FlowmemoryAI
diff --git a/‎docs/OPERATIONS/FLOWCHAIN_OWNER_OPERATED_PUBLIC_RPC.md‎
Lines changed: 1 addition & 0 deletions b/‎docs/OPERATIONS/FLOWCHAIN_OWNER_OPERATED_PUBLIC_RPC.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/agent-runs/live-product-infra-rpc/ARCHITECTURE_AUDIT.md‎
Lines changed: 3 additions & 3 deletions b/‎docs/agent-runs/live-product-infra-rpc/ARCHITECTURE_AUDIT.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎docs/agent-runs/live-product-infra-rpc/BACKUP_INSTALL_VALIDATION.md‎
Lines changed: 34 additions & 0 deletions b/‎docs/agent-runs/live-product-infra-rpc/BACKUP_INSTALL_VALIDATION.md‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎docs/agent-runs/live-product-infra-rpc/PUBLIC_DEPLOYMENT_CONTRACT.md‎
Lines changed: 7 additions & 2 deletions b/‎docs/agent-runs/live-product-infra-rpc/PUBLIC_DEPLOYMENT_CONTRACT.md‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎docs/agent-runs/live-product-infra-rpc/WINDOWS_BACKUP_INSTALL.md‎
Lines changed: 32 additions & 0 deletions b/‎docs/agent-runs/live-product-infra-rpc/WINDOWS_BACKUP_INSTALL.md‎
Lines changed: 32 additions & 0 deletions
diff --git a/‎docs/agent-runs/live-product-infra-rpc/backup-install-validation-report.json‎
Lines changed: 52 additions & 0 deletions b/‎docs/agent-runs/live-product-infra-rpc/backup-install-validation-report.json‎
Lines changed: 52 additions & 0 deletions
@@ -20,6 +20,7 @@ The repository now provides:
 - `npm run flowchain:backup:restore:verify` for restore rehearsal from the latest snapshot without mutating live state.
 - `npm run flowchain:backup:restore:validate` for a local self-test that proves snapshot/restore round-trip integrity and detects corrupted snapshots.
 - `npm run flowchain:backup:check` for owner backup path readiness, including snapshot and restore proof.
+- `npm run flowchain:backup:install:windows` and `npm run flowchain:backup:install:validate` for a no-secret Windows Scheduled Task install/status/uninstall path for recurring state snapshots.
 - `npm run flowchain:bridge:infra:check` for Base 8453 deployment input checks.
 - `npm run flowchain:bridge:diagnose:tx` for read-only diagnosis of an owner-supplied Base 8453 transaction hash.
 - `npm run flowchain:live-infra:check` as the aggregate gate, including owner input contract, public RPC, service status, backup, bridge, and no-secret checks.
 
@@ -1,6 +1,6 @@
 # FlowChain Architecture Audit
 
-Generated: 2026-05-17T10:12:58.4828271Z
+Generated: 2026-05-17T10:20:17.2181046Z
 Status: blocked
 Blocked only on known external owner inputs: True
 
@@ -22,7 +22,7 @@ Blocked only on known external owner inputs: True
 
 | Layer | Requirement | Status | Evidence |
 | --- | --- | --- | --- |
-| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=52358, finalizedHeight=52358 |
+| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=52644, finalizedHeight=52644 |
 | Operations | Operations has explicit status, monitor, ops snapshot, alert rules, incident drills, and emergency controls that classify incidents separately from owner-input blockers. | passed | monitorStatus=passed, samples=2, heightAdvanced=True, supervisorValidation=passed, supervisorRestartAttempts=1, opsSnapshot=blocked, criticalCount=0, alertRules=passed, criticalRules=5, blockedRules=5, unmappedAlerts=0, incidentDrill=passed, incidentCases=8, incidentFailed=0 |
 | Operations | Owner-host service lifecycle includes a no-secret Windows Scheduled Task install, status, and uninstall path for reboot-persistent live supervisor autorecovery. | passed | installValidation=passed, failedChecks=0, planDidNotMutate=True, liveProfileDefault=True, schedulerCmdlets=True |
 | RPC/API | The control-plane API has explicit health/discovery/readiness/CORS/rate-limit validation and abuse rejection before it can be exposed publicly. | passed | validationStatus=passed, corsAllowed=True, corsRejected=True, endpointChecks=True, rateLimitProbe=True, rateLimitRejected=True, rateLimitRetryAfter=True, responseHygiene=True, abuseStatus=passed, abusePassed=True, abuseMissingChecks=0 |
@@ -31,7 +31,7 @@ Blocked only on known external owner inputs: True
 | Wallets | Wallet creation and wallet-to-wallet transfer are routed through the RPC/control-plane boundary into runtime blocks without returning secret material. | passed | walletStatus=passed, testerStatus=passed, testerWalletCreates=4, testerSecretLeak=False |
 | Bridge | The bridge architecture has a deterministic local proof for exact value, replay protection, wrong-chain rejection, unapproved-lockbox rejection, and no broadcast. | passed | broadcast=False, allAmountsEqual=True, wrongChainRejected=True, unapprovedContractRejected=True |
 | Bridge | Live Base 8453 bridge observation is isolated behind owner guardrails, read-only diagnostics, confirmation/cap settings, and no-broadcast checks. | blocked | bridgeLive=blocked, bridgeInfra=blocked, baseTxDiagnostic=blocked, baseTxSafe=True |
-| Storage/recovery | Live state backup and restore are separate configured storage boundaries with manifest hash proof, latest-pointer proof, live-state protection, and adversarial tamper/missing-artifact/wrong-chain rejection before public operation. | blocked | backupStatus=blocked, validationStatus=passed, snapshotProof=not-run, restoreProof=not-run, requiredChecks=15, missingChecks=0 |
+| Storage/recovery | Live state backup and restore are separate configured storage boundaries with manifest hash proof, latest-pointer proof, scheduled backup install proof, live-state protection, and adversarial tamper/missing-artifact/wrong-chain rejection before public operation. | blocked | backupStatus=blocked, validationStatus=passed, installValidation=passed, installFailedChecks=0, snapshotProof=not-run, restoreProof=not-run, requiredChecks=15, missingChecks=0 |
 | Deployment | The owner-operated public deployment contract is machine-checkable, includes rollback commands, and blocks sharing until public RPC, backup, bridge, and tester gates pass. | blocked | deploymentStatus=blocked, deploymentReady=False, packetShareable=False, packetSmoke=True, blockedOnlyKnown=True, blockedItems=5, failedItems=0 |
 | Governance/safety | Live-only inputs are externally owned, listed by name only, self-tested for missing/invalid/valid direct env plus local owner env-file loading, and fail closed on missing or malformed owner env files without printing values. | passed | ownerInputsStatus=blocked, validationStatus=passed, ownerEnvFilePasses=True, missingOwnerEnvFileFails=True, malformedOwnerEnvFileFails=True, knownMissingInputs=17, unknownInputs=0 |
 | Governance/safety | The ignored owner env file is a first-class setup boundary that can drive owner-input, live-infra, and public deployment gates through one redacted command. | blocked | readinessStatus=blocked, validationStatus=passed, missingFails=True, unignoredFails=True, gitIgnored=True, blockedOnlyKnown=True |
 
@@ -0,0 +1,34 @@
+# FlowChain Backup Install Validation
+
+Generated: 2026-05-17T10:20:20.2021105Z
+Status: passed
+
+This validation proves the scheduled backup install path is planned, no-secret, non-mutating in plan mode, and fails closed unless the owner backup path env is configured for actual backup runs.
+
+## Checks
+
+- installScriptExists: True
+- backupScriptExists: True
+- packageScriptsPresent: True
+- planCommandPassed: True
+- planDidNotMutate: True
+- schedulerCmdletsAvailable: True
+- scheduledTaskActionSupportsWorkingDirectory: True
+- actionUsesBackupScript: True
+- actionUsesRepoWorkingDirectory: True
+- hasStatePath: True
+- hasReportPath: True
+- ownerBackupEnvRequired: True
+- commandsPresent: True
+- commandOmitsAllowBlocked: True
+- envValuesPrintedFalse: True
+- noSecrets: True
+- broadcastsFalse: True
+
+## Commands
+
+- plan: npm run flowchain:backup:install:windows -- -Action Plan
+- install: npm run flowchain:backup:install:windows -- -Action Install
+- status: npm run flowchain:backup:install:windows -- -Action Status
+- uninstall: npm run flowchain:backup:install:windows -- -Action Uninstall
+- validate: npm run flowchain:backup:install:validate
@@ -1,6 +1,6 @@
 # FlowChain Public Deployment Contract
 
-Generated: 2026-05-17T10:12:58.1906179Z
+Generated: 2026-05-17T10:20:17.1551020Z
 Status: blocked
 Deployment ready: False
 Packet shareable: False
@@ -25,7 +25,7 @@ This file records deployment gates, commands, and env names only. It must not co
 | Owner signup checklist maps every public RPC, tester write gateway, backup, and Base 8453 bridge value to the exact thing the owner must get without requesting secrets in chat. | passed | signupStatus=passed, itemCount=9, externalSignupCount=3, missingCoverage=0, repoOwned=True, localEnvFileSupported=True |
 | Owner env-file setup has a command-generated local scaffold whose target path is git-ignored before owner values are added. | passed | templateStatus=passed, pathIsGitIgnored=True, requiredEnvNameCount=17, optionalEnvNameCount=2, includesAllRequired=True |
 | Public RPC exposure has a no-values owner edge template and deployment bundle for HTTPS reverse proxying, rate limiting, verification, and rollback. | passed | edgeTemplateStatus=passed, bundleStatus=passed, repoOwned=True, requiresTls=True, requiresRateLimit=True, forwardsOrigin=True |
-| The public deployment origin service is running privately in live profile before any owner TLS edge is considered shareable. | passed | serviceStatus=passed, privateBind=True, latestHeight=52358, finalizedHeight=52358 |
+| The public deployment origin service is running privately in live profile before any owner TLS edge is considered shareable. | passed | serviceStatus=passed, privateBind=True, latestHeight=52644, finalizedHeight=52644 |
 | The deployment has recent service-monitor evidence that block height advances over multiple samples. | passed | monitorStatus=passed, samples=2, heightAdvanced=True |
 | The owner service has an autorecovery supervisor and an isolated recovery drill proving control-plane restart without touching live state. | passed | supervisorValidation=passed, restartAttempts=1 |
 | The owner host has a no-secret Windows install, status, and uninstall path for registering the live supervisor as a reboot-persistent scheduled task. | passed | serviceInstallValidation=passed, planDidNotMutate=True, liveProfileDefault=True, commandsPresent=True |
@@ -35,6 +35,7 @@ This file records deployment gates, commands, and env names only. It must not co
 | The local public RPC abuse harness proves CORS rejection, media-type rejection, malformed JSON handling, batch/body caps, notification handling, rate limiting, and no-secret response summaries. | passed | abuseStatus=passed, abuseReady=True, missingChecks=0 |
 | The owner TLS edge must pass endpoint, CORS, rate-limit, readiness, and response-hygiene checks before sharing. | blocked | publicRpcStatus=blocked, publicRpcReady=False, validationStatus=passed, validationPassed=True, abuseStatus=passed, abusePassed=True |
 | Backup tooling must create manifest-backed state snapshots, restore the latest snapshot safely, reject tampered/missing/stale/wrong-chain backup evidence, and avoid owner secrets. | passed | validationStatus=passed, requiredChecks=15, missingChecks=0 |
+| The owner host has a no-secret Windows install, status, and uninstall path for recurring manifest-backed state backups that fail closed without the owner backup path. | passed | backupInstallValidation=passed, planDidNotMutate=True, ownerBackupEnvRequired=True, commandOmitsAllowBlocked=True |
 | The public deployment must prove the configured state backup directory can create a manifest-backed snapshot and restore it in rehearsal. | blocked | backupStatus=blocked, snapshotProof=not-run, restoreProof=not-run |
 | The public deployment must not invite bridge-funded testing until Base 8453 live and infra checks pass with owner guardrails. | blocked | bridgeLive=blocked, bridgeInfra=blocked |
 | External tester packet must remain not-shareable until owner public RPC, backup, and bridge gates pass, and it must rely on fresh tester-wallet evidence plus executable packet-route smoke. | blocked | externalTester=blocked, localTesterRehearsalReady=True, testerNetworkFresh=True, packetSmoke=True, externalSharingReady=False, packet=blocked, packetShareable=False |
@@ -60,6 +61,8 @@ This file records deployment gates, commands, and env names only. It must not co
 - npm run flowchain:tester:gateway:e2e
 - npm run flowchain:public-rpc:check
 - npm run flowchain:backup:restore:validate
+- npm run flowchain:backup:install:validate
+- npm run flowchain:backup:install:windows -- -Action Plan
 - npm run flowchain:backup:create
 - npm run flowchain:backup:restore:verify
 - npm run flowchain:backup:check
@@ -74,6 +77,8 @@ This file records deployment gates, commands, and env names only. It must not co
 - npm run flowchain:service:status
 - npm run flowchain:service:install:windows -- -Action Status
 - npm run flowchain:service:install:windows -- -Action Uninstall
+- npm run flowchain:backup:install:windows -- -Action Status
+- npm run flowchain:backup:install:windows -- -Action Uninstall
 - npm run flowchain:service:stop
 - npm run flowchain:service:restart -- -LiveProfile
 - npm run flowchain:emergency:stop-local
 
@@ -0,0 +1,32 @@
+# FlowChain Windows Backup Install
+
+Generated: 2026-05-17T10:20:19.7166633Z
+Status: passed
+Action: Plan
+Task: \FlowChainStateBackup
+
+This runbook registers a Windows Scheduled Task that runs the manifest-backed state backup command every day. The task requires FLOWCHAIN_RPC_STATE_BACKUP_PATH from the owner process environment or from FLOWCHAIN_OWNER_ENV_FILE.
+
+## Commands
+
+- Plan: npm run flowchain:backup:install:windows -- -Action Plan
+- Validate: npm run flowchain:backup:install:validate
+- Install: npm run flowchain:backup:install:windows -- -Action Install
+- Status: npm run flowchain:backup:install:windows -- -Action Status
+- Uninstall: npm run flowchain:backup:install:windows -- -Action Uninstall
+- Backup check: npm run flowchain:backup:check -- -AllowBlocked
+
+## Scheduled Task Action
+
+- Execute: `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`
+- Working directory: `E:/FlowMemory/flowmemory-live-infra-rpc`
+- Backup script: `E:\FlowMemory\flowmemory-live-infra-rpc\infra\scripts\flowchain-state-backup.ps1`
+- Daily time: 03:00
+- Owner env file injected: False
+
+## Status
+
+- Task existed before: False
+- Task exists after: False
+- Scheduler cmdlets available: True
+- WorkingDirectory supported: True
@@ -0,0 +1,52 @@
+{
+    "schema":  "flowchain.backup_install_validation_report.v0",
+    "generatedAt":  "2026-05-17T10:20:20.2021105Z",
+    "status":  "passed",
+    "taskName":  "FlowChainStateBackup",
+    "checks":  {
+                   "installScriptExists":  true,
+                   "backupScriptExists":  true,
+                   "packageScriptsPresent":  true,
+                   "planCommandPassed":  true,
+                   "planDidNotMutate":  true,
+                   "schedulerCmdletsAvailable":  true,
+                   "scheduledTaskActionSupportsWorkingDirectory":  true,
+                   "actionUsesBackupScript":  true,
+                   "actionUsesRepoWorkingDirectory":  true,
+                   "hasStatePath":  true,
+                   "hasReportPath":  true,
+                   "ownerBackupEnvRequired":  true,
+                   "commandsPresent":  true,
+                   "commandOmitsAllowBlocked":  true,
+                   "envValuesPrintedFalse":  true,
+                   "noSecrets":  true,
+                   "broadcastsFalse":  true
+               },
+    "failedChecks":  [
+
+                     ],
+    "missingPackageScripts":  [
+
+                              ],
+    "planReportPath":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\backup-install-windows-report.json",
+    "planMarkdownPath":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\WINDOWS_BACKUP_INSTALL.md",
+    "childProcessResults":  [
+                                {
+                                    "name":  "backup-install-plan",
+                                    "exitCode":  0,
+                                    "timedOut":  false,
+                                    "stdoutPath":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\devnet\\local\\tmp\\backup-install-validation\\20260517052015882-53328-14a6f493.stdout.log",
+                                    "stderrPath":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\devnet\\local\\tmp\\backup-install-validation\\20260517052015882-53328-14a6f493.stderr.log"
+                                }
+                            ],
+    "commands":  {
+                     "plan":  "npm run flowchain:backup:install:windows -- -Action Plan",
+                     "install":  "npm run flowchain:backup:install:windows -- -Action Install",
+                     "status":  "npm run flowchain:backup:install:windows -- -Action Status",
+                     "uninstall":  "npm run flowchain:backup:install:windows -- -Action Uninstall",
+                     "validate":  "npm run flowchain:backup:install:validate"
+                 },
+    "envValuesPrinted":  false,
+    "noSecrets":  true,
+    "broadcasts":  false
+}