The public-facing science site for ecoPrimals — sovereign scientific computing.
Live site: primals.eco Sovereign primary: golgiBody-ext VPS via Caddy + Let's Encrypt Trailing shadow: GitHub Pages (extracellular mirror, will be archived after NS cutover)
Gate pushes to Forgejo (golgi) → Sovereign CI
1. Forgejo post-receive hook fires (golgi)
2. sovereign-ci-trigger.sh SSH → sporeGate (over WG)
3. sporeGate builds binary + rsync depot to golgi
4. golgi: sporeprint-rebuild.sh pulls + zola build
5. Caddy serves from public/ (auto-TLS via Let's Encrypt)
6. ext-github-push.sh pushes to GitHub (trailing shadow)
- Zola 0.22.1 — Rust static site generator (single binary, zero deps)
spore-validate— Rust validation + certification crate (27 modules, 220 tests, zero C deps)- petalTongue viz pipeline — Server-rendered SVG with WASM progressive enhancement
- Markdown + TOML front matter — human-readable, AI-parseable content
- Custom theme — Catppuccin Mocha/Latte, system fonts, dark/light, zero external deps
- Caddy — TLS termination + file serving on golgiBody-ext
- Knot DNS — Sovereign DNSSEC (ns1/ns2.primals.eco) with CAA for Let's Encrypt
# Prerequisites: Zola 0.22+, Rust toolchain 1.85+
zola serve # http://127.0.0.1:1111
zola build # output to public/
# Validation (Rust — typed, pedantic, 90%+ coverage)
cd crates/spore-validate
cargo build --release
cargo run -- validate # registry + totals + taxonomies
cargo run -- validate --check --verbose # + shortcode scan + entity report
cargo run -- check-links # internal link integrity
cargo run -- render-notebooks --discover # Jupyter → Zola markdown
cargo run -- fetch-refresh --write # clone upstream, update metrics
cargo run -- graph --emit # entity graph → static/graph/
cargo run -- certify --emit # guideStone manifest → static/certification/sporePrint/
├── config.toml # Zola config + entity_registry (66 entities) + totals
├── sources.toml # Upstream repo map (GitHub + Forgejo origins)
├── content/ # 222 Markdown pages with TOML front matter
│ ├── science/ # 32 baseCamp companion papers
│ ├── architecture/ # 20 pages: catalogs, inventory, topology, deployment, certify
│ ├── lab/ # 133 pages: spring hubs, notebooks, spore gallery
│ ├── products/ # blueFish, esotericWebb, helixVision, lattice QCD
│ ├── guidestone/ # guideStone verification class
│ ├── audience/ # PI, student, builder, compliance guides
│ ├── methodology/ # Constrained evolution, K-NOME, playbooks
│ ├── technical/ # Hardware, grants, pipelines
│ ├── glossary/ # Plain-language ecosystem glossary
│ ├── philosophy/ # atlasHugged integration (the "why")
│ └── sitemap/ # Full site navigation
├── templates/ # 14 Tera HTML templates + shortcodes
├── sass/css/ # SCSS partials → compiled by Zola (nav, layout, landing, etc.)
├── static/
│ ├── css/ # (generated by Zola Sass compilation — do not hand-edit)
│ ├── js/ # viz-hydrate.js (WASM progressive enhancement)
│ ├── wasm/ # petal-tongue-wasm (client-side scene rendering)
│ ├── (gonzales/ removed Wave 119 — migrated to petalTongue)
│ ├── certification/ # guideStone manifest (generated by certify)
│ └── graph/ # Entity graph JSON (generated by graph)
├── crates/
│ └── spore-validate/ # Rust crate: 27 modules, 220 tests, zero C toolchain
├── specs/ # Internal standards (not built by Zola)
└── .github/workflows/ # deploy.yml, auto-refresh.yml
Pure Rust validation binary — #![forbid(unsafe_code)], clippy pedantic+nursery
zero warnings, 220 tests, zero C toolchain dependencies. Edition 2024, Rust 1.85+. Release binary optimized (LTO+strip).
| Subcommand | Purpose |
|---|---|
validate |
Registry field checks, totals sums, taxonomy tags, content lint |
validate --check |
+ shortcode scan + internal link validation |
validate --strict |
Promote warnings to errors |
validate --verbose |
+ full entity report with all fields |
graph [--emit] |
Build typed entity graph (renvois de choses), optionally emit JSON |
certify [--emit] |
guideStone certification manifest — compute BLAKE3 Merkle, emit/validate |
provenance |
BLAKE3 content hashing + drift detection (--write/--verify/--diff) |
cas-manifest [--emit] |
BLAKE3 hash Zola build output for NestGate CAS |
cas-push [--generate] |
Push build artifacts to NestGate CAS via UNIX socket |
discover |
Show self-capabilities and discover peer primals |
refresh <repos_root> |
Cross-repo metric drift detection |
refresh --write |
Auto-update config.toml with current metrics |
fetch-refresh |
Clone upstream repos → refresh in one step |
render-notebooks |
Jupyter .ipynb → Zola markdown (pure JSON parse) |
render-notebooks --discover |
Auto-find notebooks via .gate workspace walk |
check-links |
Validate all @/ internal links |
nucleus <profile> |
Validate running NUCLEUS against profile (--probe for IPC health) |
depot-verify |
BLAKE3 integrity check of depot binaries against checksums.toml |
depot-list-arches |
Inventory available architectures and binary counts |
sporePrint certifies its own published claims. The certification manifest at
/certification/manifest.json contains entity counts, edge counts, a BLAKE3
Merkle root of the entity graph, and content page totals.
# Verify the site independently:
git clone https://github.com/ecoPrimals/sporePrint.git && cd sporePrint
cargo run --manifest-path crates/spore-validate/Cargo.toml -- certify
# Compare graph_merkle with https://primals.eco/certification/manifest.jsonsource repo push → Forgejo (golgi) → post-receive hook
→ SSH to sporeGate (build authority over WG)
→ cargo build --release → rsync depot to golgi
→ sporeprint-rebuild.sh pulls + zola build
→ Caddy serves updated public/ (zero downtime)
source repo push → notify-sporeprint.yml → repository_dispatch
→ sporePrint auto-refresh.yml
→ clone source, run spore-validate refresh --write
→ commit config.toml if changed
→ deploy.yml → certify → zola build → GitHub Pages
Every page is a Markdown file with TOML front matter:
+++
title = "Page Title"
description = "Short description for listings and search"
date = 2026-06-01
+++
Your content here...- 222 content pages, 66 entities, 220 tests, 27 modules
- Edition 2024, Rust 1.85+, zero unsafe, zero C deps
- NUCLEUS validation + depot integrity + riboCipher transport signal
- Shared IPC module: JSON-RPC 2.0 NDJSON with response ID correlation
cargo-denysupply chain security — all deps pure Rust, no advisories- WAN mesh enrollment operational (flockGate → eastGate via WireGuard)
- Coverage: 64.87% (remaining gaps: binary CLI dispatch, live socket probes)
- Wave 66: Sovereign self-hosting (Caddy + Let's Encrypt + systemd rebuild)
- Wave 67: Nest Atomic / pure-primal evolution (petalTongue content pipeline)
- Wave 68: Live visualizations + deep debt (VizRegistry, LazyLock, WASM)
- Wave 69: CSS modularization + ForgeArchiveBackend + sovereign CI
- Wave 70: Pure deps + typed returns + paths.rs constants
- Wave 73–74: CAS integration + discovery + pipeline design
- Wave 85–107: Transport abstraction + socket standards + deep debt zero
- Wave 111: Gate expansion + federation + content cascade (222 pages)
- Wave 113–119: riboCipher signal, NUCLEUS probe, depot verify, mesh enrollment
- DNS registrar NS cutover to ns1/ns2.primals.eco
- Archive GitHub Pages deploy workflow to fossilRecord
- CAS route registration (path→hash mapping for NestGate HTTP serving)
- petalTongue renders live dashboards from primal APIs
- Forgejo webhook triggers sovereign CI rebuild (no GitHub Actions)
- Code: AGPL-3.0-or-later
- Documents: CC-BY-SA 4.0
- Combined: scyBorg triple-copyleft (AGPL-3.0 + CC-BY-SA-4.0 + ORC provenance)