A source-grounded engineering audit. Code quality, test coverage, architecture rigor, transparent privacy gate, modular platform components, multiple-source-of-truth design, operational maturity. Numbers harvested live from the repo, not asserted.
Every claim cites a factor spec, service spec, architecture document, file path, or commit SHA. Numbers come from a live git log, find … -name '*.test.js', and direct file reads. Nothing inflated; nothing rounded up.
3,508 tests passing as of the latest declared green run (commit 7054d53). 163 test files across 5 suites: smoke (124), electron (16), sieve (10), contracts (8), tack (4), plaid (1).
1,093 commits in the trailing 30 days (~36/day). 225 unique TRK issues touched. Release v1.0.49 cut 2026-04-30.
Source LOC: app/js 34,047 · electron 6,325 · sieve 3,072 · contracts 1,833.
10 factor specs (1,667 lines under specs/refactored/v3/F01-F10) plus a 2,652-line specs/ui-platform.yaml. Service specs at specs/services/{chat,family-chat,document-import,tack}/. Architecture spec at specs/architecture/cross-platform-contracts.md.
Cross-platform shared TS contracts in packages/contracts/. Strict TypeScript, no any. DTOs are byte-equivalent across web, Mac, iPhone.
Facade pattern via Sift.facades registry. Single entry per category of operations.
Test/source ratio in the app layer: 133 tests against 44 source files, ~3:1.
Smoke-test enforcement of cross-cutting rules: registry-validation, ui-topbar, asar-completeness, parser-bundle-parity, icon-url-paths. The CSS-literals scanner and MSoT-baseline ratchet catch drift at PR time.
Operational knowledge cached in .codex/cache/. Component lookup costs ~500 tokens vs ~34K for a full re-explore.
Two-layer privacy gate. Layer A: every fetch() in the app routes through an instrumentation wrapper that logs hostname / endpoint / bytes. Layer B: macOS proc_pid_rusage reports actual bytes-out. Mismatches surface as violations on a 30-day rolling log.
14 enumerated never-collected items in F05-privacy.yaml:39-53. Auditable contract. Zero Sift-operated server.
Action-log: 33 ActionType events, flat scalars only, <8 keys per event. Amounts, credentials, PII, raw paths, search queries are NEVER recorded.
Each domain has exactly one authoritative store, all local-first and platform-native.
Sync correctness primitives in packages/contracts/src/sync/: HLC, history[], code-registry, mint-policy, transaction-mints. Correct under clock skew + partial connectivity.
54 scripts in scripts/. 31 skills in .claude/skills/. 7 codex caches.
Tack lifecycle: open → in_progress → waiting → review → done. Heartbeat protocol keeps the dashboard fresh. Cross-machine sync via SSH + bundle transfer (no GitHub auth required).
Daily sync routine, KB system across 5 stores (smoke / skill / gotcha / auto-memory / codex), /update-kb routes learnings.
git log), not 4. Hand-written code is framed honestly as "AI-paired across every commit, every line human-reviewed" — not as the misleading "0 lines hand-written" used in earlier reports.
Embedded below. Right-click → Save As, or use the download button at the top, to keep an offline copy.