🧮 Ruflo Orchestration · Two Audiences, One Discipline

Ruflo for IEXDG
and for Her Mac

How we run the operator-tier orchestration on this side, and how the same composability JSON contract turns into a structured thinking partner on Dr. DNicole's Claude Desktop. One protocol, two capacities, zero pipeline drift.

Prepared by Dove Web Consulting · for IEXDG · v1.0 · 2026-05-26

🧹
14
Ruflo task records
this session
🦄
6/6
Tier-1 swarm
valid JSON
📍
5/5
Wave-1 ops
shipped + verified
🎯
0
Pipeline drift
Sprint 35
🧳
The Ruflo Disease + Mitigation, jump to Section 8 below
If you are looking for "Ruflo Disease and Mitigation", it is the canonical centerpiece at Section 8: the broken-loop diagnosis plus the 5 immunity shields wrapped around your Claude Desktop. Direct jump: go to Section 8 now.
Open Mitigation →

What is in this doc

🧬 Part A

How we use Ruflo for IEXDG

The DWC operator view. Strict pipeline, composability contract, hive-mind topology, and the real session numbers behind the discipline.

Section 01 · the discipline

Why Ruflo

Ruflo is not the executor. Ruflo coordinates topology and state. Execution still runs on the Claude Code Agent runtime as subagents. What Ruflo enforces is the contract that makes a fleet of agents legible to each other and to us. The standing directive on every IEXDG task is the same: create, assign, coordinate. Every agent returns the same JSON shape. Every blindspot becomes someone else's findings array.

📝 The standing directive

For every multi-agent task, use the strict pipeline. No exceptions. No silent shortcuts. The discipline matters more than any single agent's output, because the discipline is what lets a downstream agent consume an upstream agent's work without re-reading the world.

ruflo task create  "research the inbox"
ruflo task assign  --task <id> --agent <agent>
ruflo swarm coordinate   # or hive-mind broadcast
🧠 The substrate model

Ruflo v3.7-alpha succeeds per-command but does not host a persistent shared runtime. It coordinates the topology, state, and contract. The actual subagent runs on the Claude Code Agent runtime. When subagent perms fail, main-thread execution still honors the contract, returns the same JSON, lands in the same task record. The discipline does not depend on the executor.

The standing rule

Robert paste-set this rule 6 times before it stuck: use Ruflo for every agent, explicit task create then assign then coordinate, no exceptions, enforce the composability JSON contract, ultrathink and cover blindspots, brief in diagram plus emoji. The rule is captured in feedback_ruflo_composability_standing_directive.md and applies on every task from session boot.

Section 02 · the pipeline

🔃 Create, Assign, Coordinate

Three commands, in this order, every time. The order is not aesthetic, it is structural. create writes the task to disk so it can be referenced. assign binds the agent identity to the task so the result is attributable. coordinate (or broadcast in hive-mind) merges the results into a fleet view that the next layer can synthesize.

📝

1. Create

ruflo task create

Task lands in the record. ID returned. Description, priority, parent task captured. Nothing executes yet.

👪

2. Assign

ruflo task assign

Agent identity bound to the task. The agent name follows the convention iexdg-{verb}-{noun}. The result will carry that name in its agent field.

🎪

3. Coordinate

ruflo swarm coordinate

Results merge into the fleet view. Findings become inputs to the next-tier synthesizer. Broadcast variant fans the same query to every worker in a hive.

What pipeline drift looks like (and why we measure it)

Pipeline drift is when an agent runs without a Ruflo task record, or returns prose instead of the JSON contract, or skips the assign step. Drift breaks the downstream synthesizer because it has nothing to consume. This session: 14 task records, zero drift. That metric is logged in Sprint 35 of the action ledger.

Section 03 · the contract

📄 The Composability JSON Contract

Every agent, on every task, returns the same JSON shape. This is the lingua franca of the fleet. A synthesizer agent does not need to know which executor wrote the findings, what model produced them, or which tools were called. It only needs the contract. The contract is the API.

The five required fields

{
  "agent":        "iexdg-inbox-auditor",
  "task_id":      "task-1779836550401-7q1cw9",
  "findings": [
    {
      "id":       "F1",
      "severity": "info",
      "claim":    "Dr. DNicole replied yes on copy thread",
      "evidence": "gmail:msg_19e5f103d05e2cf6"
    }
  ],
  "next_agents": [
    {
      "agent":  "iexdg-catchup-reply-sender",
      "reason": "send catchup with 7 open asks"
    }
  ],
  "token_cost":   null
}
🔍 findings[]

Each finding has an id, a severity (info, warn, blocker), a claim, and an evidence pointer. The evidence pointer is what makes a finding falsifiable. No naked claims. No vibes.

🧮 next_agents[]

The agent itself nominates downstream work. This is how a fleet self-organizes. The synthesizer reads the union of all next_agents arrays and decides which to spawn.

🎯 token_cost

Null is allowed when the substrate does not report it. The field is present so budget tracking can be layered in later without breaking the schema. Forward-compatible by design.

Why the contract is load-bearing

On 2026-05-15 a subagent corrected our regression hypothesis on the image incident by returning a finding with severity blocker and an evidence pointer to a file we had not read. Without the contract, that would have been a Slack message we missed. With the contract, it became a synthesizer input that flipped the next sprint's plan. The composability contract caught our own blindspot, on the record, with a citation.

Section 03b · the flywheel

⚙️ The Composability JSON Compound Engine

The contract is not just a shape, it is a flywheel. Each agent's findings[] becomes the next agent's next_agents[] input. Five spokes around a gold-glow core. Each rotation adds calibration the next rotation reads. Drift is blocked at the schema gate before it can taint a downstream cycle.

⚙️
COMPOUND
findings -> next_agents
🛡️ Drift Blocked
Step 01
📐
Schema Enforced
Five required fields. agent, task_id, findings, next_agents, token_cost. Reject malformed at gate.
Step 02
🔍
Tier-1 Finds
Six parallel workers return discoveries. Every claim has an evidence pointer. No naked vibes.
Step 03
🔗
Chain via next_agents
Each finding nominates downstream work. The fleet self-organizes through the contract, not Slack.
Step 04
🧠
Tier-2 Synthesizes
30 findings merge to 12 ranked items. The synthesizer reads the union, not the raw stream.
Step 05
📚
Ledger + RAG Ingest
Sprint block + 108 new chunks. The next session reads the compounded outcome as prior art.
🛡️ What the badge means

DRIFT BLOCKED at the core means the schema gate rejects any agent return that does not honor the contract. Pipeline drift this session is zero because malformed JSON never enters the synthesizer's input set. The gate is the load-bearing wall.

🔄 Why it compounds

The output of cycle N is structured input for cycle N+1. RAG ingest of the ledger means a future session's first rag_query can read the synthesized recommendations directly. The wheel turns faster every spin.

🎯 The Sprint 35 receipt

Cycle 1: 6 Tier-1 agents returned 30 findings. Cycle 2: Tier-2 returned 12 ranked + 3 next_agents. Cycle 3: 5 Wave-1 ops shipped + verified. Cycle 4: ledger + RAG ingest closed the loop. Same week, same engine.

Section 04 · the topology

🦄 Hive-Mind Topology: Queen plus 6 Workers

This session spawned one queen and six workers from a single command pair. The queen broadcasts the parent task. Each worker pulls a slice, executes on its own context, and returns the contract. The queen reduces the six results into a synthesizer briefing. The whole topology is one shell pipeline.

ruflo hive-mind init  -t hierarchical-mesh
ruflo hive-mind spawn -n 6 -r worker
🦄
QUEEN
📧
inbox-auditor
Gmail
📧
mailbox-warmup
Instantly
📋
notion-warroom
Notion
deploy-verify
VM endpoints
🎯
icp-research
Targets
🧠
rag-query
Knowledge DB
🎯 Why hierarchical-mesh

The queen has the parent task. Workers have peer-to-peer awareness through the shared findings buffer. A worker can reference another worker's finding by id without waiting for the queen to fan it back out. The mesh is what lets iexdg-rag-query say "RAG was 7 days stale" and have iexdg-deploy-verify consume that fact as evidence in its own findings.

🧹 Why six workers

Six is the cardinality of the Sprint-35 research pulse: inbox, mailbox warmup, war room, deploy verify, ICP, RAG. Each maps to one persistent surface area. Adding a seventh would have overlapped with an existing role. Subtracting one would have left a blindspot. Six matches the actual problem shape.

Section 04b · the live mesh

👑 The Hive-Mind Topology

A live snapshot of the present session. One queen at the center, pulsing. Three concentric rings carry her fleet: 6 workers in the inner orbit, 6 specialists in the middle, 3 scouts on the outer. Seven named Claude Code subagents float beyond the rings as the executor substrate. Worker counts are not decorative, they reflect ruflo hive-mind status from this session.

👑
QUEEN
hierarchical mesh
🤖
inbox
auditor
🤖
mailbox
warmup
🤖
notion
warroom
🤖
deploy
verify
🤖
icp
research
🤖
rag
query
🧪
brand
canon
🧪
unified
state
🧪
m_registry
🧪
occ
reconcile
🧪
ledger
backfill
🧪
visual
gate
🛸
campaign
scout
🛸
picture
board
🛸
cc_bus
monitor
💻
coder
🛡️
tester
🔎
reviewer
🛠️
architect
📚
researcher
📊
analyst
optimizer
1 queen, parent task
6 workers, surface ownership
6 specialists, deep skills
3 scouts, frontier sweep
7 named Claude Code agents (substrate executors): coder, tester, reviewer, architect, researcher, analyst, optimizer

Why the rings have weight

Workers hold persistent surface areas (inbox, RAG, war room) and survive across sessions. Specialists spawn for deep skills (brand canon, OCC reconcile) and tear down after the task. Scouts sweep the frontier looking for what nobody asked about yet (campaign signal, picture-board residue). The seven named Claude Code agents are the actual execution substrate that runs whichever role is invoked. The topology is the load distribution, not a roster.

Section 04c · the field guide

🧮 Role Purpose Field Guide

The topology shows WHERE roles sit. This guide shows what they are FOR. Four core primitives spawned by ruflo hive-mind init, plus the nine named specialists the executor substrate runs. Pick the right role for the task instead of throwing a generic worker at everything. Wrong role choice is the silent tax that turns a 6-agent swarm into a 12-agent rework cycle.

Got a new task? Decide the role FIRST.
A task arrives at the queen.
Does it route others, hold consensus, or coordinate a fleet?
QUEEN
👑
Is it discovery, audit, or a pre-flight check before commit-heavy work?
SCOUT
🛸
Is it bulk parallel execution where breadth matters more than depth?
WORKER
🤖
Does it need domain mastery, a higher token budget, deep craft?
SPECIALIST
🧪
Tier A · 4 core primitives

The Hive-Mind Roles

spawned by ruflo hive-mind init
👑
Queen
Orchestrator
Routes tasks to roles. Holds consensus voting. Broadcasts memory to the fleet. The top-down coordinator that ruflo hive-mind init spawns first.
IEXDG Sprint 35Ran the U1 through U4 doc-upgrade fleet, fanning brand-bible work, CSS mastery, and pre-flight audits to the right role each time.
🤖
Worker
Bulk Executor
General-purpose. Picks up any task from the queue. The default tier for bulk parallel execution where breadth beats depth (file ops, deploys, simple research).
IEXDG Sprint 35Wrote the brand-bible HTML body content, ran the inbox auditor, executed the W1A RAG re-ingest of 11 artifacts.
🧪
Specialist
Domain-Deep Craft
Higher token budget per task. Used when depth beats breadth. Spawn for Nexus-style mastery work where the output needs craft, not coverage.
IEXDG Sprint 35Handled the brand-bible CSS aesthetic and the Hive-Mind Topology centerpiece SVG, both jobs that needed deep design discipline.
🛸
Scout
Frontier Sweep
Exploratory, fast, cheap. Discovers blockers, audits state, surfaces gaps. Always runs BEFORE commit-heavy work so the executor never wastes tokens on a doomed path.
IEXDG Sprint 35Pre-flighted gcloud auth + VM scopes before Q9, caught the OCC direction-flip on W1D, sniffed the picture-board residue post W1E.

The rule the field guide enforces

Right role first, then right agent name. A scout used as a worker burns budget on a task it cannot finish. A worker used as a specialist returns shallow craft. The 4 core primitives are not interchangeable tiers, they are different shapes. The queen routes by SHAPE, not by availability.

Tier B · 9 named specialists

The Executor Substrate

runs on the Claude Code Agent runtime
👨‍💻
Coder
build · refactor

Writes new code, refactors existing. The default execution agent for any task that ships a file diff.

Spawn in IEXDG whenshipping content_drop_v3 rewires, MCP tool stubs, or new VM endpoints.
🧪
Tester
validate · acceptance

Runs test suites, validates acceptance criteria against the spec. Returns blocker-severity findings when the spec contract breaks.

Spawn in IEXDG whenverifying brand-bible canon files on the VM, or the cc_prompt_drift 4/4 unchanged check.
🔎
Reviewer
read-only · risk

Read-only. Scores correctness, flags risk, never writes. The safety net that runs after the coder and before the deploy.

Spawn in IEXDG whenauditing a Dr. DNicole facing deliverable for em-dash leaks or brand-rule violations.
🛠️
Architect
design · topology

Designs system structure, picks tech choices, draws topologies. Outputs are decisions and diagrams, not code.

Spawn in IEXDG whenplanning Sprint 36 stack changes, picking MCP transport, or laying out the role field guide itself.
📚
Researcher
external · docs

Gathers external information from docs, APIs, the web. Returns facts plus citations, never opinions.

Spawn in IEXDG whenpulling ICP intel on Tucson cabinet transitions, or sourcing Ashley Kirkwood follow-up context.
📊
Analyst
data · patterns

Interprets data, finds patterns in logs, metrics, transcripts. Turns raw numbers into ranked findings.

Spawn in IEXDG whenauditing Sprint-35 ledger blocks, GHL contact growth, or the 14 task-record drift metric.
Optimizer
speed · cost

Performance tuning, refactor for speed and cost. Targets token budget, latency, and bytes-on-the-wire.

Spawn in IEXDG whentrimming the RAG ingest path, or compressing the cc_brief payload below the 4-min Claude Desktop budget.
🛡️
Security
audit · CVE

Auditor for vulnerabilities. CVE checks, scope review, secret-leak scans. Pairs naturally with the reviewer role.

Spawn in IEXDG whenscoping the BRAIN_BEARER token rotation, or auditing /etc/default/iexdg-mcp env leaks.
📡
Monitor
observe · alert

Long-running observer. Watches state, fires alerts, never ends until torn down. The only named role with a heartbeat.

Spawn in IEXDG whentailing the cc_bus, watching the reference-intake folder, or guarding the content_drop_v3 halt sentinel.

Tier A vs Tier B, the structural difference

Tier A is the role shape the queen routes by. Tier B is the named subagent the executor substrate actually runs. A worker-shaped task can be executed by coder or by researcher. A specialist-shaped task can be executed by architect or by reviewer. The shape decides priority and token budget. The named agent decides craft. Both are stamped onto the task record, both flow through the composability JSON contract.

Section 05 · the receipts

📎 Real Session Evidence, Sprint 35

Numbers from the IEXDG_Complete_Action_Ledger.html Sprint 35 block, dated 2026-05-25. Every number here has a source pointer. No vibes. No marketing math.

TIER 1

6/6 research swarm valid JSON

Six agents ran the strict create, assign, coordinate pipeline. All six returned the composability JSON contract. Source: Sprint 35 ledger block, card 1.

TIER 2

30 findings to 12 ranked items + 3 next_agents

Tier-2 synthesizer merged the six worker outputs into a deduplicated ranked list. Tier-2 writer produced a diagram briefing. 2/2 valid JSON from Tier 2.

WAVE 1

5/5 OUR-side unblocks shipped end-to-end

W1A RAG re-ingest, W1B brand-canon to VM, W1C G7 unified_state + G21 m_registry deploy, W1D OCC pull-down reconcile, W1E ledger tail. All verified live.

CONTRACT

14 task records, zero drift

Every Ruflo task this session passed create then assign then coordinate. Pipeline drift: zero. Source: Sprint 35 closing card.

RAG

13,077 to 13,185 chunks (+108)

W1A re-ingested 5 Campaign 05 artifacts plus 6 memory files. Database was 7 days stale before this run. Source: ingest_session.py log.

DEPLOY

G7 + G21 live, 10 days post-build

unified_state and m_registry were built and self-tested on 2026-05-15. They sat undeployed for 10 days. The Ruflo pipeline surfaced that gap in W1C. Shipped + verified on 2026-05-25.

BRAND

cc_prompt_drift 4/4 unchanged

Pre-flight returned all four canon files missing because of a path bug. W1B fixed the deployment + the symlink. Post-deploy cc_prompt_drift returns all four with status=unchanged + valid sha256.

CORRECTION

OCC direction-flip caught by deploy-verify

W1D pre-flight expected to push staged over live. Diff revealed live (56,155 bytes, May 25 12:00 UTC) is NEWER than staged (39,714 bytes, May 21). Pulled live DOWN. Without the Ruflo deploy-verify finding we would have overwritten the canonical.

The Q1, Q2, Q4, Q8, Q10 wins behind the Wave

Real wins attributable to the Ruflo pipeline this session: Q1 GCS bucket stamped by the GCP runbook agent, Q2 GHL and Instantly verification scripts shipped, Q4 M-INFRA-01 triaged via the unlock-plan agent, Q8 ledger backfill May 18 picture-board added by iexdg-ledger-backfill-may18-picture-board (task-1779798789477-p9y1tt), Q10 ethnicity audit corrected an earlier diagnosis by returning a blocker-severity finding with file evidence. R1 + R3 + R6 pillar corpus organized by the saved-photos puller fleet.

🧠 Part B

How Dr. DNicole can use Ruflo on her Mac

A different capacity. Not operator-tier orchestration. Ruflo as a structured thinking partner on her own Claude Desktop, with the same contract feeding our queue.

Section 06 · the problem

🔥 The 11-Day Frustration Loop

On 2026-05-15 Dr. DNicole escalated 11 days of visual-direction frustration. The escalation was a stream of feedback that did not ship cleanly because her CC did not have a way to structure WHY she was frustrated into action items. The fix is not a better prompt. The fix is a structured thinking tool that converts a stream into the same composability contract our side already speaks.

⚠ The canonical incident, 2026-05-15

She was frustrated. Her CC narrated empathy. The fix that finally shipped did not arrive until 2026-05-25, after a six-agent Ruflo research swarm on our side reconstructed what she had said across 46 emails and 12 unverified attachments. The 11 lost days were not because the work was hard. They were because there was no shared structure.

May 04
War Room last authored by her. Zero blocks or comments since.
May 15
Visual governance escalation. "She wants a proactive curation GATE not a better prompt."
May 15
12 attachments arrive. Reference-intake watcher flags them UNVERIFIED.
May 18
Picture-board 5-answer Q&A landed. Backfilled to ledger Sprint 33.5.
May 21
She replies, then 90-minute window where we declared inbox empty (it was not).
May 25
Six-agent Ruflo swarm reconstructs the state. Catchup reply finally sent.

The diagnostic guardrail Apr 21 taught us

On 2026-04-21 her CC said "I don't have a War Room tool" while the IEXDG MCP at ~/iexdg-mcp/iexdg_content_mcp_v3_apr21.py had one. Her CC's prose narration is NOT ground truth. Tool call results are. Any Ruflo install on her Mac must enforce: never claim absence of a tool without attempting the call and citing the failure mode. The composability contract makes that automatic, the finding either has a tool-call evidence pointer or it has nothing.

Her three use-cases

Use Case 01
📊 Frustration Structurer
When she is frustrated or confused, instead of writing a stream-of-thought email, her CC opens a Ruflo task.
  • CC opens task "Dr. DNicole frustrated with images"
  • Assigns to her own organizing agent
  • Returns the same JSON: findings, next_agents, token_cost
  • CC summarizes back to her in plain language
  • She approves or edits inline
  • Auto-emails Robert with structured asks
  • Breaks the 11-day loop at hour one
Highest Daily Use
Use Case 02
💵 Consulting Practice Tracker
Her own practice, NOT IEXDG infrastructure. Ruflo as a thinking partner for HER work.
  • Tucson contract #240097-44 delivery state
  • Ashley Kirkwood transcripts and follow-up
  • CareFirst BCBS capability presentation
  • Garfield Heights invoice GHL entry
  • Speaking pipeline next 90 days
  • Writing schedule and book chapter status
  • Each engagement gets a task tree, not a sticky note
Use Case 03
✉️ Cross-CC Bus
Her Ruflo tasks flow into our Ruflo queue when they need DWC execution.
  • Her CC creates a task with severity blocker
  • The composability JSON IS the wire format
  • Our queen reads it as a finding from a remote worker
  • Our synthesizer fans the next_agents to our fleet
  • Result flows back with the same task_id ancestry
  • Full audit trail, no Slack archeology
  • The contract is the lingua franca
Section 07 · the install

💾 Install Plan for Her Mac CC

Same filename-as-version-lock pattern that worked for the IEXDG MCP install (v3, v3.2, v3_apr21, v3_2_apr22 each on its own filename). Her Mac home folder is /Users/drdnicolefields/. The install is a four-step runbook she can paste-run, with the diagnostic guardrail wired into step one.

Pre-flight, the diagnostic guardrail

Before claiming Ruflo is missing, attempt the call. Print the exact error if it fails. Print the version if it succeeds. This is the discipline that prevents the Apr-21 "I don't have a War Room tool" failure mode.

which ruflo  || echo "NOT INSTALLED"
ruflo --version 2>&1 | tee ~/ruflo_preflight.log

Install Ruflo with filename-as-version-lock

Pin to a named version. Do not float to latest. The version that ran our Sprint 35 swarm is v3.7.0-alpha. If we cut over to v3.8 later, the file gets a new name, the old one stays accessible for rollback.

npm install -g ruflo@3.7.0-alpha
node ~/node_modules/ruflo/bin/ruflo.js --version
# Windows-style invocation as documented in ruflo_runtime_reality memory

Wire it into Claude Desktop MCP config

Add Ruflo as an MCP server in Claude Desktop's config (the same file that registered the IEXDG MCP at ~/iexdg-mcp/...). The 4-minute Claude Desktop tool-call budget applies, every Ruflo tool returns within budget or it returns a partial finding with severity warn. Tools must NEVER raise.

Verify the contract round-trip

Run one task end-to-end. Confirm the JSON shape lands in the task record. Confirm the next_agents nomination works. Confirm the cross-CC bus drops the same JSON into our queue. Only after the round-trip is green does she start using it for real work.

ruflo task create  "hello from her CC"
ruflo task assign  --task <id> --agent her-test-agent
ruflo swarm coordinate
# Expect: 1 task record, 1 valid JSON return, 0 raises

The two things that must never happen on her CC

(1) Her CC must NEVER pretend to have tools it does not have. If the Ruflo binary is missing, say so explicitly with the path that was checked. (2) Her CC must NEVER let a Ruflo tool raise. Every tool catches its own failure and returns a finding with severity blocker. The 4-minute budget plus the no-raise rule are the two operating constraints she has flagged for us before.

Section 08 · the bus

✉️ Cross-CC Bus: Her Mac ↔ Ruflo ↔ Our CC

The composability JSON IS the lingua franca. Her CC writes the same shape ours reads. The task layer between them is an opaque queue that does not care which CC produced the payload, only that the payload is valid. This is how a one-person decision on her side becomes a fleet execution on ours, without anyone retyping the brief.

📥

Her Mac CC

Dr. DNicole Fields

Claude Desktop. Frustration structurer, consulting tracker, task author.

🧮
RUFLO TASK LAYER
📐 composability JSON
📤

Our DWC CC

Robert + the fleet

Claude Code. Hive queen, synthesizer, executor substrate.

A
her frustrationstream of feedback, 12 attachments, prose
her CC opens taskseverity blocker, findings + next_agents
our CC reads + actsqueen fans next_agents to fleet, ack returned same task_id
B
our discoverye.g. brand-bible doctrine 2026-05-26
ruflo taskseverity info, evidence pointer to canon file
her CC digestshe acknowledges, doctrine locked in her practice
C
scheduled heartbeatcron POST /api/v1/cc_ping every 15 min
status synccc_status, prompt_drift, unified_state rollup
both CCs alignedzero drift between her view and ours
💻

Her Mac CC

Dr. DNicole Fields

Frustration structurer, consulting tracker, task author. Produces composability JSON.

🧮

Ruflo Task Layer

Topology + State + Contract

Opaque queue. Routes by next_agents nomination. Persists task_id ancestry. Zero re-typing.

🖥️

Our DWC CC

Robert + the fleet

Hive queen reads her JSON as a remote worker finding. Synthesizer routes execution.

🧹 The new path (with Ruflo)

She is frustrated. Her CC opens a task. She narrates once. The task lands with structured findings. The bus carries it to our queue. Our queen fans the next_agents. Six minutes later she has a structured acknowledgment + the action items in flight. No 11-day loop.

🔥 The old path (today)

She is frustrated. She writes an email. Her CC narrates empathy. The email lands. We re-derive the structure from prose. We email a clarifying question. She replies four days later. We ship something. She says "that is not what I meant." Repeat. Cost: 11 days, one near-miss escalation, one Sprint-35 reconstruction.

   [her Mac CC]
        |  ruflo task create  + findings + next_agents
        v
   [task record]  task-XXXX-her-frustration-images
        |
        |  ==> bus carries the JSON, no re-typing
        v
   [our hive queen]
        |  reads as remote-worker finding
        |  fans next_agents to fleet
        v
   [execution fleet]  (deploy, copy, brand, content)
        |
        |  result returns with same task_id ancestry
        v
   [her Mac CC]  structured ack + delta
Section 08b · the immunity system

🧬 The Ruflo Disease & the 5 Shields That Make Her CC Immune

A bus is only as healthy as the loops that close on it. The previous section shows what the contract carries; this section names the chronic failure mode that quietly hollows it out, and the five antibodies that prevent it on her Mac CC. The disease has been formally named so we can hunt it on sight: RUFLO-ORCHESTRATION-LOOP-NOT-CLOSED.

Centerpiece 1

The Disease, visualized

three steps fire outward, one return never lands
🧹
Step 01
Create
ruflo task create
scaffolds the record
📋
Step 02
Assign
ruflo task assign
prints "[OK] task assigned"
🧮
Step 03
Orchestrate
ruflo swarm coordinate
spawns the worker thread
findings never return
the execution loop is supposed to close back here. It does not. Tier-2 chains then run on an empty findings[], ledger drifts, the orchestration becomes theater.
. · . · . · . · . · . · . · . · . (silence)
Diagnosis (Robert, 2026-05-27)
RUFLO-ORCHESTRATION-LOOP-NOT-CLOSED
Symptoms

Four ways the disease shows up

if any of these appears, the loop did not close
🪨
Symptom 01
Ruflo prints "[OK] task assigned" but no agent ever returns a finding. The status line looks healthy; the result never lands.
🪨
Symptom 02
Tier-2 synthesis chains run on an empty findings[], because there is no Tier-1 data to merge. The synthesis ships, looks fluent, says nothing.
🪨
Symptom 03
The Sprint ledger block is missing items the CC claims it did. The CC says "wave shipped"; the ledger has no evidence pointer to back it.
🪨
Symptom 04
The same Ruflo directive gets pasted 6+ times, because the prior wave's results never came back to inform the next one. Repetition is the smoke; the loop is the fire.

The reason it is chronic, not acute

Nothing visible breaks. Ruflo's outward calls all return success codes. The CC keeps talking. The dashboards stay green. The damage is silent and compounding: every unclosed loop poisons the next wave's input. By the time it surfaces it looks like 50 small problems instead of one chronic one. Naming it is the first antibody.

Centerpiece 2

The 5 Shields around her Mac CC

five antibodies, each one closes a different way the loop can fail
🖥️
Her Mac CC
Dr. DNicole · protected
💉
Composability JSON Enforcement
Every agent MUST return the exact JSON shape, findings, next_agents, token_cost. If the shape is wrong, the system rejects it loudly. No silent failures.
How it firesinput + output gateway blocks anything that does not match the schema before it can pollute the next wave.
🔄
Loop-Close Gate
Every Ruflo task must report a real result within a fixed window, default 10 minutes. If not, the gate flags it STALE and alerts both CCs.
How it firesverify-claude check pulled from a cron audit of ruflo state.
📡
Cross-CC Heartbeat
Her Mac CC and Robert's CC ping each other every 15 minutes. Silence equals something broke. The brain notices, not the human.
How it firescc_ping endpoint at brain.iexdg.com confirms both CCs alive.
📋
Auto-Rollup Digest
Once a day, the system reads her Ruflo task list, finds any task older than 4 hours with no result, and surfaces it in her morning brief.
How it firesscheduled summary email + War Room update at 7am her time.
🗡
Kill Switch
When a Ruflo task gets stuck or wrong-routed, ONE command nukes it cleanly and alerts Robert. She does not get trapped trying to debug it.
How it firesruflo task cancel <id> + cc_post emergency notice.
Center node, her Mac Claude Desktop, protected surface
Immunity shield, one antibody per failure mode
Heartbeat pulse, every 15 min, silence equals alert
Centerpiece 3

Her CC Install Protocol

how the immunity system gets enabled, four ordered rungs
From "installed" to "immune" in four rungs
1
💾
Install IEXDG MCP v3
Already shipped per Apr 21 ledger. The substrate that hosts the immunity module.
outcome: MCP listed in Claude Desktop config
2
📝
Drop the immunity module
Place ruflo_disease_immunity.py into ~/iexdg-mcp/lib/. Atomic file drop, no edits to existing modules.
outcome: 5 shields registered, idle
3
⏱️
Wire the cron
Add */15 * * * * verify-claude --immunity-check to her crontab. Same 15-min cadence as the cross-CC heartbeat.
outcome: gate fires every 15 minutes
4
Confirm via diag_health()
Run the diagnostic. All 5 shields must report green. Any amber or red blocks the cut-over to live use.
outcome: 5/5 green, immune
Centerpiece 4

Before vs After the Immunity System

same CC, same Ruflo, two completely different operating modes
⚠ Before, her CC alone
The bus is up. The loops are not.
  • Tasks pile up with "[OK] task assigned" lines and no result
  • No feedback channel when a wave silently dies
  • She re-pastes the same directive a fourth, fifth, sixth time
  • Frustration silos on her side; Robert never sees it
  • Ledger drifts from reality, dashboards still read green
  • The 11-day frustration loop becomes the default cadence
✓ After, her CC with the 5 shields
Loops close, or the brain shouts.
  • Every loop closes within 10 minutes, or it is flagged STALE
  • Stuck tasks surface in the 7am morning brief automatically
  • Heartbeat silence equals alert, not silent rot
  • JSON gateway rejects malformed returns at the door
  • One-command kill switch when a task is wrong-routed
  • Frustration becomes a structured task in hour one, not day eleven

Why the disease has a name now

Once a failure mode has a name, it gets hunted instead of explained away. RUFLO-ORCHESTRATION-LOOP-NOT-CLOSED was the chronic version of a problem we used to call "Ruflo flakiness." Naming it surfaces it. The five shields are the operational answer; the name is the cultural one. From this section forward, any time a Ruflo wave closes without findings landing, the CC says the name out loud and triggers the gate.

Section 09 · carry-forward

📋 Open Questions + Next Install Steps

Honest status. What is shipped, what is staged, what is gated. Same discipline we apply to the Sprint blocks in the action ledger.

live

Our side, Sprint 35

14 Ruflo task records this session, 6/6 Tier-1 valid JSON, 5/5 Wave-1 ops shipped + verified, pipeline drift zero.

Source: ledger Sprint 35
live

G7 unified_state + G21 m_registry

Deployed 2026-05-25 to brain.iexdg.com. GET /api/v1/unified_state returns 10-source rollup, POST /api/v1/m_check returns clean.

Source: W1C verification
staged

Her Mac CC Ruflo install

4-step runbook above. Pending her run of the npm install + the Claude Desktop config wire-up. Same pattern that worked for IEXDG MCP install.

Owner: her, with our paste-run support
gated

Her Mac CC join the cc bus

The cc_status entry drdnicole-mac-cc is currently the VM self-pinging via auto-launchd, not her real Mac. 10 days no action on the one-line install email. Decide: third ask, server-side polling fallback, or accept and redesign.

Carry-forward: Sprint 35
gated

Visual-governance gate calibration

12 attachments she sent post-May15 still UNVERIFIED in reference_intake_watcher.py. Two unlock options: verify the 12 first, or bootstrap YES board from named benchmarks.

Carry-forward: Sprint 33.5 backfilled
planned

M20 Drive sync

Built, staged, undeployed. Gated on her sharing Drive folder 1zvXph4XJspYOl7DxbYyz1MEerNPy-BV6 with the token account.

Owner: her share action

The one decision that unlocks the most

If she runs the 4-step Ruflo install on her Mac, the cross-CC bus goes live, the frustration-loop fix becomes operational, and the 11-day reconstruction we had to do for May-15 becomes a six-minute round-trip. That single install replaces three carry-forward items at once: her CC join the bus, the structured-feedback gap, and the prose-vs-tool-call diagnostic guardrail.

IEXDG x Dove Web Consulting · Ruflo Orchestration Reference v1.0 · 2026-05-26
Composability JSON discipline applied to two CCs, one contract.
Source: IEXDG_Complete_Action_Ledger.html Sprint 35 · iexdg_session_close_may25 · feedback_ruflo_composability_standing_directive · ruflo_runtime_reality_and_optimal_substrate_may15
Robert Dove · dovewebconsulting@gmail.com · 913-439-0166