chore: remove 43MB vendored bloat + add STRATEGY/HERMES/security docs

.github/workflows/security.yml

@@ -0,0 +1,47 @@
+name: security
+
+# Catch leaked secrets and vulnerable dependencies. Runs on every push/PR + weekly.
+# Soft-launch posture: jobs REPORT findings in logs but do not block merges
+# (continue-on-error). Tighten to blocking once the existing dependency tree and
+# git history are cleaned. No untrusted event input is used in any run step.
+
+on:
+  push:
+    branches: ["**"]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions:
+  contents: read
+
+jobs:
+  gitleaks:
+    name: Secret scan (gitleaks)
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Run gitleaks
+        uses: gitleaks/gitleaks-action@v2
+
+  dependency-audit:
+    name: Dependency audit (npm)
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    defaults:
+      run:
+        working-directory: compliance-firewall-agent
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: npm
+          cache-dependency-path: compliance-firewall-agent/package-lock.json
+      - run: npm ci --no-audit --no-fund
+      - name: Audit (reports high+; non-blocking for now)
+        run: npm audit --audit-level=high || true

HERMES.md

@@ -0,0 +1,49 @@
+# HERMES - HoundShield Operating System
+
+This replaces the three dead "beast prompts" (`legacy/BEAST_PROMPT.md`, `KAELUS-BEAST-PROMPT.md`, the old HERMES roster). They produced $0 because the prompt was never the bottleneck. This one is short on purpose, so it actually gets maintained.
+
+Paste nothing. This file plus `CLAUDE.md`, `STATE.md`, and `STRATEGY.md` are loaded by the agent automatically. To continue across a token limit, just say "continue" - the ritual below restores context.
+
+---
+
+## The Prime Directive
+HoundShield exists to get paid by CMMC Level 2 defense subcontractors. Every task answers one question: does this move us toward a booked call, a delivered $499 assessment, or a signed partner? If not, it waits. See `STRATEGY.md`.
+
+## Session Ritual (every session, no exceptions)
+
+**On start:**
+1. Read `STATE.md`, `STRATEGY.md`, and `CLAUDE.md`.
+2. Report in caveman: "Where we were / where we are / what's next" - pulled from STATE.md "Next" list.
+3. Pick the single highest-leverage task. Confirm it serves the Prime Directive.
+
+**On end:**
+1. Update `STATE.md`: move finished items to "Done this session", refresh "Next", "Blockers", append one line to "Session log".
+2. Update `memory/*.md` if a decision, preference, or fact was learned.
+3. Report what changed and the one next action.
+
+## Default behaviors
+- **Caveman by default.** Reply terse (drop articles/filler/pleasantries). Switch off only for: security warnings, irreversible actions, sensitive strategic advice. Code/commits/PRs: write normal.
+- **Counter before you comply.** When asked to build something, first ask: is this the Prime Directive or avoidance? If it smells like meta-work (another prompt, another agent swarm, another doc), say so and propose the customer-facing alternative. The user explicitly wants this pushback.
+- **OODA.** Observe (read first), Orient (does it serve the directive), Decide (binary: build / defer / kill), Act (finish it, test it, ship it).
+- **Boil the ocean on the RIGHT thing.** Once a task is chosen and it serves the directive, do it completely - tests, docs, done. The quality bar is "holy shit, that's done." But completeness applies to the chosen task, not to spawning more scope.
+
+## The small agent team (on-demand, NOT a 12-bot swarm)
+Invoke only when there is real work. They report results, not activity. No surveillance dashboard.
+- **code-reviewer** - after any non-trivial change.
+- **security-auditor** / **compliance-specialist** - before any change to the scanner, CUI patterns, SPRS scoring, or auth.
+- **test-writer** - new features, before merge.
+- **debugger** - a specific error with a stack trace.
+
+(Full defs in `.claude/agents/`. A future Composio-backed research/draft agent may join - guardrails in STRATEGY.md section 7: never `bypassPermissions` near customer data; outbound comms stay founder-reviewed.)
+
+## Hard rules (never break)
+- Build green before commit: `cd compliance-firewall-agent && npm run build`.
+- Never `git push origin main`. Branch only.
+- Never `vercel --prod` without explicit approval.
+- Local-only data boundary is sacred. Prompt content never leaves the customer's machine in Mode B/C.
+- Never claim CUI-safety for Mode A (Vercel).
+- SEO-aware: every new page ships meta + OG + JSON-LD + one H1 + alt text + canonical, and updates the sitemap.
+- No emoji in shipping output. No DIY inline SVG (lucide-react icons are fine).
+
+## Token / continue protocol
+Context is durable in `STATE.md`. If a session is cut off mid-task, the next "continue" reads STATE.md and resumes from "Next". No need to re-explain. Keep STATE.md current - it is the memory, not the chat history.

STRATEGY.md

@@ -0,0 +1,119 @@
+# HoundShield Strategy - The Brutal Truth (2026-06-02)
+
+This document is the founder's compass. It is honest, not flattering. Read it before any session.
+
+---
+
+## 1. The Verdict: Keep the product. Change your behavior.
+
+Your product is more real and better-positioned than you believe. The thing that is broken is not the code, the prompt, the logo, or the SEO. It is that you have built systems to build the thing instead of selling the thing.
+
+**Evidence the product is real and well-aimed:**
+- The live pitch is sharp: "Stop your team from leaking CUI to ChatGPT." That is clearer than most funded competitors lead with.
+- The proxy exists and works: `proxy/scanner.ts` is complete, 16 detection patterns, OODA behavioral engine, 105 tests passing as of Sprint 1.
+- The market timing is a genuine tailwind (see Section 3).
+- The wedge is defensible: cloud DLP tools send Controlled Unclassified Information to their own cloud to scan it, which is itself a potential DFARS 252.204-7012 spill. HoundShield scans locally. For a cash-strapped 50-250 person DoD subcontractor, that is a real reason to pick you over a $50k/year enterprise tool.
+
+**Evidence the behavior is the problem:**
+- `STATE.md`: `mrr_usd: 0`, `pilots paid: 0`, `pilots installed: 0`.
+- You have run zero real customer conversations. You are flying blind on whether the wedge converts.
+- You have written this "unified co-founder beast prompt" at least three times (`docs/BEAST_PROMPT.md` v1.0, `KAELUS-BEAST-PROMPT.md`, the HERMES roster in `CLAUDE.md`). All three produced $0. The prompt was never the bottleneck.
+- The project could not even agree on its own name: `STATE.md` said Kaelus, `tasks/todo.md` said Hound Shield. 20-plus contradictory root docs. That sprawl is the same avoidance wearing a productive costume.
+
+**The honest conclusion is conditional, not a victory lap.** The local-only-for-CMMC-SMB wedge is plausible and underserved by the enterprise-priced incumbents. It is worth a hard 45-day customer-conversation test (Section 5). If that test does not produce booked calls, that is your real kill signal - not the self-imposed June-3 gate you never earned the right to trigger, because you cannot fail an experiment you never ran.
+
+---
+
+## 2. Competitive landscape (where you sit, honestly)
+
+This is a crowded category that is consolidating fast. Treat that as proof the market is real, and as a warning that you cannot win on features.
+
+| Competitor | What they are | Why it matters to you |
+|---|---|---|
+| Nightfall AI | Cloud-native DLP, ML classifiers, now covers GenAI (ChatGPT/Copilot/Gemini/Claude) | Closest functional overlap. But cloud-based: sends data out to scan. Your wedge is exactly this gap for CUI. |
+| Prompt Security | AI firewall / prompt-injection + DLP | Reported acquired by SentinelOne (2025). Enterprise-priced, enterprise-sold. Not chasing 50-person DoD subs. |
+| Lakera | LLM security / guardrails | Reported acquired by Check Point (2025). Developer/AppSec focus, not CMMC compliance evidence. |
+| Robust Intelligence | LLM runtime firewall, red-teaming | Acquired by Cisco (2024). Now part of a platform sale. |
+| Cyberhaven, Harmonic, Witness AI, Guardion | Data-lineage DLP, GenAI governance | Funded, enterprise. None lead with "local-only CUI for the small DoD sub who legally cannot use cloud DLP." |
+
+**Read of the board:** The big players are getting acquired into enterprise security platforms and selling up-market. Nobody is fighting hard for the underserved bottom of the defense-contractor market: the 50-250 person sub who has a CMMC deadline, a tiny budget, and a legal reason to refuse cloud scanning. That is your lane. It is narrow and it is real. You will not out-engineer Cisco; you can out-focus them on this one buyer.
+
+Sources: [Guardion AI security index](https://guardion.ai/ai-security-index/alternatives), [Respan market map - Prompt Security alternatives](https://www.respan.ai/market-map/prompt-security/alternatives), [EM360 enterprise AI model security 2026](https://em360tech.com/top-10/enterprise-ai-model-security-tools), [Cyberhaven - best enterprise DLP for AI 2026](https://www.cyberhaven.com/blog/best-enterprise-dlp-tools-ai-data-risk).
+
+---
+
+## 3. Why the timing is good (the tailwind is real)
+
+- The CMMC 2.0 DFARS final rule became enforceable on **November 10, 2025**.
+- **Phase 2 begins November 10, 2026**: mandatory C3PAO third-party Level 2 assessments start appearing in DoD contracts.
+- DoD estimates **~80,000 contractors** need Level 2 certification.
+- Readiness from gap assessment to a passed C3PAO assessment typically takes **12-18 months**.
+
+Do the math: contractors who want to bid on Level-2 work in late 2026 had to start their readiness work in 2025 or right now. They are actively scrambling in mid-2026. This is the single best moment in the next two years to sell CMMC-adjacent tooling. The window is now, not next year.
+
+Sources: [DoD CIO - About CMMC](https://dodcio.defense.gov/cmmc/About/), [Snell & Wilmer - DFARS final rule](https://www.swlaw.com/publication/department-of-defense-releases-long-awaited-dfars-cybersecurity-final-rule-for-government-contractors-and-subcontractors/), [Wiley - CMMC final rule analysis](https://www.wiley.law/alert-additional-analysis-on-dods-final-rule-for-the-cybersecurity-maturity-model-certification-program), [Dorsey - CMMC Phase 1 begins](https://www.dorsey.com/newsresources/publications/client-alerts/2025/11/cmmc).
+
+---
+
+## 4. Where you are lacking (ranked by what is costing you money)
+
+1. **Distribution, not product.** You have a product and no pipeline. This is 90% of the problem. Every hour on meta-systems is an hour not spent on a buyer.
+2. **Zero proof.** No customer logo, no testimonial, no completed pilot, no signed assessment. You have nothing to point a skeptical buyer at.
+3. **No channel.** One RPO or CMMC-focused MSP partner is worth more than a month of cold outreach. You have started this (`advisory/cold-outreach-batch-1.md`) and not finished it.
+4. **Production reliability.** Auth/observability routes were 500ing in production (Supabase key mismatch - fixed in this overhaul). A security product that 500s loses trust instantly.
+5. **Doc/identity chaos.** Fixed in this overhaul: one name (HoundShield), one CLAUDE.md, one STATE.md, one HERMES.md.
+
+---
+
+## 5. The 45-day experiment (this replaces the fake kill gate)
+
+The old kill gate ("June 3, pivot to healthcare if $0 paid") was meaningless because you never ran the experiment that would justify it. Here is the real one. It is a commitment device, not a permission slip.
+
+**Days 1-14:**
+- Finish the named-target list from `advisory/cold-outreach-batch-1.md` (10-20 real people, hand-verified on LinkedIn).
+- Send personalized, founder-written emails. Low volume. High personalization. No automation.
+- Goal: **3 discovery calls booked.**
+
+**Days 1-14 (parallel):**
+- Sell ONE `$499 CMMC AI Risk Assessment Report` (Section 6, idea 1). Cash + a reference customer in two weeks.
+
+**Days 15-45:**
+- Run the discovery calls. Get one contractor to install the proxy and generate a CMMC evidence PDF.
+- Sign one RPO/MSP referral conversation toward a partnership.
+
+**The real kill signal:** If after 45 days of actually doing this you have <30 conversations attempted and 0 booked calls, the wedge is not converting and you pivot or stop. Not before. You do not get to quit on theory.
+
+---
+
+## 6. Three honest ways to make money (fastest cash first)
+
+1. **$499 one-time CMMC AI Risk Assessment Report.** A fixed-scope, two-week engagement: deploy HoundShield in the customer's environment, run it, hand back a signed PDF mapped to NIST 800-171 Rev 2 controls. Bypasses procurement (it is under most discretionary-spend limits). Gets you cash AND a reference customer AND proof the product works on real infrastructure. This is your wedge to first revenue. Build the `/assessment` funnel page (done in this overhaul).
+
+2. **RPO / CMMC-MSP referral channel.** Firms like Summit 7, MAD Security, CyberSheath, CompliancePoint, Steel Root, Etactics each have 20-100 defense-contractor clients actively buying compliance help. One signed partner = 20-50 warm leads. Offer 40-50% revenue share. NEVER target C3PAOs as partners - they are legally barred from endorsing products under 32 CFR Part 170 / CMMC conflict-of-interest rules.
+
+3. **Browser-extension freemium to Pro.** You already scaffolded `browser-extension/`. A free extension that flags CUI before paste is lower-friction than the proxy, gets you top-of-funnel users and email addresses, and converts to the $199-$999 subscriptions once the buyer trusts you. This is the wide end of the funnel; the assessment is the sharp end.
+
+---
+
+## 7. Three things we are NOT building, and why
+
+You asked me to counter your requests and explain. Here is the counter.
+
+1. **No automated email/phone-scraping cold-outreach bot.** For a compliance company this is brand suicide and likely illegal. CAN-SPAM requires opt-out and a physical address. TCPA carries $500-$1,500 in statutory damages PER text or call. GDPR/CASL apply to anyone non-US. "The compliance company that spammed me" is a death sentence in a trust-based B2B niche. And it does not work: DoD security managers do not buy $6k/year tools from AI blasts. Replacement: founder-led, hand-researched, low-volume outreach.
+
+2. **No 12-bot always-on swarm with a founder surveillance dashboard.** It is a token bonfire with zero revenue link. You already have 8 agents that produced $0. More bots is not more money. "Watching agents work" is productivity theater. Replacement: a small on-demand agent team (build, review, test, research) invoked when there is real work.
+
+3. **No promise of Google #1 or "every AI cites us" in 7 days.** SEO and generative-engine optimization take months. Your brand term "HoundShield" is rankable in days (and the SEO foundation in this overhaul gets you there). Category terms like "CMMC AI DLP" are a 3-6 month content-and-backlinks game. Anyone who promises 7-day #1 for competitive terms is lying.
+
+**Also set aside:** selling to Mossad / Israel as a GTM, and building a native mobile app now. The 80,000 US DoD contractors with a hard Nov-2026 deadline are the reachable buyers. The browser extension is the right "edge" play. "Mossad level" is the quality bar, not the customer.
+
+---
+
+## 8. Realistic timeline (no fantasy dates)
+
+- **This week:** ship the overhaul (bug fix, consolidation, SEO, security, UI). Finish the cold-outreach list. Send first 10 emails.
+- **14 days:** first `$499` assessment sold and delivered. 3 discovery calls booked.
+- **45 days:** 1 installed pilot generating a CMMC PDF. 1 RPO/MSP partner conversation advanced. This is the real go/no-go.
+- **90-180 days:** first subscription contracts close (this is the honest length of a defense compliance sales cycle - your own primer says so).
+
+The product is not the question anymore. The only question is whether you will pick up the phone. Everything in this repo from here forward should serve that one act.

compliance-firewall-agent/components/landing/__tests__/HeroSection.test.tsx

@@ -1,5 +1,5 @@
 import { render, screen } from "@testing-library/react";
-import { describe, it, expect, vi } from "vitest";
+import { describe, it, expect, vi, beforeAll, afterAll } from "vitest";
 
 // Mock Next.js dynamic (PlatformDashboard is SSR:false)
 vi.mock("next/dynamic", () => ({
@@ -22,6 +22,17 @@ vi.mock("framer-motion", () => ({
 import { HeroSection } from "../HeroSection";
 
 describe("HeroSection", () => {
+  // Freeze the clock so the "days until CMMC Phase 2 (Nov 10, 2026)" countdown
+  // is deterministic. Without this the snapshot drifts by one every calendar
+  // day and CI goes red on any day except the one the snapshot was generated.
+  beforeAll(() => {
+    vi.useFakeTimers();
+    vi.setSystemTime(new Date("2026-06-02T12:00:00Z"));
+  });
+  afterAll(() => {
+    vi.useRealTimers();
+  });
+
   it("renders the main headline", () => {
     render(<HeroSection />);
     // Headline text is split across spans; match a substring that's all in one node

compliance-firewall-agent/components/landing/__tests__/__snapshots__/HeroSection.test.tsx.snap

@@ -101,7 +101,7 @@ exports[`HeroSection > matches snapshot 1`] = `
           <span
             class="text-xs font-mono text-amber-400"
           >
-            161
+            160
              days until CMMC Phase 2 enforcement (Nov 10, 2026)
           </span>
         </div>