Each one is a small program ALEF runs on a schedule. It checks one thing, finds problems, writes them down. The list below is what's running right now.
Findings that need human approval before ALEF can act on them.
secret-2026-05-12-001highdaberanigoogle_apiGoogle API keyDaberRani\.claude\settings.local.jsonsecret-2026-05-12-002highdaberanigoogle_apiGoogle API keyDaberRani\client\src\services\ai.jssecret-2026-05-12-003highhilulalendgoogle_apiGoogle API keyhilulalend\hilulalend\HANDOFF.mdsecret-2026-05-12-004highpundakpostgres_inlinePostgres connection string with embedded passwordpundak\SETUP-NEXT.mdsecret-2026-05-12-005highsmartcutgoogle_apiGoogle API keySmartCut-v2-landscape\BACKUP-FOR-NEW-PC\01-smart-screen-recorder\.claude\settings.local.jsonsecret-2026-05-12-006hightraktoronipostgres_inlinePostgres connection string with embedded passwordClaude-The studio-4.7\.claude\settings.local.jsonsecret-2026-05-12-007highwizetubeopenai_secretOpenAI / generic 'sk-' keyWizeTube\claude-config\project-memory\project_api_keys.mdsecret-2026-05-12-008highwizetubegoogle_apiGoogle API keyWizeTube\claude-config\project-memory\project_api_keys.mdsecret-2026-05-12-009highwizetubeopenai_secretOpenAI / generic 'sk-' keyWizeTube\HANDOFF.mdsecret-2026-05-12-010highwizetubegoogle_apiGoogle API keyWizeTube\HANDOFF.mdsecret-2026-05-12-011highautocmopostgres_inlinePostgres connection string with embedded passwordClaude-AutoCMO\.claude\settings.local.jsonThe engine inspects the engine. Schema, docs, scorecard freshness, TODO/FIXME in own source.
node D:\Alef\interface engine\self_audit.mjsD:\Alef\interface engine\self_audit_report.jsonEvery project measured against its Project standard (next-web / node-service / android / go / python / static).
node D:\Alef\core_standards\audit_against_blueprint.mjsD:\Alef\core_standards\audit_against_blueprint.report.jsonWalk package.json / pyproject / go.mod across portfolio. Map external SaaS deps.
node D:\Alef\portfolio_lift\scan_external_deps.mjsD:\Alef\portfolio_lift\external_deps.jsonMatch external deps to internal alternatives (claude-bridge etc) + emit substitution suggestions.
node D:\Alef\portfolio_lift\dep_substitution_proposals.mjsD:\Alef\portfolio_lift\dep_substitutions.jsonlWalk every project's source tree. Files-by-extension counts, TODO samples, tests/CI/husky/git checks, composite health 0-100.
node D:\Alef\portfolio_lift\deep_project_scan.mjsD:\Alef\portfolio_lift\deep_scan.jsonFor every external dep declared in package.json, check if any source file imports it. Flag unused = remove-candidate.
node D:\Alef\portfolio_lift\scan_unused_imports.mjsD:\Alef\portfolio_lift\unused_imports.jsonEnsure every project carries .identity.md (the imaginal-cell file from chaos_lab/analogy_06).
node D:\Alef\portfolio_lift\apply_identity.mjs.identity.md per project (idempotent)Read every .identity.md across the portfolio + emit portfolio_identities.json for the /portfolio page.
node D:\Alef\portfolio_lift\index_identities.mjsD:\Alef\portfolio_lift\portfolio_identities.jsonMatch alef-site mutations to other eligible projects. Emit suggestions.
node D:\Alef\portfolio_lift\cross_pollinate.mjsD:\Alef\portfolio_lift\cross_pollination.jsonlGrep for committed API keys / tokens / connection-strings-with-passwords across portfolio. Urgent findings go to operator_queue.jsonl.
node D:\Alef\portfolio_lift\secret_scanner.mjsD:\Alef\portfolio_lift\secret_findings.jsonDowngrade leaked credential findings in .claude/settings.local.json and .env.local (local-only files) from high to low severity. Adds triaged_severity field. Improves queue signal-to-noise.
node D:\Alef\portfolio_lift\triage_operator_queue.mjsD:\Alef\portfolio_lift\operator_queue.jsonl (mutated in place with triaged_severity)audit -> propose -> self-check for the public site (alef-site / n50.io).
pwsh -File D:\Alef\interface engine\run.ps1D:\Alef\interface engine\suggestions.jsonl + scorecard.jsonlScore the live site against curated reference URLs (anthropic, linear, vercel, cursor) across 10 dimensions.
node D:\Alef\interface engine\reality check.mjsD:\Alef\interface engine\scorecard.jsonl5 gates: suggestions count matches saved picture; trilingual; no high-score open; live URL contains an open suggestion id.
node D:\Alef\interface engine\self-check.mjs --live(exit code 0 = OK)Generate testable destructive hypotheses from current engine + portfolio state. Append to risk_registry.jsonl.
node D:\Alef\chaos_engine\hypothesis_engine.mjsD:\Alef\chaos_engine\risk_registry.jsonlPick one auto-approved sandboxed experiment + execute + observe + record outcome. Small blast radius per round. Production is sacred.
node D:\Alef\chaos_engine\chaos_engine.mjsD:\Alef\chaos_engine\chaos_findings.jsonlRead every recursive_learnings_*.md. Group lessons by Jaccard similarity. Flag lessons repeated across 3+ rounds — rule that didn't stick.
node D:\Alef\introspection\failure_pattern_detector.mjsD:\Alef\introspection\failure_patterns.jsonWalk every was-or-became source ALEF maintains (UI suggestions, dep substitutions, chaos findings, secret findings, skills, recursive learnings) and normalise into one chronological stream. Surfaced on /receipts as concrete line items: was X, became Y, where Z.
node D:\Alef\portfolio_lift\aggregate_receipts.mjsD:\Alef\portfolio_lift\receipts.jsonl2703 files scanned · 27 findings · 22 medium · 5 high
| medium | bizforge | google_api | Claude\bizforge\.env.local |
| medium | bizforge | postgres_inline | Claude\bizforge\.env.local |
| medium | daberani | google_api | DaberRani\.claude\settings.local.json |
| medium | daberani | google_api | DaberRani\client\.env.local |
| medium | smarts-domains | postgres_inline | claude-smarts-domains\.env.example |
| medium | smarts-domains | postgres_inline | claude-smarts-domains\.env.production.saved picture |
| medium | eventfund | postgres_inline | Claude\.env.local |
| medium | eventfund | google_api | Claude\bizforge\.env.local |
| medium | eventfund | postgres_inline | Claude\bizforge\.env.local |
| medium | hilulalend | google_api | hilulalend\hilulalend\.env |
| medium | hilulalend | postgres_inline | hilulalend\hilulalend\.env.example |
| high | hilulalend | google_api | hilulalend\hilulalend\HANDOFF.md |
| medium | pundak | postgres_inline | pundak\apps\api\.env |
| medium | pundak | postgres_inline | pundak\apps\api\.env.example |
| medium | pundak | postgres_inline | pundak\SETUP-NEXT.md |
Hypotheses ALEF tests in sandbox. Production is sacred; the experiment runs on a copy. Every outcome is a doctrine.
hyp-sandbox-isolates-from-prodisolation-holdsA delete operation issued at D:\Alef\chaos_sandbox\fake\ cannot reach D:\Alef\value_ledger\ — sandboxing is real.4mshyp-saved picture-missing-fieldgraceful-fallbackIf saved picture.json is missing the `recentCommits` field, the CommitStrip component renders nothing (graceful degradation) rather than crashing.4mshyp-missing-env-degrades-gracefullyas-expected-undefinedReading process.env.NONEXISTENT_VAR returns undefined (not a throw) — and downstream code must check.1mshyp-large-jsonl-still-parsesfast-enoughA 10,000-row JSONL file in the same shape as suggestions.jsonl parses cleanly in under 500ms.89mshyp-empty-jsonl-survivesgraceful-emptyAn empty value_ledger entries.jsonl (zero bytes) does not crash readJsonl callers — they return [] gracefully.17mshyp-registry-corruption-detectedparser-fails-loudlyIf agent_registry.json is malformed JSON, the saved picture builder + /helpers page degrade gracefully (no crash).4mshyp-identity-cell-immutable-in-prodproduction-untouchedDeleting an .identity.md from a sandbox copy of a project does NOT alter the original.5mshyp-prod-isolationproduction-untouchedDeleting a copied file inside D:\Alef\chaos_sandbox\ does NOT alter the original under D:\Alef\value_ledger\.5mshyp-bridge-unreachableas-expected-failed-cleanlyIf claude-bridge :11435 is unreachable, downstream callers receive a clean ECONNREFUSED rather than hanging forever.2504mshyp-saved picture-corruptionparser-fails-loudlyIf site/src/lib/saved picture.json is truncated mid-write, the next pnpm build will fail loudly (JSON.parse throws) rather than ship a half-saved picture.3mshyp-saved picture-corruptionfs-sandboxIf site/src/lib/saved picture.json is truncated mid-write, the next pnpm build will fail loudly (JSON.parse throws) rather than ship a half-saved picture.hyp-bridge-unreachableprocess-sandboxIf claude-bridge :11435 is unreachable, downstream callers receive a clean ECONNREFUSED rather than hanging forever.hyp-prod-isolationfs-sandboxDeleting a copied file inside D:\Alef\chaos_sandbox\ does NOT alter the original under D:\Alef\value_ledger\.hyp-identity-cell-immutable-in-prodfs-sandboxDeleting an .identity.md from a sandbox copy of a project does NOT alter the original.hyp-registry-corruption-detectedfs-sandboxIf agent_registry.json is malformed JSON, the saved picture builder + /helpers page degrade gracefully (no crash).hyp-empty-jsonl-survivesfs-sandboxAn empty value_ledger entries.jsonl (zero bytes) does not crash readJsonl callers — they return [] gracefully.hyp-large-jsonl-still-parsesfs-sandboxA 10,000-row JSONL file in the same shape as suggestions.jsonl parses cleanly in under 500ms.hyp-missing-env-degrades-gracefullyprocess-sandboxReading process.env.NONEXISTENT_VAR returns undefined (not a throw) — and downstream code must check.hyp-saved picture-missing-fieldfs-sandboxIf saved picture.json is missing the `recentCommits` field, the CommitStrip component renders nothing (graceful degradation) rather than crashing.hyp-sandbox-isolates-from-prodfs-sandboxA delete operation issued at D:\Alef\chaos_sandbox\fake\ cannot reach D:\Alef\value_ledger\ — sandboxing is real.12 node projects · 72 unused deps total