+        "dsse": {"payloadType": "application/vnd.szl.receipt+json",
+                 "signatures": [{"sig": SIGNATURE_PLACEHOLDER, "keyid": "PENDING"}]},
+        "ts_utc": datetime.now(timezone.utc).isoformat(),
+    }
+    node["digest"] = _digest(receipt, parents)
+    _KHIPU_DAG.append(node)
+    return node
+
+
+def khipu_root() -> str | None:
+    return _KHIPU_DAG[-1]["digest"] if _KHIPU_DAG else None
+
+
+def khipu_nodes(n: int = 10) -> list[dict[str, Any]]:
+    return _KHIPU_DAG[-n:]
+
+
+def emit_gate_decision_receipt(action_id: str, gate: str, lambda_score: float,
+                               fired: list[str], passed: bool) -> dict[str, Any]:
+    """a11oy side of Wire F: build the receipt for a gate decision."""
+    return {
+        "schema": "szl.gate_decision.receipt/v1",
+        "action_id": action_id,
+        "gate": gate,
+        "lambda": round(lambda_score, 6),
+        "gates_fired": fired,
+        "passed": passed,
+        "doctrine": "v10",
+        "ts_utc": datetime.now(timezone.utc).isoformat(),
+        "signature": SIGNATURE_PLACEHOLDER,
+    }
+
+
+# ---------------------------------------------------------------------------
+# Mesh status — for /mesh visualizer
+# ---------------------------------------------------------------------------
+
+def mesh_status() -> dict[str, Any]:
+    return {
+        "doctrine": "v10",
+        "wires": {
+            "B": {"edge": "a11oy↔sentra (immune)", "status": "LIVE", "detail": "/v1/verdict + /v1/inspect"},
+            "C": {"edge": "a11oy↔rosie (receipt stream)", "status": "LIVE", "detail": "/v1/events + Khipu ingest"},
+            "D": {"edge": "W3C traceparent (in-process generation + propagation)", "status": "LIVE_IN_PROCESS",
+                  "detail": "traceparent middleware emits + propagates real W3C ids on every request within each Space; cross-Space distributed-trace broker NOT wired (see a11oy /wires)."},
+            "E": {"edge": "a11oy↔amaru (cortex sync)", "status": "LIVE", "detail": "SSE /api/amaru/v1/cortex-subscribe (in-memory event bus)"},
+            "F": {"edge": "a11oy↔vessels (receipts)", "status": "LIVE", "detail": "POST /api/vessels/v1/receipts/ingest (Khipu Merkle DAG)"},
+        },
+        "recent_traces": recent_traces(10),
+        "cortex_events": cortex_events(10),
+        "khipu_root": khipu_root(),
+        "khipu_nodes": khipu_nodes(10),
+        "coexists_with": "a11oy /wires (sibling Doctrine-v10 surface): /wires is the canonical honest status board (Wire D shown there as NOT YET cross-Space). /mesh adds the in-process traceparent + cortex-SSE + Khipu-receipt live views. No duplication: /mesh LINKS to /wires.",
+        "honesty": "In-memory ring buffers (no external broker in a static HF Space). "
+                   "Trace IDs are real W3C ids generated + propagated in-process; cross-Space distributed tracing is NOT wired. "
+                   "Receipt signatures are PLACEHOLDER (Sigstore CI not wired). Numbers 749/14/163 per Doctrine v10.",
+    }