Add FlowChain ops snapshot reporting

Author: FlowmemoryAI

docs/OPERATIONS/FLOWCHAIN_OWNER_OPERATED_PUBLIC_RPC.md

@@ -9,6 +9,7 @@ The repository now provides:
 - `npm run flowchain:service:start` for supervised node and control-plane processes on Windows.
 - `npm run flowchain:service:status` for safe process, bind, height, backup, and bridge status.
 - `npm run flowchain:service:monitor` for repeated live service sampling that proves height progression over an operator-selected window.
+- `npm run flowchain:ops:snapshot` for one no-secret operator report that classifies critical incidents, public-readiness blockers, and incident commands.
 - `npm run flowchain:service:stop` and `npm run flowchain:service:restart`, which preserve runtime state.
 - `npm run flowchain:public-rpc:check` for endpoint, TLS, CORS, rate-limit, health, discovery, readiness, state, and response-hygiene checks.
 - `npm run flowchain:public-rpc:edge-template` for a no-values Nginx public-edge template that proxies this chain's private RPC origin through owner TLS and rate limiting.

docs/agent-runs/live-product-infra-rpc/ARCHITECTURE_AUDIT.md

@@ -1,6 +1,6 @@
 # FlowChain Architecture Audit
 
-Generated: 2026-05-16T04:55:11.3580976Z
+Generated: 2026-05-16T05:36:25.7062445Z
 Status: blocked
 Blocked only on known external owner inputs: True
 
@@ -21,8 +21,8 @@ Blocked only on known external owner inputs: True
 
 | Layer | Requirement | Status | Evidence |
 | --- | --- | --- | --- |
-| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=25361, finalizedHeight=25361 |
-| Operations | Operations has explicit status, monitor, and emergency-stop controls that do not depend on public deployment being live. | passed | monitorStatus=passed, samples=2, heightAdvanced=True |
+| L1 runtime | The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence. | passed | serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=31145, finalizedHeight=31145 |
+| Operations | Operations has explicit status, monitor, ops snapshot, and emergency controls that classify incidents separately from owner-input blockers. | passed | monitorStatus=passed, samples=2, heightAdvanced=True, opsSnapshot=blocked, criticalCount=0 |
 | RPC/API | The control-plane API has explicit health/discovery/readiness/CORS/rate-limit validation before it can be exposed publicly. | passed | validationStatus=passed, corsAllowed=True, corsRejected=True, endpointChecks=True, rateLimitProbe=True, rateLimitRejected=True, rateLimitRetryAfter=True, responseHygiene=True |
 | Public edge | External RPC exposure is a distinct owner-operated edge with TLS, allowed origins, rate limits, endpoint checks, and response hygiene. | blocked | publicRpcStatus=blocked, publicRpcReady=False |
 | Public edge | Public RPC exposure has a no-values owner edge template for HTTPS reverse proxying, rate limiting, and CORS-origin forwarding. | passed | edgeTemplateStatus=passed, repoOwned=True, requiresTls=True, requiresRateLimit=True, forwardsOrigin=True |

docs/agent-runs/live-product-infra-rpc/OPS_SNAPSHOT.md

@@ -0,0 +1,39 @@
+# FlowChain Ops Snapshot
+
+Generated: 2026-05-16T05:36:14.4745825Z
+Status: blocked
+Latest height: 31145
+Finalized height: 31145
+
+## Findings
+
+- blocked: public-rpc-not-ready - Public RPC is not ready to share.
+- blocked: backup-not-ready - State backup is not ready for public operation.
+- blocked: bridge-not-ready - Base 8453 bridge readiness is not ready for external funded testing.
+- blocked: external-tester-not-shareable - External tester packet must remain not-shareable.
+- blocked: deployment-contract-not-ready - Public deployment contract is not ready.
+
+## Incident Commands
+
+### status
+- npm run flowchain:ops:snapshot
+- npm run flowchain:service:status
+- npm run flowchain:service:monitor -- -DurationSeconds 300 -PollSeconds 30
+
+### restart
+- npm run flowchain:service:restart -- -LiveProfile
+- npm run flowchain:service:status
+
+### backupRecovery
+- npm run flowchain:backup:restore:validate
+- npm run flowchain:backup:create
+- npm run flowchain:backup:restore:verify
+
+### publicExposure
+- npm run flowchain:public-rpc:check
+- npm run flowchain:external-tester:packet
+
+### emergency
+- npm run flowchain:emergency:stop-local
+- npm run flowchain:bridge:emergency-stop
+- npm run flowchain:emergency:export-evidence

docs/agent-runs/live-product-infra-rpc/PUBLIC_DEPLOYMENT_CONTRACT.md

@@ -1,6 +1,6 @@
 # FlowChain Public Deployment Contract
 
-Generated: 2026-05-16T05:03:10.1702319Z
+Generated: 2026-05-16T05:36:25.5576427Z
 Status: blocked
 Deployment ready: False
 Packet shareable: False
@@ -12,13 +12,14 @@ This file records deployment gates, commands, and env names only. It must not co
 
 | Requirement | Status | Evidence |
 | --- | --- | --- |
-| The deployment contract evaluates reports freshly generated by this command or an explicit caller such as the completion audit. | passed | refreshPerformed=True, delegatedToCaller=False, failedSteps=0 |
+| The deployment contract evaluates reports freshly generated by this command or an explicit caller such as the completion audit. | passed | refreshPerformed=False, delegatedToCaller=True, failedSteps=0 |
 | Owner onboarding clearly distinguishes repo-owned FlowChain RPC from the external Base 8453 RPC dependency without values and documents local owner env-file loading. | passed | onboardingStatus=passed, flowChainRpcIsOurs=True, publicRpcRequiresOwnerPublicEdge=True, base8453RpcIsExternalChainDependency=True, localEnvFileSupported=True |
 | Owner signup checklist maps every public RPC, backup, and Base 8453 bridge value to the exact thing the owner must get without requesting secrets in chat. | passed | signupStatus=passed, itemCount=8, externalSignupCount=3, missingCoverage=0, repoOwned=True, localEnvFileSupported=True |
 | Owner env-file setup has a command-generated local scaffold whose target path is git-ignored before owner values are added. | passed | templateStatus=passed, pathIsGitIgnored=True, requiredEnvNameCount=15, includesAllRequired=True |
 | Public RPC exposure has a no-values owner edge template for HTTPS reverse proxying, rate limiting, and CORS-origin forwarding. | passed | edgeTemplateStatus=passed, repoOwned=True, requiresTls=True, requiresRateLimit=True, forwardsOrigin=True |
-| The public deployment origin service is running privately in live profile before any owner TLS edge is considered shareable. | passed | serviceStatus=passed, privateBind=True, latestHeight=30727, finalizedHeight=30727 |
+| The public deployment origin service is running privately in live profile before any owner TLS edge is considered shareable. | passed | serviceStatus=passed, privateBind=True, latestHeight=31145, finalizedHeight=31145 |
 | The deployment has recent service-monitor evidence that block height advances over multiple samples. | passed | monitorStatus=passed, samples=2, heightAdvanced=True |
+| Owner deployment has a no-secret ops snapshot that separates critical incidents from expected owner-input blockers and lists incident commands. | passed | opsSnapshot=blocked, criticalCount=0, blockedCount=5 |
 | The owner deployment contract validates the required public RPC, backup, and Base 8453 input names without values. | blocked | ownerInputsStatus=blocked, ownerInputReady=False |
 | The owner TLS edge must pass endpoint, CORS, rate-limit, readiness, and response-hygiene checks before sharing. | blocked | publicRpcStatus=blocked, publicRpcReady=False, validationStatus=passed, validationPassed=True |
 | Backup tooling must create a manifest-backed state snapshot, verify a restore rehearsal, and detect corrupted snapshots without owner secrets. | passed | validationStatus=passed, hashRoundTrip=True, corruptionDetected=True |
@@ -32,6 +33,7 @@ This file records deployment gates, commands, and env names only. It must not co
 
 - npm run flowchain:service:status
 - npm run flowchain:service:monitor -- -DurationSeconds 300 -PollSeconds 30
+- npm run flowchain:ops:snapshot -- -AllowBlocked
 - npm run flowchain:owner:onboarding
 - npm run flowchain:owner-env:template
 - npm run flowchain:owner-inputs

docs/agent-runs/live-product-infra-rpc/flowchain-architecture-audit-report.json

@@ -1,6 +1,6 @@
 {
     "schema":  "flowchain.architecture_audit_report.v0",
-    "generatedAt":  "2026-05-16T04:55:11.3580976Z",
+    "generatedAt":  "2026-05-16T05:36:25.7062445Z",
     "status":  "blocked",
     "blockedOnlyOnKnownExternalOwnerInputs":  true,
     "objectiveDeliverables":  [
@@ -27,7 +27,7 @@
                       "layer":  "L1 runtime",
                       "requirement":  "The block-producing node and service lifecycle are separated from RPC, run in live profile, and expose fresh state evidence.",
                       "status":  "passed",
-                      "evidence":  "serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=25361, finalizedHeight=25361",
+                      "evidence":  "serviceStatus=passed, liveProfile=True, maxBlocks=0, nodeRunning=True, controlPlaneRunning=True, latestHeight=31145, finalizedHeight=31145",
                       "files":  [
                                     "crates/flowmemory-devnet/src/cli.rs",
                                     "crates/flowmemory-devnet/src/storage.rs",
@@ -47,16 +47,18 @@
                   {
                       "id":  "ops-observability-boundary",
                       "layer":  "Operations",
-                      "requirement":  "Operations has explicit status, monitor, and emergency-stop controls that do not depend on public deployment being live.",
+                      "requirement":  "Operations has explicit status, monitor, ops snapshot, and emergency controls that classify incidents separately from owner-input blockers.",
                       "status":  "passed",
-                      "evidence":  "monitorStatus=passed, samples=2, heightAdvanced=True",
+                      "evidence":  "monitorStatus=passed, samples=2, heightAdvanced=True, opsSnapshot=blocked, criticalCount=0",
                       "files":  [
                                     "infra/scripts/flowchain-service-monitor.ps1",
+                                    "infra/scripts/flowchain-ops-snapshot.ps1",
                                     "infra/scripts/flowchain-emergency-stop-local.ps1",
                                     "infra/scripts/flowchain-node-stop.ps1"
                                 ],
                       "commands":  [
                                        "npm run flowchain:service:monitor",
+                                       "npm run flowchain:ops:snapshot -- -AllowBlocked",
                                        "npm run flowchain:emergency:stop-local"
                                    ],
                       "blockers":  [
@@ -532,6 +534,7 @@
     "reportPaths":  {
                         "serviceStatus":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\service-status-report.json",
                         "serviceMonitor":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\service-monitor-report.json",
+                        "opsSnapshot":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\ops-snapshot-report.json",
                         "liveWallet":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\live-service-wallet-e2e-report.json",
                         "testerNetwork":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\live-service-tester-network-e2e-report.json",
                         "publicRpcReadiness":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\public-rpc-readiness-report.json",

docs/agent-runs/live-product-infra-rpc/ops-snapshot-report.json

@@ -0,0 +1,127 @@
+{
+    "schema":  "flowchain.ops_snapshot_report.v1",
+    "generatedAt":  "2026-05-16T05:36:14.4745825Z",
+    "status":  "blocked",
+    "refresh":  {
+                    "performed":  true,
+                    "steps":  [
+                                  {
+                                      "name":  "service-status",
+                                      "exitCode":  0,
+                                      "outputLineCount":  9
+                                  },
+                                  {
+                                      "name":  "service-monitor",
+                                      "exitCode":  0,
+                                      "outputLineCount":  4
+                                  }
+                              ]
+                },
+    "chain":  {
+                  "latestHeight":  "31145",
+                  "finalizedHeight":  "31145",
+                  "stateFileLastWriteAgeSeconds":  2,
+                  "monitorStatus":  "passed",
+                  "monitorSamples":  2,
+                  "monitorHeightAdvanced":  true
+              },
+    "reportStatuses":  {
+                           "serviceStatus":  "passed",
+                           "serviceMonitor":  "passed",
+                           "publicRpc":  "blocked",
+                           "backup":  "blocked",
+                           "bridgeLive":  "blocked",
+                           "bridgeInfra":  "blocked",
+                           "externalTester":  "blocked",
+                           "publicDeployment":  "blocked",
+                           "noSecret":  "passed"
+                       },
+    "findings":  [
+                     {
+                         "severity":  "blocked",
+                         "code":  "public-rpc-not-ready",
+                         "message":  "Public RPC is not ready to share.",
+                         "commands":  [
+                                          "npm run flowchain:public-rpc:check",
+                                          "npm run flowchain:public-rpc:validate"
+                                      ]
+                     },
+                     {
+                         "severity":  "blocked",
+                         "code":  "backup-not-ready",
+                         "message":  "State backup is not ready for public operation.",
+                         "commands":  [
+                                          "npm run flowchain:backup:restore:validate",
+                                          "npm run flowchain:backup:check"
+                                      ]
+                     },
+                     {
+                         "severity":  "blocked",
+                         "code":  "bridge-not-ready",
+                         "message":  "Base 8453 bridge readiness is not ready for external funded testing.",
+                         "commands":  [
+                                          "npm run flowchain:bridge:live:check",
+                                          "npm run flowchain:bridge:infra:check",
+                                          "npm run flowchain:bridge:emergency-stop"
+                                      ]
+                     },
+                     {
+                         "severity":  "blocked",
+                         "code":  "external-tester-not-shareable",
+                         "message":  "External tester packet must remain not-shareable.",
+                         "commands":  [
+                                          "npm run flowchain:tester:readiness",
+                                          "npm run flowchain:external-tester:packet"
+                                      ]
+                     },
+                     {
+                         "severity":  "blocked",
+                         "code":  "deployment-contract-not-ready",
+                         "message":  "Public deployment contract is not ready.",
+                         "commands":  [
+                                          "npm run flowchain:public-deployment:contract -- -AllowBlocked"
+                                      ]
+                     }
+                 ],
+    "criticalCount":  0,
+    "blockedCount":  5,
+    "incidentCommands":  {
+                             "status":  [
+                                            "npm run flowchain:ops:snapshot",
+                                            "npm run flowchain:service:status",
+                                            "npm run flowchain:service:monitor -- -DurationSeconds 300 -PollSeconds 30"
+                                        ],
+                             "restart":  [
+                                             "npm run flowchain:service:restart -- -LiveProfile",
+                                             "npm run flowchain:service:status"
+                                         ],
+                             "backupRecovery":  [
+                                                    "npm run flowchain:backup:restore:validate",
+                                                    "npm run flowchain:backup:create",
+                                                    "npm run flowchain:backup:restore:verify"
+                                                ],
+                             "publicExposure":  [
+                                                    "npm run flowchain:public-rpc:check",
+                                                    "npm run flowchain:external-tester:packet"
+                                                ],
+                             "emergency":  [
+                                               "npm run flowchain:emergency:stop-local",
+                                               "npm run flowchain:bridge:emergency-stop",
+                                               "npm run flowchain:emergency:export-evidence"
+                                           ]
+                         },
+    "reportPaths":  {
+                        "serviceStatus":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\service-status-report.json",
+                        "serviceMonitor":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\service-monitor-report.json",
+                        "publicRpc":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\public-rpc-readiness-report.json",
+                        "backup":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\backup-readiness-report.json",
+                        "bridgeLive":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\bridge-live-readiness-report.json",
+                        "bridgeInfra":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\bridge-infra-readiness-report.json",
+                        "externalTester":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\external-tester-readiness-report.json",
+                        "publicDeployment":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\public-deployment-contract-report.json",
+                        "noSecret":  "E:\\FlowMemory\\flowmemory-live-infra-rpc\\docs\\agent-runs\\live-product-infra-rpc\\no-secret-scan-report.json"
+                    },
+    "broadcasts":  false,
+    "envValuesPrinted":  false,
+    "noSecrets":  true
+}