sporePrint

The public-facing science site for ecoPrimals — sovereign scientific computing.

Live site: primals.eco Sovereign primary: golgiBody-ext VPS (137.184.197.151) via Caddy + Let's Encrypt Trailing shadow: GitHub Pages (extracellular mirror, will be archived after NS cutover)

Deployment Architecture

Gate pushes to Forgejo → K-Derm relay chain → golgiBody-ext
  1. Forgejo post-receive hook fires
  2. peptidoglycan relays to golgiBody-ext
  3. ext-github-push.sh pushes to GitHub (trailing shadow)
  4. sporeprint-rebuild.sh pulls + zola build (sovereign primary)
  5. Caddy serves from public/ (auto-TLS via Let's Encrypt)
  
Backup: systemd timer rebuilds every 15 minutes

Stack

• Zola 0.22.1 — Rust static site generator (single binary, zero deps)
• spore-validate — Rust validation + certification crate (20 modules, 122 tests, zero C deps)
• petalTongue viz pipeline — Server-rendered SVG with WASM progressive enhancement
• Markdown + TOML front matter — human-readable, AI-parseable content
• Custom theme — Catppuccin Mocha/Latte, system fonts, dark/light, zero external deps
• Caddy — TLS termination + file serving on golgiBody-ext
• Knot DNS — Sovereign DNSSEC (ns1/ns2.primals.eco) with CAA for Let's Encrypt

Local Development

# Prerequisites: Zola 0.22+, Rust toolchain 1.85+

zola serve             # http://127.0.0.1:1111
zola build             # output to public/

# Validation (Rust — typed, pedantic, 90%+ coverage)
cd crates/spore-validate
cargo build --release
cargo run -- validate                    # registry + totals + taxonomies
cargo run -- validate --check --verbose  # + shortcode scan + entity report
cargo run -- check-links                 # internal link integrity
cargo run -- render-notebooks --discover # Jupyter → Zola markdown
cargo run -- fetch-refresh --write       # clone upstream, update metrics
cargo run -- graph --emit                # entity graph → static/graph/
cargo run -- certify --emit              # guideStone manifest → static/certification/

Structure

sporePrint/
├── config.toml          # Zola config + entity_registry (66 entities) + totals
├── sources.toml         # Upstream repo map (GitHub + Forgejo origins)
├── content/             # 205 Markdown pages with TOML front matter
│   ├── science/         # 31 baseCamp companion papers
│   ├── architecture/    # 18 pages: catalogs, inventory, topology, deployment, certify
│   ├── lab/             # 128 pages: spring hubs, notebooks, spore gallery
│   ├── products/        # blueFish, esotericWebb, helixVision, lattice QCD
│   ├── guidestone/      # guideStone verification class
│   ├── audience/        # PI, student, builder, compliance guides
│   ├── methodology/     # Constrained evolution, K-NOME, playbooks
│   ├── technical/       # Hardware, grants, pipelines
│   ├── glossary/        # Plain-language ecosystem glossary
│   ├── philosophy/      # atlasHugged integration (the "why")
│   └── sitemap/         # Full site navigation
├── templates/           # 14 Tera HTML templates + shortcodes
├── sass/css/            # SCSS partials → compiled by Zola (nav, layout, landing, etc.)
├── static/
│   ├── css/             # (generated by Zola Sass compilation — do not hand-edit)
│   ├── js/              # viz-hydrate.js (WASM progressive enhancement)
│   ├── wasm/            # petal-tongue-wasm (client-side scene rendering)
│   ├── gonzales/        # DEPRECATED: Interactive science explorer → petalTongue
│   ├── certification/   # guideStone manifest (generated by certify)
│   └── graph/           # Entity graph JSON (generated by graph)
├── crates/
│   └── spore-validate/  # Rust crate: 20 modules, 115 tests, zero C toolchain
├── specs/               # Internal standards (not built by Zola)
└── .github/workflows/   # deploy.yml, auto-refresh.yml

spore-validate

Pure Rust validation binary — #![forbid(unsafe_code)], clippy pedantic+nursery zero warnings, 115 tests, zero C toolchain dependencies. 3.3M release binary (LTO+strip).

Subcommand	Purpose
validate	Registry field checks, totals sums, taxonomy tags, content lint
validate --check	+ shortcode scan + internal link validation
validate --strict	Promote warnings to errors
validate --verbose	+ full entity report with all fields
graph [--emit]	Build typed entity graph (renvois de choses), optionally emit JSON
certify [--emit]	guideStone certification manifest — compute BLAKE3 Merkle, emit/validate
provenance	BLAKE3 content hashing + drift detection (--write/--verify/--diff)
cas-manifest [--emit]	BLAKE3 hash Zola build output for NestGate CAS
cas-push [--generate]	Push build artifacts to NestGate CAS via UNIX socket
discover	Show self-capabilities and discover peer primals
refresh <repos_root>	Cross-repo metric drift detection
refresh --write	Auto-update config.toml with current metrics
fetch-refresh	Clone upstream repos → refresh in one step
render-notebooks	Jupyter .ipynb → Zola markdown (pure JSON parse)
render-notebooks --discover	Auto-find notebooks via .gate workspace walk
check-links	Validate all @/ internal links

Self-Certification (guideStone)

sporePrint certifies its own published claims. The certification manifest at /certification/manifest.json contains entity counts, edge counts, a BLAKE3 Merkle root of the entity graph, and content page totals.

# Verify the site independently:
git clone https://github.com/ecoPrimals/sporePrint.git && cd sporePrint
cargo run --manifest-path crates/spore-validate/Cargo.toml -- certify
# Compare graph_merkle with https://primals.eco/certification/manifest.json

Auto-Refresh

Sovereign (primary)

source repo push → Forgejo → relay chain → golgiBody-ext
  → sporeprint-rebuild.sh pulls from Forgejo + zola build
  → Caddy serves updated public/ (zero downtime)

GitHub (trailing shadow — will be archived)

source repo push → notify-sporeprint.yml → repository_dispatch
  → sporePrint auto-refresh.yml
    → clone source, run spore-validate refresh --write
    → commit config.toml if changed
    → deploy.yml → certify → zola build → GitHub Pages

Adding Content

Every page is a Markdown file with TOML front matter:

+++
title = "Page Title"
description = "Short description for listings and search"
date = 2026-06-01
+++

Your content here...

Evolution Roadmap

Wave 66+ — Sovereign Self-Hosting

• VPS rebuild pipeline (Forgejo → zola build → Caddy)
• systemd timer (15-min fallback rebuild)
• Sovereign DNS records (primals.eco → golgiBody-ext)
• Caddy TLS config with Let's Encrypt
• DNS registrar NS cutover to ns1/ns2.primals.eco
• Archive GitHub Pages deploy workflow to fossilRecord

Wave 67 — Nest Atomic / Pure-Primal Evolution (Complete)

• petalTongue DocumentNode types (document.rs in petal-tongue-scene)
• Content rendering pipeline (TOML front-matter + markdown → DocumentNode)
• Entity shortcode resolution against registry
• Document modality compilers (HTML visual + description accessibility)
• Web content route with Accept header negotiation
• sporeprint_composition.toml deploy graph in projectNUCLEUS
• primalSpring validation scenario (sporeprint-pure-primal-parity)
• content-direct backend — filesystem reader for local validation
• Entity registry loader (config.toml → HashMap<String, EntityRegistryEntry>)
• Navigation tree builder (content dir walk → NavSection sidebar)
• validate_parity.sh — 22-check parity validation (PT vs Zola: 22/22 pass)
• VPS petalTongue deployment (eastGate: Caddy → petalTongue:8080)

Wave 68 — Deep Debt + Viz Modularization (Complete)

• LazyLock statics replace 3 production unwrap/expect calls
• Notebook hardcoded paths parameterized (ECOPRIMALS_ROOT env var)
• VizRegistry: capability-based discovery replaces hardcoded viz routes
• viz_data.rs split into entity_graph.rs, kderm.rs, nucleus.rs modules
• Parity test evolved to Rust (tests/parity.rs, 6 integration tests)
• refresh-metrics.sh + validate_parity.sh marked deprecated (Rust supersedes)
• gonzales/ marked deprecated with migration timeline (→ petalTongue)
• Live ecosystem visualizations (entity graph, K-Derm, NUCLEUS)
• WASM progressive enhancement (pan/zoom/animate on client)

Wave 69 — Sovereign Evolution (Complete)

• CSS modularized to SCSS partials (Zola compile_sass)
• auto-refresh.yml wired to Rust (no shell scripts in CI)
• ForgeArchiveBackend — pure-Rust HTTP fetch for sovereign Forgejo
• Certification manifest deserialization fix (dual-field compat)

Wave 70 — Pure Dependencies + Typed Returns (Complete)

• blake3 pure feature — eliminates cc from build graph entirely
• sources.toml synced with all repos in entity registry
• paths.rs constants module (single source of truth)
• fetch_and_refresh() returns typed Result<FetchResult, Error>
• Link resolution deduplicated, avoidable clones eliminated
• 7 new integration tests (check-links, graph, certify, provenance)

Wave 73–74 — CAS Integration + Discovery (Complete)

• cas-manifest subcommand — BLAKE3 hash all Zola build outputs
• cas-push subcommand — push to NestGate CAS via UNIX socket (JSON-RPC 2.0)
• discover subcommand — self-knowledge + runtime peer discovery
• commands.rs extraction — main.rs 745L → 245L
• ForgeKind — capability-based forge detection (not hardcoded)
• VcsBackend::pull_repo accepts URL — ForgeArchiveBackend re-downloads
• Release profile: LTO + strip + codegen-units=1 → 3.3M binary
• Pre-cutover VPS live test: 245 pages, 66ms TTFB, all sections 200
• Build→deploy pipeline design (specs/BUILD_DEPLOY_PIPELINE.md)
• 115 total tests (89 unit + 23 integration + 3 refresh)

Future — Live Science Surface

• DNS NS cutover → archive GitHub Pages workflow
• CAS route registration (path→hash mapping for NestGate HTTP serving)
• petalTongue renders live dashboards from primal APIs
• Forgejo webhook triggers sovereign CI rebuild (no GitHub Actions)
• gonzales/ data migrated to entity-graph or NestGate CAS

License

• Code: AGPL-3.0-or-later
• Documents: CC-BY-SA 4.0
• Combined: scyBorg triple-copyleft (AGPL-3.0 + CC-BY-SA-4.0 + ORC provenance)