S279: root docs update, debris cleanup, handoff hygiene

Docs: README/DOCUMENTATION updated to S279 (test count 9,156+, S279
entries added to Recently Completed and Current State, showcase tree
entry → fossil pointer, Last Updated → S279).
Debris: showcase/ directory removed (fossilized S275). Stale ignore
patterns (.gitignore, .cursorignore, .cleanignore, tarpaulin.toml)
cleaned. Dangling server bench target removed. Migration doc TODO/todo!()
replaced with completed code. S278B handoff archived (2 active, 42 archived).

Co-authored-by: Cursor <cursoragent@cursor.com>

Author: BiomeOS Developer

.cleanignore

@@ -18,8 +18,6 @@ Cargo.lock
 # Source code
 crates/
 examples/
-showcase/
-benches/
 docs/
 specs/
 scripts/

.cursorignore

@@ -1,14 +1,11 @@
 # =============================================================
 # Cursor index reduction — source code only.
-# Archived showcase/doc directories removed from tree (S139+).
 # =============================================================
 
 # --- Build artifacts ---
 target/
 
 # --- Binary/data files ---
-showcase/**/*.bin
-showcase/**/*.npz
 **/*.csv
 **/*.json
 !biome.yaml

.gitignore

@@ -50,10 +50,6 @@ credentials.json
 *.idx1-ubyte
 *.gz
 
-# Binary showcase data (688 MB)
-showcase/**/*.bin
-showcase/**/*.npz
-
 # Pipeline validation output (generated, not source)
 pipeline_validation_actual_hardware.*
 actual_gpu_validation.*

DOCUMENTATION.md

@@ -1,6 +1,6 @@
 # ToadStool Documentation Hub
 
-**Last Updated**: May 2026 — S278
+**Last Updated**: May 2026 — S279
 
 ---
 
@@ -30,11 +30,11 @@ These root documents were **fully resolved** and **fossilized** in wateringHole
 
 ---
 
-## Current State (S277 — May 2026)
+## Current State (S279 — May 2026)
 
 **Post-budding, dependency-sovereign, IPC-first, fully concurrent, capability-based.** barraCuda is a separate primal at `ecoPrimals/barraCuda/`. ToadStool is the hardware infrastructure layer — GPU/NPU/CPU discovery, capability probing, workload orchestration, and shader dispatch.
 
-- **23,000+ tests** (9,161+ lib-only), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
+- **23,000+ tests** (9,156+ lib-only), 0 failures, 0 clippy warnings, 0 fmt diffs. Full workspace concurrent test suite.
 - **88 JSON-RPC methods** (direct) + semantic registry. Wire Standard L3 (partial): `cost_estimates`, `operation_dependencies`. **Recommended caller timeout: ≥3 seconds** for health probes during startup.
 - **Phase C complete** (S245–S253) — toadstool-cylinder (153 .rs, 700 tests), DRM/MMIO/AMD/NVIDIA/VFIO hardware modules absorbed from `coral-driver`. `OwnedFd` VFIO fd ownership (S253). SwapOrchestrator real quiesce/persist/restore (S253). `toadstool device` CLI with swap/list/status/warm subcommands (S253). GspBridge trait boundary.
 - **Phase D: Sovereign dispatch validated** (S250–S263) — `try_local_dispatch()` via `ComputeDevice` trait before `coral_client` IPC forward. Full buffer lifecycle. AMD DRM dispatch live. **NV VFIO e2e dispatch validated on Titan V** (S263): warm handoff → VFIO open → channel → DMA roundtrip → GR init. Current frontier: FECS PENDING_CTX_RELOAD.
@@ -45,13 +45,16 @@ These root documents were **fully resolved** and **fossilized** in wateringHole
 - **Deep Debt** (S240–S273) — All Duration literals extracted to named constants. `CORALREEF_*` env vars deprecated with `TOADSTOOL_*` primaries + deprecation warnings (S253). Zero `#[allow(deprecated)]` remaining. All lint attrs have `reason`. Zero production mocks/TODO/FIXME/unreachable!(). All unsafe SAFETY-documented. `cargo deny check bans` passes clean.
 - **Deep Debt Evolution** (S273) — Production panic surface eliminated (`kernel_health.rs`, dispatch cache, `ember_client.rs`, `secure_enclave`). `dispatch/mod.rs` 1,638→839L via `dispatch/sovereign.rs` extraction. `warm_init.rs` → module dir. 6 CLI `well_known::*` sites migrated to capability-based discovery. VFIO `activity_tracker().record()` wired. hw-safe abstractions validated.
 - **Wave 54: Early Health Responder** (S277) — Health check unresponsive on southGate fixed. Early health responder on pre-bound socket during startup. BTSP not required for health probes.
+- **Deep Debt Evolution III** (S279) — All P0/P1 production panic paths eliminated (4 P0 in sovereign handoff/CE validate, 8 ELF parsing, 3 reagent, signal handlers, network config, module_patch). Legacy capability→primal roundtrip helpers deprecated. Platform status documented as intentional design.
+- **Exp 229: Catalyst Channel** (S279) — Full RM compute channel before warm swap. rm_trigger --channel 16-step Volta recipe. Phase A/B fallback. PCCSR channel scan.
+- **Deep Debt Evolution Sprint** (S278) — 7 oversized files split into module directories (~12,500L refactored). 4 C tools ported to Rust bins. nv/registers/ + nv/rm_abi.rs. StubGspBridge → NoopGspBridge. AMD Vega feature-gated. coral-kmod fossilized. 705 cylinder tests.
 - **Deep Debt Evolution II** (S276) — Remaining production unwrap/expect/unreachable eliminated. `handler/sovereign.rs` 1,003L → module directory. `memmap2` removed from hw-safe (rustix mmap). 3 primal-name type aliases deprecated. `ipc.register` capability list aligned to Node Atomic set.
 - **Capability-based everywhere**: 6 CLI hardcoded primal name sites migrated to capability-based discovery (S273); ~400 intentional legacy-compat refs remain (env fallbacks, serde aliases). 0 production mocks. All production logging via `tracing`.
 - **ecoBin v3.0** — Zero C FFI deps. `deny.toml` ring + async-trait + zstd-sys bans active.
 - **46 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented. Workspace `unsafe_code = "deny"`, **41 crates `forbid`**.
 - **Dual-socket IPC** — `compute.sock` (JSON-RPC primary) + `compute-tarpc.sock` (tarpc hot-path).
 
-See [CHANGELOG.md](CHANGELOG.md) for full session-by-session history (S43–S277).
+See [CHANGELOG.md](CHANGELOG.md) for full session-by-session history (S43–S279).
 
 ---
 

README.md

@@ -42,7 +42,7 @@ Nest    = Tower  + Storage            <- storage
 | `cargo fmt --all -- --check` | 0 diffs |
 | `cargo clippy --workspace --all-targets -- -D warnings` | 0 warnings |
 | `cargo doc --workspace --no-deps` (RUSTDOCFLAGS="-D warnings") | 0 warnings |
-| `cargo test --workspace` | **23,000+ tests, 0 failures** (9,158+ lib-only), **~222** ignored (hardware-gated); full workspace ~7m |
+| `cargo test --workspace` | **23,000+ tests, 0 failures** (9,156+ lib-only), **~222** ignored (hardware-gated); full workspace ~7m |
 | Doctests | All passing (common, core, server, cli, testing, display) |
 | Standalone clone test | Pull to any machine, `cargo test` works (GPU-optional, CPU fallback, device-lost resilient) |
 | `unsafe` blocks | **46 actual** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented (S204, reconciled S221); workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`; **all lint attrs have `reason =`** (S211+S213) |
@@ -243,7 +243,7 @@ toadStool/
 |   +-- testing/                   Chaos, fault, property-based testing (proptest)
 |   +-- management/                Analytics, monitoring, resources (real ResourceManager with toadstool-sysmon)
 +-- (fossils at ecoPrimals/infra/wateringHole/fossilRecord/)
-+-- showcase/                      Demos (RBF, neuromorphic, GPU, FHE)
++-- (showcase/ fossilized S275 → fossilRecord/primals/toadStool/showcase_wave49/)
 +-- docs/                          Architecture, guides, audits, ADRs
 +-- specs/                         Technical specifications
 ```
@@ -273,7 +273,7 @@ toadStool/
 | Clippy pedantic warnings | 0 (workspace-wide `clippy::pedantic` clean; `#[expect]` evolution S131+) |
 | Doc warnings | 0 |
 | Build warnings | 0 |
-| Workspace tests | **23,000+**, 0 failures (9,158+ lib-only) |
+| Workspace tests | **23,000+**, 0 failures (9,156+ lib-only) |
 | Lib-only line coverage | ~83.6% |
 | Full workspace test time | ~7m (unlimited parallelism, `cfg!(test)` fast timeouts; GPU crates have NVK resilience wrappers) |
 | `unsafe` blocks | **46 actual** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented (S204, reconciled S221); workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]` |
@@ -295,13 +295,15 @@ toadStool/
 **We are still evolving.** barraCuda (separate primal) owns all math and shaders. ToadStool focuses on hardware discovery, capability probing, and workload orchestration. All 5 spring handoffs absorbed.
 
 ### Active / Next
-- **Test coverage** -- pushing toward 90% target; 23,000+ tests (9,158+ lib); ~83.6% lib-only line (185K lines instrumented); remaining gap: hardware-dependent paths (VFIO, DRM, V4L2), specialty runtimes
+- **Test coverage** -- pushing toward 90% target; 23,000+ tests (9,156+ lib); ~83.6% lib-only line (185K lines instrumented); remaining gap: hardware-dependent paths (VFIO, DRM, V4L2), specialty runtimes
 - **Sovereign VFIO dispatch** -- NVIDIA VFIO PBDMA dispatch wired via QMD (S258–S259); `device.vfio.open` + `device.vfio.roundtrip` JSON-RPC endpoints live; e2e validated on Titan V (S263)
 - **DF64 / ComputeDispatch** -- transferred to barraCuda team (S93); toadStool serves hardware capabilities
 - **Sovereign compiler Phase 4+** -- register pressure estimation, loop software pipelining (barraCuda)
 - **NUCLEUS crypto integration** -- compute payloads encrypted via Tower `crypto.encrypt`/`crypto.decrypt` (S205); **self-registration with Songbird** via `DISCOVERY_SOCKET` + `ipc.register` at startup (S207)
 
 ### Recently Completed
+- **S279 (May 27, 2026)**: **Deep Debt Evolution III: Panic Path Elimination + Capability Hardening** — All P0/P1 production panic paths eliminated (sovereign handoff handler, pipeline tier, CE validate, ELF parsing, reagent, signal handlers, network config, module_patch). Legacy capability→primal roundtrip helpers deprecated. Platform status documented as intentional design. SAFETY comments verified complete. **9,156+ lib tests, zero clippy.**
+- **S279 (May 27, 2026)**: **Exp 229: Catalyst Channel** — Full RM compute channel before warm swap (FECS ACR blocker). rm_trigger --channel 16-step Volta recipe. RmChannelEvidence + PCCSR scan. Phase A/B fallback in open_vfio.rs. 705+864 tests.
 - **S278 (May 27, 2026)**: **Deep Debt Evolution Sprint: Module Extraction + C→Rust + ABI Absorption** — Split 7 oversized files into module directories (sovereign_handoff 2,860L→11 modules, module_patch 2,020L→11, compute_device 2,072L→11 with gr_ungating/pbdma dedup, sovereign_stages 1,861L→7, guarded_sysfs 1,561L→5, channel/mod 1,117L→4, handler/sovereign 1,004L→6). Ported 4 userspace C tools to Rust bins (rm_trigger, sovereign_acr_boot, sovereign_pmu_boot, capture_pmu_falcon). Created `nv/registers/` (12 domain submodules) and `nv/rm_abi.rs` (canonical RM ABI types from coral-kmod). Evolved `StubGspBridge` → `NoopGspBridge` with capability guidance. Gated AMD Vega behind feature. Fossilized coral-kmod. **705 cylinder tests, zero clippy, zero userspace C.**
 - **S276 (May 26, 2026)**: **Deep Debt Evolution II — Unwrap Elimination, Sovereign Split, memmap2 Removal** — Eliminated remaining production unwrap/expect/unreachable: sovereign.rs 2x unwrap, mmio_region.rs expect, dma.rs Drop expect, diagnostic interpreter 6x expect, permissions.rs expect, dispatch unreachable!(). `handler/sovereign.rs` (1,003L, 11 handlers) → module directory (init/snapshot/capture). `memmap2` removed from hw-safe — `safe_mmap.rs` rewritten on rustix. 3 stale primal-name type aliases deprecated. `ipc.register` capability list aligned to Node Atomic set. 13 upstream clippy warnings absorbed. **88+ JSON-RPC methods. 9,158+ lib tests, zero clippy.**
 - **S275 (May 25, 2026)**: **Wave 49: Ecosystem Tightening** — Showcase fossilized (35 files → fossilRecord). wateringHole consolidated (36 handoffs mirrored, archive/ created). Stale deploy patterns fixed (4 files → plasmidBin). Startup latency optimized (deferred wgpu, pre-bound socket). toadstool.toml HTTP-era template fossilized. Docs fossil-tagged.
@@ -352,7 +354,7 @@ See [CHANGELOG.md](CHANGELOG.md) for full session-by-session detail.
 
 | ID | Description | Status |
 |----|-------------|--------|
-| D-COV | Test coverage → 90% | Active — 23,000+ tests (9,158+ lib); ~83.6% lib-only line (185K instrumented); remaining gap: hardware-dependent paths (VFIO, DRM, V4L2, akida) |
+| D-COV | Test coverage → 90% | Active — 23,000+ tests (9,156+ lib); ~83.6% lib-only line (185K instrumented); remaining gap: hardware-dependent paths (VFIO, DRM, V4L2, akida) |
 | D-BTSP-PHASE3 | BTSP encrypted post-handshake channel | **RESOLVED** (S215+S218) — ChaCha20-Poly1305 encrypted channel implemented, transport switch verified |
 
 ### Resolved (S94b)
@@ -395,7 +397,7 @@ See [DEBT.md](DEBT.md) for full register and evolution paths.
 
 ---
 
-**Last Updated**: May 2026 — S276. **23,000+** workspace tests, 0 failures (9,149+ lib-only). ~83.6% lib-only line coverage (target 90%). **88 JSON-RPC methods** (direct) + semantic registry. AGPL-3.0-or-later. Zero C FFI deps (ecoBin v3.0). Zero userspace C in primal codebases. **46 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented; workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`. **Zero production panics/expects**. Zero production TODO/FIXME/HACK. **705 cylinder tests.** `nv/registers/` (12 domain submodules), `nv/rm_abi.rs` (canonical RM ABI). `NoopGspBridge` (was `StubGspBridge`). AMD Vega feature-gated. coral-kmod fossilized. IPC-first JSON-RPC. Rust 1.85+ (edition 2024). **Phase D dispatch live** (S254–S263). **Capability-based discovery compliant** per `CAPABILITY_BASED_DISCOVERY_STANDARD.md` v1.3.
+**Last Updated**: May 2026 — S279. **23,000+** workspace tests, 0 failures (9,156+ lib-only). ~83.6% lib-only line coverage (target 90%). **88 JSON-RPC methods** (direct) + semantic registry. AGPL-3.0-or-later. Zero C FFI deps (ecoBin v3.0). Zero userspace C in primal codebases. **46 unsafe blocks** (all in hw-safe/GPU/VFIO/display/plugin containment crates); all SAFETY-documented; workspace `unsafe_code = "deny"`, **41 crates `forbid`** + 5 hw crates with narrow `#[allow(unsafe_code, reason)]`. **Zero production panics/expects**. Zero production TODO/FIXME/HACK. **705 cylinder tests.** `nv/registers/` (12 domain submodules), `nv/rm_abi.rs` (canonical RM ABI). `NoopGspBridge` (was `StubGspBridge`). AMD Vega feature-gated. coral-kmod fossilized. IPC-first JSON-RPC. Rust 1.85+ (edition 2024). **Phase D dispatch live** (S254–S263). **Capability-based discovery compliant** per `CAPABILITY_BASED_DISCOVERY_STANDARD.md` v1.3.
 
 ---
 

crates/server/Cargo.toml

@@ -129,10 +129,6 @@ name = "tarpc_server_coverage_expansion_tests"
 path = "tests/tarpc_server_coverage_expansion_tests.rs"
 required-features = ["test-mocks"]
 
-[[bench]]
-name = "jsonrpc_throughput"
-harness = false
-
 [lints]
 workspace = true
 

docs/architecture/MIGRATION_PATTERN_SECURITY_PROVIDER_BACKEND.md

@@ -78,15 +78,39 @@ impl AuthBackend for SecurityProviderBackend {
     }
 
     async fn request_token(&self, request: &TokenRequest) -> ToadStoolResult<AuthenticationToken> {
-        // Use SecurityProvider to create token (via permission system)
-        // TODO: Implement using provider.create_permission()
-        todo!("Implement token request via SecurityProvider")
+        // Migration complete: issue token via SecurityProvider permission system
+        use toadstool_distributed::security_provider::{
+            PermissionRequest, PermissionScope,
+        };
+
+        let permission_request = PermissionRequest {
+            requester_id: request.requesting_primal.clone(),
+            target: ExternalTarget::BiomeOs,
+            scope: PermissionScope::from_scopes(&request.scope),
+            validity_duration: std::time::Duration::from_secs(3600),
+            delegation_info: None,
+        };
+
+        let permission = self.provider.create_permission(permission_request).await?;
+        AuthenticationToken::from_security_permission(permission, request)
     }
 
     async fn refresh_token(&self, request: &TokenRefreshRequest) -> ToadStoolResult<AuthenticationToken> {
-        // Use SecurityProvider to refresh token
-        // TODO: Implement using provider.validate_permission() + create_permission()
-        todo!("Implement token refresh via SecurityProvider")
+        // Migration complete: validate existing permission, then re-issue
+        let existing = self.provider
+            .validate_permission(&request.existing_permission)
+            .await?;
+
+        let permission_request = PermissionRequest {
+            requester_id: request.requesting_primal.clone(),
+            target: existing.target,
+            scope: existing.scope,
+            validity_duration: std::time::Duration::from_secs(3600),
+            delegation_info: None,
+        };
+
+        let permission = self.provider.create_permission(permission_request).await?;
+        AuthenticationToken::from_security_permission(permission, &request.into())
     }
 }
 ```

…278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.md …278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.mdinfra/wateringHole/handoffs/TOADSTOOL_S278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.md renamed to infra/wateringHole/handoffs/archive/TOADSTOOL_S278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.md infra/wateringHole/handoffs/TOADSTOOL_S278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.md renamed to infra/wateringHole/handoffs/archive/TOADSTOOL_S278B_MOUNTAIN_DEBT_HYGIENE_MAY27_2026.md

@@ -23,11 +23,10 @@ no-default-features = false
 # `crates/runtime/gpu`: optional `cuda` / cudarc — omit from coverage runs (no CUDA toolkit required).
 exclude = ["toadstool-runtime-gpu"]
 
-# Mirrors llvm-cov `--ignore-filename-regex "tests/"` and drops examples/showcase trees.
+# Mirrors llvm-cov `--ignore-filename-regex "tests/"` and drops examples trees.
 exclude-files = [
     "**/tests/**",
     "**/examples/**",
-    "**/showcase/**",
 ]
 
 # Default tarpaulin behavior: do not count #[test] bodies toward coverage.