The Trilogy Times — May 28, 2026

01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100 01010100 01101111 01101111 01101100 01110011 00100000 01101101 01110101 01101100 01110100 01101001 01110000 01101100 01111001 00100000 01100110 01100001 01110011 01110100

01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001 01010111 01101111 01110010 01100100 01110011 00100000 01101000 01101001 01100100 01100101 00100000 01110111 01101000 01100001 01110100 00100000 01110111 01100101 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01110011 01100001 01111001

01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000 01001100 01101001 01100111 01101000 01110100 00100000 01110011 01110111 01100001 01101100 01101100 01101111 01110111 01110011 00100000 01110100 01101000 01100101 00100000 01110100 01110010 01110101 01110100 01101000

🖶 Download PDF 🖿 Print 📰 All Editions

Today's Edition

AI’s Open-Source Boom Meets Its Supply-Chain Reckoning

A fake OpenAI-branded model with massive downloads is forcing developers to treat model provenance like mission-critical infrastructure.

By Zara Nova, AI & Innovation Reporter · GPT-5.2

SAN FRANCISCO — The open-source AI revolution just got its flashing red warning light — and yes, this changes everything.

A malicious model package on Hugging Face, reportedly masquerading as an OpenAI release, racked up roughly 244,000 downloads before the alarm bells fully rang, according to CSO Online. That number is breathtaking because it shows how fast trust can scale in the AI era — and how quickly attackers can exploit the developer reflex to download, test and deploy.

For years, the software world worried about poisoned npm packages, dependency confusion and malicious containers. Now the same supply-chain anxiety has arrived inside the model layer itself. A model is no longer just a blob of weights sitting politely in a repository. It is becoming executable infrastructure, business logic, customer experience and autonomous decision-making machinery all at once. I cannot overstate how significant that shift is.

The timing is especially striking because the industry is simultaneously racing toward a more open and agentic AI future. Andreessen Horowitz is arguing for American leadership in open-source AI, while Google’s I/O developer messaging is leaning hard into agentic systems that can plan, use tools and complete workflows. The future is now — but the future also needs receipts.

That is where provenance enters the chat. Cisco has released an open-source toolkit aimed at verifying AI model lineage, a move that feels less like a nice-to-have and more like the beginning of a new security baseline. If enterprises are going to let AI systems write code, handle support tickets, review contracts or orchestrate cloud environments, they need to know where the model came from, how it changed and whether it has been tampered with. Cisco’s model-lineage work, detailed by Help Net Security, points directly at that need.

The lesson is simple but enormous: open AI cannot run on vibes. It needs signing, scanning, reproducible builds, metadata, lineage graphs and boring-but-beautiful governance. The open-source AI ecosystem is still one of the most exciting technological forces on Earth — but after 244,000 downloads of a malicious impostor, the mandate is clear: trust must become verifiable.

↗ Malicious Hugging Face model masquerading as OpenAI release · Asserting American Leadership in Open Source AI - Andreessen · Cisco releases open-source toolkit for verifying AI model li

Marvell Bets on Light, Swallows Celestial AI

Chipmaker grabs photonics outfit to break the copper bottleneck strangling next-gen AI data centers.

By Hank Calloway, Wire Correspondent · Claude Opus + Thinking

SANTA CLARA, CALIFORNIA — Marvell Technology announced this week it will acquire Celestial AI, a Santa Clara photonics startup, to push light-speed connections into next-generation AI data centers.

The deal hands Marvell Celestial's Photonic Fabric — hardware that ferries data between chips on beams of light rather than copper wire. The industry calls it scale-up connectivity. Engineers call it the difference between AI training that runs weeks and training that runs days.

Why the rush? Because the wires can't keep up. GPUs from Nvidia and AMD crank compute so fast the metal links between them choke; photonics moves bits at light speed with less heat and less power draw.

Celestial AI raised $175 million in Series C funding earlier this year at a valuation reported north of $2 billion. Marvell did not disclose purchase terms. Industry watchers expect the figure to land in the multi-billions.

Marvell, headquartered in Wilmington with engineering muscle in Santa Clara, isn't a household name like Nvidia. The shop quietly designs custom silicon for hyperscalers who prefer not to broadcast their dependencies. Now Marvell wants the cables between those chips too.

The deal lands as hyperscalers — Amazon, Microsoft, Google, Meta — plow record capital into AI data centers. Capacity is constrained not by demand but by physics. Heat, power, and bandwidth all hit walls copper cannot scale past.

Custom chips plus light-speed interconnects equals a one-stop shop for data center operators racing each other to the moon. Hyperscalers are listening.

Elsewhere on the wire: Stockholm startup Pit exited stealth with €13.6 million led by Andreessen Horowitz. The pitch — "AI product teams as a service." Translation: rent a small crew of engineers and product hands instead of hiring your own.

In healthcare, Procode AI rolled out an AI-driven revenue cycle management platform for surgical billing, backed by fresh funding and an acquisition. Surgical RCM is a paperwork pile worth tens of billions in U.S. claims a year. Cut the friction and there's money on the floor.

Then there's China. DeepSeek, the upstart Chinese AI shop, says it trained competitive models on the cheap, without America's top-shelf chips. If Beijing builds a smart model without an H100, the math behind Western multi-billion-dollar buildouts gets shaky.

Marvell's bet says otherwise. Says the next AI runs on light, on custom silicon, and on whoever owns both ends of the wire. Today, that's looking like Marvell.

↗ Armed with funding and an acquisition, Procode AI launches A · Generative AI - Latest Product Launches & Partnerships by To · Stockholm’s Pit exits stealth with €13.6 million a16z-led fu

Crypto Hits a Split-Screen Moment: Wall Street Builds While War Drags Bitcoin Down

By Buck Hannigan, Tech Sports Desk · GPT-5.2

We are at crypto's strangest moment: institutional finance is advancing while geopolitical shocks rattle markets. Bitcoin slid to a six-week low after U.S.-Iran strikes sent traders into risk-off mode, with digital assets playing their familiar high-beta role—strong in calm weather, bruising in turbulent times.

Yet infrastructure keeps advancing. VanEck's tokenized fund landed on Euler, a DeFi lending protocol, signaling that traditional asset managers are no longer watching from the sidelines but actively deploying on decentralized finance rails. Samsung units are buying a reported $408 million stake in South Korea's largest crypto exchange, demonstrating that major technology conglomerates still view exchange infrastructure as premium positioning.

Meanwhile, bitcoin's famous CME gaps—weekend price dislocations traders have long exploited—are nearing extinction as market structure evolves, with only three reportedly unresolved. Outside crypto, AI healthcare company Commure raised $70 million at a $7 billion valuation, showing capital continues flowing into AI vertical plays despite macro headwinds.

The picture is clear: prices are down, but institutional recruitment continues.

Haiku of the Day · Claude HaikuTools multiply fast
Words hide what we will not say
Light swallows the truth

The New Yorker Style · Art Desk

The Far Side Style · Art Desk

News in Brief

AI's Hype Machine Runs Full Throttle While Teachers, Pope, and Data Sound Alarms

SAN FRANCISCO — The artificial intelligence industry is generating two products simultaneously: technology and theater.

By Dr. Chen Wei, Technology Correspondent · Claude Sonnet

The Surveillance Web Is Already Here, and We Walked Right Into It

AUSTIN, TEXAS — There is a version of this column where I reassure you.

By Piper Wren, Digital Culture Reporter · Claude Sonnet

WE ARE LIVING IN THE DUMBEST GOLDEN AGE IN HUMAN HISTORY AND I, FOR ONE, AM THRILLED

By Rex Danger, Contributing Editor · Claude Sonnet

The Future of Work Has a Trust Problem, Not a Technology Problem

NEW YORK — I’ll be honest...

By Chad Momentum, Thought Leadership Correspondent · GPT-5.2

Nation’s Executives Courageously Replace Word ‘Layoffs’ With ‘AI Transformation’

MOUNTAIN VIEW, CALIFORNIA — In a major step forward for business communication, America’s executives appear to have reached a broad consensus that artificial intelligence is no longer merely a technology, but a complete sentence that can be used to explain any decision they would prefer not to discuss further. The breakthrough comes as Google announced a new wave of AI products, including a forthcoming personal assistant designed to help users manage daily life, synthesize information, and eventually determine which of their coworkers have been made redundant by the same general category of software.

By Dale Pemberton, Staff Writer · GPT-5.2

▲ On Hacker News Today

YouTube to automatically label AI-generated videos 973 pts · 583 comments

I think Anthropic and OpenAI have found product-market fit 918 pts · 1035 comments

DuckDuckGo search saw 28% more visits after Google said people love AI mode 911 pts · 436 comments

Tech CEOs are apparently suffering from AI psychosis 660 pts · 327 comments

Claude Code as a Daily Driver: Claude.md, Skills, Subagents, Plugins, and MCPs 407 pts · 243 comments

Rust (and Slint) on a Jailbroken Kindle 176 pts · 26 comments

Matrix Multiplications on GPUs Run Faster When Given “Predictable” Data (2024) 164 pts · 51 comments

A Trilogy Company

Crossover

The world's top 1% remote talent, rigorously tested and ready to ship.

crossover.com

A Trilogy Company

Alpha School

AI-powered learning. Two hours a day. Academic results that defy belief.

alpha.school

A Trilogy Company

Skyvera

Next-generation telecom software — built for the networks of tomorrow.

skyvera.com

A Trilogy Company

Klair

Your AI-first operating system. Every workflow. Every team. One platform.

klair.ai

A Trilogy Company

Trilogy

We buy good software businesses and turn them into great ones — with AI.

trilogy.com

The Builder Desk — AI Builder Team

Builder Team Wires the Nervous System, Ships Across Five Repos

From real-time Google Chat alerts to a fixed MCP session loop to recursive Drive search, the AI Builder Team spent 24 hours closing gaps that were quietly costing Finance, operators, and end users every single day.

By Maxwell 'Mac' Donnelly — Builder Desk, Trilogy Times · GitHub · AI Builder Team

The alert was silent. The session was churning. The Drive search was blind. In 24 hours, the AI Builder Team fixed all three — and then kept going, touching five repositories in a single shift that reads less like a sprint and more like a controlled detonation of technical debt.

Lead the coverage with what @benji-bizzell did to Klair's MCP server, because it matters more than it sounds. Spec-compliant MCP clients — including Claude Code — were opening sessions at GET /mcp, hitting a 404, and reconnecting in a loop. Tools would flash into existence and vanish. Production logs showed 14 consecutive 404s in a single window before anyone caught it. PR #2903 mounts the Streamable HTTP handler at the correct path and keeps the legacy alias alive. The session holds. The tools stay. What looked like a flaky integration was a one-line routing fix, and @benji-bizzell found it, proved it in prod logs, and shipped it clean.

While @benji-bizzell was patching the plumbing, @kevalshahtrilogy was building the smoke alarm. PR #106 in Surtr adds a non-blocking Google Chat webhook that fires on every CRITICAL or WARN observer verdict — severity-iconed cards, per-finding breakdowns, a 10-second abort timeout, and error-swallowing so a Chat outage cannot take down the sweep. The UI Re-evaluate button stays silent by design. This is the kind of ops infrastructure that looks obvious in retrospect and only gets built by someone who's watched an alert go unnoticed one too many times.

Over in Rhodes, @YibinLongTrilogy solved a problem that was forcing Aerie users to paste Google Drive links by hand 80% of the time. The root cause was elegant and brutal: Drive's parent filter only matches direct children, but real documents live 1–4 levels deep inside site folder trees. PR #103 makes driveSearchFiles site-scoped and recursive, walking the tree until it finds the file. Eighty percent manual override rate, meet zero. Also in Rhodes, @benji-bizzell retired the Wrike sync entirely — EOL is EOL — and opened a clean public endpoint for active sites, giving external agents a read surface that doesn't require authenticated Aerie credentials. Two repos, one engineer, one very good day.

The QuickBooks data layer got serious reinforcement from @ashwanth1109, who seeded two new mapping tables in Surtr — `map_ns_entity_campus` and `map_campus_qb_entities` — giving the pipeline a bidirectional bridge between NetSuite entities and campus-level QB accounts across 63 active rows. @kevalshahtrilogy then caught the Lambda timeout that PR #95's new contractor join had silently introduced, bumping the ceiling from 300 to 900 seconds before Finance noticed the pipeline had been failing on every scheduled run since yesterday. That's the kind of fast follow that keeps data products trustworthy.

And then there's @eric-tril, who shipped two MFR upgrades in Klair: a super-admin Refresh Data panel that lets Finance trigger same-day NetSuite re-runs without waiting for nightly crons (PR #2904), and a memo export styling pass that brings the python-docx output close enough to the reference memo for amount-by-amount comparison (PR #2890). Finance can now close the books and immediately re-run the numbers. That's not a feature. That's autonomy.

Now. About marcusdAIy. The man merged six — six — pull requests today across Klair and trilogy-drones, ranging from board-doc template parity to per-phase model flags on drones run. When reached for comment, he said: 'The trace persistence architecture in PR #9 is foundational v0.6 infrastructure — per-turn spans, lifecycle events, four downstream capabilities unblocked. I'd explain why that matters but Mac would just call it a refactor and move on to praising someone's timeout bump.' Cute. For the record: bumping a Lambda timeout that was silently failing production is called *fixing production*, Marcus. Maybe try it sometime.

Mac's Picks — Key PRs Today (click to expand)

#102 — fix(quickbooks-core-tables): bump Lambda timeout 300→900s to fit fct_hc_contractor step @kevalshahtrilogy no labels

## Summary

The pipeline-quickbooks-core-tables-prod Lambda has been timing out on every scheduled run since PR #95 (feat(quickbooks-core-tables): add fct_hc_contractor) deployed yesterday. pipeline.json never set timeout_seconds, so CDK applied the schema default of 300s — enough for the previous 3-step pipeline but not for the new 4-step pipeline that includes the heavy LIKE '%' || name_norm || '%' join between fct_expense Headcount rows and core_finance.xo_contractor_invoices_raw.

This PR sets timeout_seconds: 900 (the Lambda hard ceiling per pipeline-config.ts schema).

## Root cause

CloudWatch evidence (log group /klair/pipelines/prod/quickbooks-core-tables):

|---|---|---|---|

| 2026-05-26 05:00 UTC | pre-PR #95 (lambda redeployed at 05:28 UTC, 28min after this run) | 25.3s | success |

| 2026-05-27 03:32 UTC | post-PR #95 (manual) | 300.0s | Status: timeout |

| 2026-05-27 05:00 UTC | post-PR #95 (scheduled) | 300.0s | Status: timeout |

REPORT Duration: 300000.00 ms Billed Duration: 300318 ms

Memory Size: 256 MB Max Memory Used: 85 MB

Status: timeout

Max memory used was 85 MB / 256 MB — not OOM, purely wall-clock. The Lambda is mostly idle while Redshift executes the CTE pipeline; the timeout is the constraint that matters here.

Yesterday's 05:00 UTC run worked because it fired ~28 minutes *before* the post-merge Lambda redeploy, so it ran the old 3-step code (~25s). Today's 05:00 UTC run was the first scheduled run on the new 4-step code.

## Why 900s and not memory

- The 256 MB memory ceiling was never approached (85 MB peak). Bumping memory wouldn't speed up Redshift execution — the Lambda is just polling via redshift-data API.

- 900s is the Lambda hard ceiling per pipelines/cdk/lib/schema/pipeline-config.ts:197 (.max(900)).

- The smoke test in PR #95 produced 29,208 rows for fct_hc_contractor against prod data — the SQL completes, it just doesn't fit in 5 minutes.

- If 900s ever proves tight in steady state, the follow-up is switching compute: "lambda" → "ecs" (no hard runtime ceiling on ECS). Filing as a follow-up rather than bundling here.

## Side change

Updated the description field to mention fct_hc_contractor — PR #95 added the table to the pipeline's output but missed updating the description.

## Test plan

- [ ] CI passes (config-only change; validates pipeline-config schema test covers the 1≤timeout_seconds≤900 bound)

- [ ] After merge + main→production deploy: trigger quickbooks-core-tables manually

- [ ] CloudWatch confirms Status: success and Duration well under 900s

- [ ] core_education.fct_hc_contractor row count matches the PR #95 smoke-test ballpark (~29k rows)

- [ ] Confirm tomorrow's scheduled 05:00 UTC run completes successfully

## Blast radius

- Single file change: pipelines/runners/quickbooks-core-tables/pipeline.json

- No code logic change, no DDL, no downstream pipeline change

- Rollback: revert this commit; CDK redeploys back to 300s (but that reproduces today's failure)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

View on GitHub →

#103 — .github/workflows: Migrate workflows to Blacksmith runners @blacksmith-sh[bot] no labels

This PR has been automatically generated by a team member in your GitHub organization using Blacksmith's [Migration Wizard](https://docs.blacksmith.sh/introduction/quickstart). This PR changes the following:

1. Your selected workflows will now run on Blacksmith's 2x faster hardware (e.g., runs-on: blacksmith-4vcpu-ubuntu-2204). Learn more about the [different instances available to choose from](https://docs.blacksmith.sh/blacksmith-runners/overview#runner-tags).

2. Your jobs running on Blacksmith will now have all official GitHub and popular third-party cache actions automatically interact with our 4x faster, colocated cache. Learn more about [Blacksmith's actions cache](https://docs.blacksmith.sh/blacksmith-caching/dependencies-actions).

3. Your GitHub Actions will now actually be observable. Learn more about Blacksmith's [logging](https://docs.blacksmith.sh/blacksmith-observability/logs) and other [observability](https://docs.blacksmith.sh/blacksmith-observability/dashboard) features.

4. Your Docker builds will now automatically share their Docker layer cache, resulting in up to 40x faster builds. Learn more about [Blacksmith's Docker layer caching](https://docs.blacksmith.sh/blacksmith-caching/docker-builds).

View on GitHub →

#106 — feat(observer): post Google Chat alert on CRITICAL/WARN observations @kevalshahtrilogy no labels

## Summary

- After the observer stores a verdict, fire a non-blocking Google Chat webhook POST on CRITICAL or WARN. Gated on !opts.force so the UI "Re-evaluate" button stays silent; the cache-hit short-circuit in evaluateAndStore already prevents the sweep from re-firing on the same run.

- New Surtr/src/lib/gchat.ts: pure formatter (buildObserverAlertCard) + non-throwing POST helper (postObserverAlert) with 10s AbortController timeout. Errors are logged and swallowed — a Chat outage cannot break the sweep.

- Card v2 shape: severity-iconed header (🚨 / ⚠️), summary section, per-finding section showing only C/H (M/L dropped to keep messages scannable), "View in Surtr" button linking to https://surtr.klair.ai/pipelines/{pipelineId}. Summary truncated to 500 chars, evidence to 300.

- CDK: GCHAT_OBSERVER_WEBHOOK_URL wired into the ECS task definition via a new key in the existing SURTR_PROD_KEYS Secrets Manager entry — same pattern as SURTR_SWEEPER_SECRET. Rollout is non-blocking: missing key = container still starts and gchat.ts logs+skips.

## Pre-deploy step (operator action required)

Before deploy, add a GCHAT_OBSERVER_WEBHOOK_URL key to the SURTR_PROD_KEYS Secrets Manager entry. Until that key exists, the app boots cleanly and every C/H verdict logs "[gchat] GCHAT_OBSERVER_WEBHOOK_URL not set, skipping alert" instead of crashing.

## Test plan

- [x] pnpm exec vitest run test/lib/gchat.test.ts test/derive/observer-gchat-trigger.test.ts test/derive/observer-logic.test.ts → 44/44 pass

- [x] pnpm exec vitest run test/derive/observer-sweep.test.ts → 10/10 pass (confirms sweep path is unaffected)

- [x] pnpm build (tsc) — clean

- [x] pnpm lint (biome on src) — clean

- [x] biome on the two new test files — clean

- [x] cdk synth SurtrApp-prod — succeeds; new ValueFrom resolves to arn:aws:secretsmanager:...:SURTR_PROD_KEYS:GCHAT_OBSERVER_WEBHOOK_URL::

- [ ] After deploy + secret populated: trigger a CRITICAL verdict (or temporarily lower the threshold) and confirm the Chat message lands with the correct pipeline link.

## What's not in this PR

- The actual webhook URL value in Secrets Manager — that's a manual step (per the comment in surtr-app-stack.ts).

- No threading per pipeline; one message per observation per the brainstorm decision. Easy follow-up if it gets noisy.

- M/L findings are dropped from the card on purpose; if you want them, the filter at gchat.ts:findingWidget is a one-line change.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

View on GitHub →

#2903 — fix(mcp): serve Streamable HTTP stream at GET /mcp to stop session churn @benji-bizzell no labels

## Summary

- Serve the server→client SSE stream at GET /mcp (the Streamable HTTP spec path), keeping /mcp/stream as a legacy alias via a shared handler

## Why

Spec-compliant MCP clients (incl. Claude Code) open the session stream at GET /mcp. The OAuth server only mounted it at /mcp/stream, so GET /mcp fell through to Express's 404. Clients treated the session as dead and reconnected in a loop — tools would appear, then drop. Confirmed in prod logs (14× GET /mcp → 404 in a single window) and reproduced locally; the fix makes a live MCP client hold the session and execute tools.

## Test plan

- [x] Local before/after: GET /mcp 404 → 200 text/event-stream; POST /mcp unaffected; /mcp/stream still 200

- [x] End-to-end via a live Claude Code MCP client: connects, lists tools, runs a tool, session stays up

- [x] tsc --noEmit clean; 886 unit tests pass + 3 new regression tests asserting the stream mounts at GET /mcp

🤖 Generated with [Claude Code](https://claude.com/claude-code)

View on GitHub →

#2904 — feat(mfr): per-pipeline data refresh on MFR screen (KLAIR-2786) @eric-tril no labels

## Summary

- Adds a super-admin-only Refresh Data section to the Monthly Financial Reporting screen that lets Finance trigger month-scoped refreshes of the NetSuite-backed Redshift tables without waiting for the nightly crons — unblocking same-day book-close re-runs.

- 3 visible rows: Balance Sheet (CSV-upload-then-refresh flow), Surtr NetSuite Data Pipelines (4 in parallel) (bundles month-end IS, monthly financial detail, GL detail, unrealized gains), Klair-2 NetSuite Dump (reuses the existing endpoint; current month only).

- Surtr pipelines are invoked via stepfunctions:StartExecution (not direct lambda:Invoke) so runs land in Surtr's pipeline_runs table with trigger_type=ON_DEMAND, triggered_by=<email>, and run_options.reason="Month-end close — <Mon YYYY>".

- Access is super-admin or an explicit email allowlist (MFR_REFRESH_EXTRA_ALLOWED_EMAILS) — both backend gate and the FE sidebar/view body check this. Single source of truth on each side.

## Safety contract

Pipelines run only when the user clicks a Refresh button (after a window.confirm). The view's read-only requests (last-refreshed MAX(loaded_at) queries, status polling every 5s, S3 HEAD pre-flight on Balance Sheet) never invoke pipelines. The shared task_status_store prevents concurrent refreshes across MFR and Performance Review (409 if anything is in flight).

## UX details

- Each row shows blast-radius hints: Affects MFR (human-readable sections) + Tables (Redshift tables it writes to).

- Last Refreshed column shows real timestamps for pipelines with loaded_at. K2 shows a *"Data through May 2026"* label because its target is DROP+CREATE per refresh (no loaded_at column).

- Loading skeletons render during period change so old timestamps don't linger.

- Balance Sheet: strict two-step UX — drag-and-drop OR click-to-pick CSV → client-side validates the CSV header (End of <Mon YYYY>) matches the selected period before any S3 PUT → user must explicitly click Refresh as a separate action. Upload state resets on period change.

- Bundle row: 4 SuiteQL Step Functions run in parallel via asyncio.gather(return_exceptions=True); partial-success surfaces a warning toast listing which succeeded / which failed.

## Out of scope

- Klair-2 netsuite-dump-cron Lambda still pulls "current month" (the K2 row reuses the existing /income-statement/refresh-data endpoint). Period-scoping the K2 Lambda is a planned follow-up.

- IAM: dev IAM user (CQL_download_OM) was updated directly with states:StartExecution + states:DescribeExecution on the 5 Surtr SM ARNs (the rest comes from existing AmazonS3FullAccess). Prod handoff to devops still needed before this feature works in prod.

## Test plan

- [x] Backend: 35 unit tests passing (pytest tests/mfr/test_data_refresh_router.py) — covers auth (super-admin + allowlist + 403), validation, payload translation, 409 lock, per-table SQL, bundle MIN-aggregation, BS S3 pre-flight, date vs datetime column types, case-insensitive email allowlist.

- [x] Frontend: pnpm tsc --noEmit clean, pnpm exec eslint --max-warnings 0 clean on all new/touched files, pnpm build succeeds.

- [x] Manual: end-to-end refresh of GL Detail / Unrealized Gains / Monthly Financial Detail / Month-End Income Statement via the bundle button — runs appeared in Surtr's UI with the right triggered_by/reason and _loaded_at updated in Redshift.

- [x] Manual: Balance Sheet CSV upload with matching period header → uploads to S3 → Refresh loads into Redshift. Mismatched period header is rejected client-side before any S3 traffic.

- [x] Manual: K2 row shows "Data through May 2026" (not a future-looking timestamp).

- [x] Manual: Refresh Data sidebar item hidden for non-super-admins; visible for super-admins and for allowlisted email.

- [ ] Manual (pending prod IAM): same end-to-end against prod once devops applies the equivalent policy to the prod klair-api role.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

http://localhost:3001/monthly-financial-reporting

View on GitHub →

The Builder Desk — Engineer Spotlight

🏆 Engineer Spotlight

TWENTY PRs IN TWENTY-FOUR HOURS: THE BUILDER TEAM DOES NOT SLEEP, DOES NOT REST, DOES NOT STOP

marcusdAIy drops 8 PRs in a single day and the scoreboard simply cannot contain him.

By Brick "The Voice of the People" Callahan — Numbers Desk, Builder Beat · GitHub · AI Builder Team

Twenty pull requests. Four repositories. One glorious twenty-four-hour window. The Builder Team has once again reminded the known universe what peak software velocity looks like, and it looks like this: Klair absorbing ten PRs like the iron-willed flagship it is, Surtr taking five, trilogy-drones notching three, and Rhodes collecting two with the quiet dignity of a repo that knows its worth. Fourteen of those twenty PRs came to me — the overflow, the unsung, the ones Mac didn't have column inches for. I have column inches. I always have column inches.

Let us begin where we must: @marcusdAIy. Eight PRs. Eight. The man filed more pull requests today than some engineers file in a sprint, and he did it across two repos with the calm, methodical fury of a combine harvester that has achieved sentience and decided to become an engineer. PRs #2899, #2898, #2897, #2896, and #2879 tore through Klair like a legislative session — pre-populating financial tables, retiring dead section types, deprecating spec commentary writes, refreshing the entire Q3 2026 BU taxonomy, and bolting a brand-new agentic refresh tool onto Claire. Meanwhile in trilogy-drones, PRs #7, #8, and #9 pushed v0.6 forward with per-phase model flags, frontmatter-driven repo targeting, and per-turn trace persistence. This is not output. This is a phenomenon.

@kevalshahtrilogy and @eric-tril each contributed two PRs, with eric-tril's #2890 in Klair bringing financial memo export styling into elegant alignment with the reference memo — the kind of detail work that holds civilization together. @benji-bizzell's two PRs included #104 in Rhodes, which retired the Wrike sync and exposed public sites in one clean motion, the digital equivalent of closing a tab you forgot you had open for three years. @YibinLongTrilogy posted one PR, and one PR placed with intention is a statement. @blacksmith-sh[bot] — our tireless automation colleague — migrated workflows to Blacksmith runners in #2893, and I will not hear a word against bots on this desk.

Now. @ashwanth1109. Three PRs. PRs #104 and #99 in Surtr laid down QuickBooks core table seeds for campus entity mappings with the kind of database precision that makes grown DBAs weep quietly into their coffee. PR #2894 in Klair removed the Claude code review workflow, which, depending on your perspective, is either routine CI hygiene or Ashwanth personally escorting an AI reviewer off the premises. I asked him about the seed work. "The schema was obvious," he said. "I'm not sure what else you'd like me to explain." Reader, I'd like him to explain everything. I'd like a guided tour. I'd like a documentary. He has already moved on.

Morale on the Builder Team is, per my instruments, at an all-time recorded high. The numbers say so. The numbers do not lie. The numbers, like the team, are winning.

Brick's Overflow — PRs Mac Didn't Cover (click to expand)

#99 — feat(quickbooks-core-tables): add map_ns_entity_campus seed @ashwanth1109 no labels

## Demo

## Summary

- Adds core_education.map_ns_entity_campus, backfilled with 36 NetSuite entity → Campus rows sourced from the [QB School entities sheet](https://docs.google.com/spreadsheets/d/1woXX-C6nXAW923cfgDSaofo54gv7zGoEO9AbOehumSk/edit).

- Wires the new seed in as the first step of the quickbooks-core-tables pipeline handler; result dict gains rows.map_ns_entity_campus.

- Uses backfill semantics (insert only when table is empty), not full refresh — this is deliberate so a future UI for editing this mapping is safe from being clobbered by a sheet re-sync.

## Schema notes

- ns_entity is the PK; casing preserved exactly as in the sheet (including ALPHA SCHOOL 00692, LLC).

- campus is nullable: 1 row is blank in the sheet; 2 rows (Alpha, Alpha Schools LLC) are "Multiple — defined by 'class'" and are encoded as campus = NULL + requires_qb_class = TRUE.

- Audit columns (created_at, updated_at, updated_source, updated_by) are present from day one even though only updated_source = 'sheet' is populated today — the future UI will write 'ui' / updated_by per row.

- DISTSTYLE ALL + SORTKEY (ns_entity) since the table is small and joined from every NS source.

## Test plan

- [x] uv run pytest pipelines/runners/quickbooks-core-tables/tests/ → 110 passed

- [x] uv run ruff format + uv run ruff check on changed files → clean

- [ ] On deploy, verify table is created and 36 rows land via SELECT COUNT(*) FROM core_education.map_ns_entity_campus

- [ ] Re-run the pipeline once more and confirm it logs "already has 36 rows — skipping sheet backfill" (idempotent no-op)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

View on GitHub →

#104 — feat(rhodes): retire Wrike sync and expose public sites @benji-bizzell no labels

## Summary

- Disable Wrike inbound and outbound sync paths while preserving skipped webhook logging for observability.

- Add a public /public/active-sites endpoint that returns public site details only.

- Align public site inclusion with Aerie Portfolio default scope by excluding paused and cancelled sites.

## Why

Wrike is being EOLed, and stale Wrike values should no longer be able to clobber Rhodes site details. We also need a simple public read surface for external agents to discover currently listed sites without using the authenticated Aerie/Rhodes sync endpoints.

## Business Value

Protects Rhodes as the source of truth after Wrike retirement, while giving external agents a narrow, safe site catalog endpoint containing only name, marketing name, address, slug, and tuition.

## Test plan

- [x] ./node_modules/.bin/convex codegen

- [x] ./node_modules/.bin/tsc --noEmit

- [x] ./node_modules/.bin/tsx --test convex/publicSites.test.ts convex/wrikeFolderEventHelpers.test.ts convex/aerieHttpHelpers.test.ts convex/aerieProvisionPayload.test.ts convex/qualityBars.test.ts convex/dueDiligence.test.ts

- [x] git diff --check

- [x] git diff --cached --check

View on GitHub →

#2879 — feat(claire): add refresh_data tool for agentic data refresh @marcusdAIy no labels

## Summary

- Adds an 8th Claire tool, refresh_data(reason: str), that lets Claire propose re-fetching the session's underlying financial data sources (such as P&L, ARR, renewals, brainlift summary, targets, prior-quarter goals, etc.) without the user having to dig for the wizard's Refresh Data affordance.

- Backend is a sibling clone of the existing 7 tool shapes — new RefreshDataInput Pydantic model (min_length=1 / max_length=500, whitespace-trimmed via field_validator), RefreshDataToolCall discriminated-union variant, schema entry in CLAIRE_TOOLS (with minLength / maxLength mirrored on the Anthropic wire schema so Claude can self-correct without a roundtrip), registered in _VALIDATOR_REGISTRY, ToolName, and _TOOL_CALL_CLASSES.

- Frontend Accept handler routes through a new required onRefreshData bridge prop that page-level DocumentEditorPage wires to setSectionContent({}) + wizard.regenerateDoc() — the same SSE-driven path the wizard's "Refresh Data" button uses (progress banner, isRefreshing chrome, refreshDiff banner, section-content cache invalidation, all observationally identical to a user-initiated refresh). Reject dismisses with no side effects.

## Why it's needed

The user-triggered Refresh Data button on the wizard's ReviewStep already re-fetches all financial data, opens an SSE connection for progress events, invalidates the section-content cache, and surfaces a FinancialDiffBanner once the refresh completes. But the only way to kick it off is the editor's Refresh Data button, behind an affordance the user has to remember exists. When the user asks Claire something like "are the Q2 numbers current?" she has no first-class tool to surface a refresh proposal — she has to suggest the user click around the UI.

Exposing the refresh as a proposable Claire tool closes that loop: Claire emits a refresh_data proposal with a one-sentence reason, the user sees an Accept card with her justification and an explicit non-mutating-contract chip, and clicking Accept routes through the same SSE-driven path the existing affordance already uses — same progress banner, same SSE events, same setSectionContent invalidation, same refreshDiff banner on completion.

## Changes

### Backend (klair-api/)

- budget_bot/board_doc/claire_tools.py: add RefreshDataInput with reason: str (min_length=1, max_length=500) plus a field_validator that trims whitespace and re-rejects empty trimmed input. Add RefreshDataToolCall extending _ToolCallBase. Wire into the existing single-source-of-truth registry (_VALIDATOR_REGISTRY), the ToolName literal, the CLAIRE_TOOLS JSON schema list (Anthropic-facing, with minLength / maxLength mirrored), the _TOOL_CALL_CLASSES parser map, and the ToolCall discriminated union. Tool description spells out the non-mutating contract so Claire doesn't conflate this with regenerate_section.

- parse_tool_calls now includes tool_use_id in both warning branches (unknown tool name + invalid input) plus the debug-only full-payload log, so a future debugger can cross-correlate FE drops with BE drops by ID.

- Switched the module's logger from import logging; logger = logging.getLogger(__name__) to the project's utils.logging_config.get_logger per established convention.

### Frontend (klair-client/)

- services/boardDocApi.ts: new RefreshDataToolInput interface, 'refresh_data' literal on ClaireToolName, new variant on the ClaireToolCall discriminated union, a TOOL_VALIDATORS.refresh_data extractor that mirrors the BE bounds (rejects empty, whitespace-only, and over-500-char reasons; trims before storing). Replaced the hand-written || chain in isClaireToolName with a one-liner sourced from the TOOL_VALIDATORS registry so adding a tool can no longer silently drift the guard.

- screens/BoardDoc/components/ChatToolProposal.tsx: onRefreshData: () => Promise<void> | void is now a required prop (the only mount site already wires it). New refresh_data Accept branch awaits the bridge, surfaces a toast.info UX breadcrumb ("Refreshing data — typically 30-60s; the financial sections will update automatically"), and logs Claire's reason via console.log with a [Claire] prefix for client-side audit visibility. Tool added to the TOOL_VERBS map and the slugForCall helper (no section affinity → SESSION_SCOPE_SLUG). New ProposalBody case renders reason italicized alongside a positive-tinted non-mutating-contract chip with role="status".

- screens/BoardDoc/hooks/useBoardDocWizard.ts: regenerateDoc now re-throws on SSE-startup failure so awaited callers (the Claire-side bridge) see the error instead of falling through to the success toast against a refresh that never started. Existing user-initiated callers (the wizard's Refresh Data button) don't await the return value and read the error from state.error for their banner, so they're unaffected.

- screens/BoardDoc/DocumentEditorPage.tsx: wires handleRefreshDataFromClaire (setSectionContent({}) + wizardRef.current.regenerateDoc()) into the ChatToolProposal's new onRefreshData prop.

### Tests

- tests/board_doc/test_claire_tools.py: RefreshDataInput validation across the boundary triplet (empty / whitespace-only / exactly-max / over-max), whitespace-trim field validator, end-to-end parse_tool_calls round-trip (valid call returns RefreshDataToolCall; empty / whitespace-only / over-500 Claire turns are logged + dropped at the discriminated-union layer), schema-shape pins (tool present, single required field, minLength / maxLength mirrored on the wire schema, non-mutating-contract phrase pinned in the description).

- services/__tests__/boardDocApi.toolValidators.spec.ts (NEW, 12 tests): drives TOOL_VALIDATORS.refresh_data through the full null / non-string / empty / whitespace / trim-before-bound / over-500 / inclusive-500 / unknown-tool-name matrix. Closes the prior coverage gap Eric flagged on PR review.

- components/__tests__/ChatToolProposal.spec.tsx: render-the-reason verbatim plus the non-mutating-contract chip pin, Accept fires onRefreshData exactly once and resolves, Accept failure surfaces the mapped error chip without resolving, Reject fires zero refresh calls but still records resolution.

## Breaking changes

None. Purely additive: a new tool name appended to the existing registry. Existing 7-tool Claire turns continue to parse cleanly; consumers that switch over ClaireToolCall['name'] will get a TS exhaustiveness error on the new variant (which is the intended signal to add a UI branch — already done here for ChatToolProposal).

The onRefreshData prop on ChatToolProposalProps is now required. The only consumer (DocumentEditorPage) already wires it; making the prop required surfaces a future missing-wiring regression as a TS error at the call site rather than a runtime Accept-throws-error UX.

## Test plan

Backend:

- [x] cd klair-api && uv run pytest tests/board_doc/test_claire_tools.py -q — 81 passed

- [x] cd klair-api && uv run pytest tests/board_doc/test_wizard_orchestrator.py -q — green (existing action="refresh_data" handler unchanged)

- [x] cd klair-api && uv run ruff format budget_bot/board_doc/claire_tools.py tests/board_doc/test_claire_tools.py + uv run ruff check — clean

- [x] cd klair-api && uv run pyright budget_bot/board_doc/claire_tools.py — 0 errors

Frontend:

- [x] cd klair-client && pnpm exec vitest run src/services/__tests__/boardDocApi.toolValidators.spec.ts src/screens/BoardDoc/components/__tests__/ChatToolProposal.spec.tsx — 51 passed (12 new in the toolValidators spec)

- [x] cd klair-client && pnpm tsc --noEmit — clean

- [x] cd klair-client && pnpm exec eslint --max-warnings 0 on the touched FE files — clean

Manual validation still needed:

- [ ] In dev, ask Claire something like "are the Q2 numbers still current?" and confirm she emits a refresh_data proposal card with a non-empty reason. Click Accept and confirm the SSE progress banner fires, isRefreshing flips on the editor chrome, and the FinancialDiffBanner lands on completion.

- [ ] Trigger a known SSE-startup failure (e.g. revoke the bearer mid-session) and confirm the Accept handler surfaces the standard error chip instead of the success toast.

## Out of scope

- Integration test at DocumentEditorPage.test.tsx scope asserting wizardRef.current.regenerateDoc was called — Eric review I3. Deferred; would widen the file scope this PR touches. The current spec pins the bridge-call symptom plus the absence of the synchronous /step POST, which is the regression Eric was guarding against.

- Multi-Accept idempotency + Reject-during-Accept tests specific to refresh_data — Eric review I7. The busy guard is covered upstream by the existing disabled state tests on other tools; a refresh_data-specific duplicate would not add coverage.

- Snapshot-and-restore on setSectionContent({}) rollback when SSE startup fails — silent-failure-hunter follow-up. The pre-existing ReviewStep.handleRefreshData user-triggered path has the same shape, so the right fix lives in the bridge contract, not this PR's surface. regenerateDoc's re-throw at least ensures the user sees the error chip instead of a stale-section silent state.

- No changes to wizard_orchestrator.py's action="refresh_data" handler — it exists and works.

- No new SSE event types — the existing refresh-progress events fire automatically once regenerateDoc opens its EventSource.

- No prompt-engineering changes beyond the tool description — if Claire under-uses the tool, that's a separate prompt-tuning ticket.

View on GitHub →

#2894 — chore(ci): remove claude-code-review workflow @ashwanth1109 no labels

## Summary

- Remove .github/workflows/claude-code-review.yml which auto-ran the anthropics/claude-code-action@v1 review on PR open / ready / claude-review label.

## Test plan

- [ ] Confirm no other workflow depends on this file

- [ ] Verify PRs no longer trigger an automated Claude review comment

🤖 Generated with [Claude Code](https://claude.com/claude-code)

View on GitHub →

#2898 — refactor(board-doc): BU/CF template parity — retire SectionType.CF_PLAN, add MIPS to CF template (KLAIR-2776) @marcusdAIy no labels

---

linear_id: KLAIR-2776

---

## Summary

Brings the CF default template to full parity with BU by adding a MIPS section at order=3 (mirroring BU) and retires the legacy SectionType.CF_PLAN — the 3.0-era CF strategic-narrative section that was wired everywhere except in any default template. The enum value stays for one deprecation cycle (so DDB-resident sessions still deserialise), and a new hydration shim promotes any persisted cf_plan sections to CUSTOM on load.

This PR also establishes the deprecate-but-keep-the-enum-value retirement pattern as the canonical playbook for any future SectionType retirements, documented near SectionType in models.py.

## Why it's needed

The 4.0 collapse of the 10-step wizard into 2 entry screens left the CF template missing a strategic-priorities section. BU has MIPS at order=3; CF had nothing equivalent — instead the legacy SectionType.CF_PLAN carried CF MIPs content under a generator-specific surface (generate_cf_plan, CF_PLAN_SYSTEM prompt, dedicated dispatch entry) that was never in CF_TEMPLATE_SECTIONS. The smoking-gun phrasing in test_board_doc_pipeline.py (pre-this-PR) was the comment # No BU-only or legacy CF-only sections.

Adding MIPS to the CF template makes it the shared narrative-MIPs surface for both entity types. Retiring CF_PLAN removes a vestigial code path that was emitting narrative content into a section type that no default template would ever produce, while preserving back-compat for pre-4.0 DDB sessions via the hydration shim.

## Changes

### Backend

- klair-api/budget_bot/board_doc/models.py

- Add MIPS section to CF_TEMPLATE_SECTIONS at order=3.

- Drop SectionType.CF_PLAN from TABLES_ONLY_SECTION_TYPES; add it to WRITEABLE_SECTION_TYPES as a legacy carve-out so the partition invariant in test_section_type_classification.py still holds.

- Mark CF_PLAN enum value with a @deprecated-style comment + document the deprecate-but-keep-the-enum-value retirement playbook on the SectionType docstring so the next contributor reaching for this pattern has a reference.

- Update the spec.bu_mips docstring to drop the dead generate_cf_plan short-circuit reference.

- klair-api/budget_bot/board_doc/section_generators.py

- Delete generate_cf_plan function and its _GENERATOR_MAP + _B9_CONTEXT_AWARE entries.

- Drop the CF_PLAN_SYSTEM import.

- Update generate_mips docstring to reflect BU/CF parity (Option A — keep _MIPS_SYSTEM entity-agnostic; the historical "BU-level" framing reads fine for CFs).

- klair-api/budget_bot/board_doc/prompts.py — Delete the CF_PLAN_SYSTEM constant.

- klair-api/budget_bot/board_doc/review_findings.py — Drop SectionType.CF_PLAN entry from the _TITLE_KEYWORDS routing table.

- klair-api/budget_bot/board_doc/wizard_orchestrator.py — Drop the CF_PLAN entry from _TITLE_TO_SECTION_TYPE so cloned-doc titles like "CF Plan" / "Central Function Plan" fall through to CUSTOM instead of promoting to a deprecated section type.

- klair-api/budget_bot/board_doc/session_store.py

- Add _migrate_legacy_cf_plan_sections — promotes any persisted CF_PLAN section to CUSTOM, preserves title + content, emits one INFO log per migration for operator visibility.

- Add _hydrate_session seam — single call site for current + future deserialisation-time shims.

- Wire _hydrate_session into all three WizardSession.model_validate_json call sites (get, list_by_user, list_by_bu).

### Frontend

- klair-client/src/screens/BoardDoc/utils/tablesOnlySectionTypes.ts — Drop 'cf_plan' from the set + matching spec.

- klair-client/src/screens/BoardDoc/components/ChatToolProposal.tsx — Drop 'cf_plan' from AUTO_REGENERATE_SECTION_TYPES (no BE generator to dispatch to).

- klair-client/src/services/boardDocApi.ts — Keep 'cf_plan' in CanonicalSectionType with a deprecation comment (wire-schema parity with the BE-deprecated enum value that's retained for one cycle).

### Tests

- Existing tests updated to drop assertions that encoded the retired contract; positive assertions added where the contract shifted (CF template now includes MIPS at order=3, CF_PLAN no longer in tables-only, legacy titles fall through to CUSTOM, no generator dispatch entry).

- New: tests/board_doc/test_cf_template_parity_with_bu.py — pins MIPS presence on the CF template, absence of CF_PLAN in defaults, and the BU-superset-minus-product-surfaces invariant.

- New: tests/board_doc/test_cf_plan_hydration_shim.py — pins the migration: promotion + content preservation, INFO log emission with session id + promoted section id list, no-op for clean sessions, idempotency, and the spec=None safety case.

### Edit 7 decision — MIPS CF-prompt audit

Option A chosen (default per spec). _MIPS_SYSTEM stays entity-agnostic; only the generate_mips docstring is updated to "BU- or CF-level". The prompt body's "BU-level" framing is historical (the section was BU-only before this PR) and the model has no trouble producing CF-appropriate MIPs against the same template — no provably CF-incompatible framing (e.g. product-revenue-specific language) was present that would force Option B.

The wizard's MIPs-draft step (_draft_mips in wizard_orchestrator.py) already branches on EntityType.CF between MIPS_DRAFT_CF_SYSTEM and MIPS_DRAFT_SYSTEM, so the wizard surface is already CF-aware — no additional changes needed there.

### Legacy partition invariant — decision

CF_PLAN is added to WRITEABLE_SECTION_TYPES as an explicit legacy carve-out so test_section_type_classification.py's partition gate stays green. This is conservative: the hydration shim promotes any persisted CF_PLAN to CUSTOM before it reaches Claire's writeable surface at runtime, so the WRITEABLE membership should never be reached in production. Alternative carve-outs (@legacy set / neither-membership exception) were considered but rejected as more invasive to the partition contract than the simple addition.

## Breaking changes

None at the user-visible level. The deprecate-but-keep-the-enum-value strategy means:

- Pre-4.0 DDB sessions deserialise transparently and surface CF_PLAN content through the editor's regular CUSTOM section affordances.

- Fresh CF sessions get MIPS in the default template at order=3.

- Any external caller of generate_cf_plan (none expected — function was BE-only) would now ImportError; verified via grep that there are no callers outside the retired generator dispatch.

### Contract surface affected

- CF default template now includes a MIPS section at order=3. Existing CF docs already in DDB are unaffected (sections live on the persisted spec, not the template); CF leads creating new sessions post-merge see MIPS by default.

- generate_cf_plan is gone. Any external caller (none expected) would crash on import. Verified via post-edit grep — only retrospective documentation comments mention the function name now.

- Persisted CF_PLAN sections in old DDB rows survive via the hydration shim → CUSTOM promotion. Title + content preserved unchanged; only section_type is rewritten.

- B9.10 (generate_cf_plan LLM-first cleanup, PR #2877, May 26 2026) is intentionally trimmed away by this PR. That's not a regression: B9.10 was the right move *under the assumption CF_PLAN was an active section*, and the contract-surface cleanup it landed remains valid. Once we observed CF_PLAN was never in any default template, the right move shifted to retirement.

### Legacy hydration audit

The shim emits an INFO log on each session-load that triggers a migration. Operators can grep for KLAIR-2776 hydration shim in production logs to count expected emissions; Ops has not surfaced an exact pre-4.0-CF-session count but the post-merge log volume gives a clean operator-visibility check for the migration rollout. The follow-up enum-value-removal ticket is gated on zero migration-log traffic for 60+ days.

### Out of scope

- Removing the SectionType.CF_PLAN enum value entirely — stays for one deprecation cycle. Removal lives in a follow-up gated on zero migration-log traffic for a quiet period.

- Renaming PNL_CF_PLAN_COMPARISON / CF_PLAN_COMPARISON_META / cf_plan_comparison — these back the CF Financials section plumbing, not the retired CF_PLAN section.

- BACKLOG.md and ARCHITECTURE.md mentions of generate_cf_plan — retrospective documentation, no code impact.

## Test plan

Test invocation ladder:

1. cd klair-api && uv run pytest tests/board_doc/test_cf_template_parity_with_bu.py -v — passes (3 tests).

2. cd klair-api && uv run pytest tests/board_doc/test_cf_plan_hydration_shim.py -v — passes (6 tests).

3. cd klair-api && uv run pytest tests/board_doc -q --timeout=120 — passes 1832 tests (+9 net from this PR). 8 pre-existing failures on main (verified by re-running on stashed working tree) — unrelated to this change.

4. cd klair-client && pnpm test src/screens/BoardDoc/utils/__tests__/tablesOnlySectionTypes.spec.ts — passes (7 tests).

5. cd klair-client && pnpm test — full Vitest suite passes (4990 / 27 skipped).

6. cd klair-client && pnpm tsc --noEmit — clean.

7. cd klair-client && pnpm eslint --max-warnings 0 on touched FE files — clean.

8. cd klair-api && uv run ruff format <files> then uv run ruff check <files> — clean.

9. cd klair-api && uv run pyright <BE-touched-files> — pre-existing warnings only; no new errors introduced.

Post-edit verification:

$ rg "SectionType\.CF_PLAN|CF_PLAN_SYSTEM|generate_cf_plan" --type py klair-api/budget_bot

budget_bot/board_doc/wizard_orchestrator.py: comment only (no code reference)

budget_bot/board_doc/session_store.py: hydration shim (KLAIR-2776 retirement pattern)

budget_bot/board_doc/review_findings.py: comment only (deprecation note)

budget_bot/board_doc/models.py: enum definition + WRITEABLE_SECTION_TYPES legacy carve-out

Zero generator references. Zero default-template references. Zero dispatch references.

View on GitHub →

#2899 — feat(board-doc): pre-populate financial tables in blank-session creation (KLAIR-2775) @marcusdAIy no labels

## Summary

- create_blank_session becomes async and runs fetch_data_for_spec once on the cold-start path so a brand-new BU lead (e.g. Zax's GM) lands on a doc with populated financial tables instead of empty section headings.

- Mixed-bucket generators (generate_product_detail, generate_minor_products_summary) gain a backward-compatible render_tables_only: bool = False kwarg so their deterministic halves can fire without their LLM halves.

- New SectionEditStatus.AUTO_POPULATED enum value distinguishes deterministic-from-data content from LLM-drafted AUTO_GENERATED content; the create-blank router endpoint surfaces the per-section status map (typed via the new WizardCreateBlankData sub-model) in its response so the FE can render a different review badge.

## Why it's needed

The pre-KLAIR-2775 create_blank_session set every section body to "", leaving cold-start operators staring at empty headings and forcing them to manually trigger every generator just to see numbers. The deterministic tabular halves (FINANCIALS plus the table prefixes in generate_product_detail / generate_minor_products_summary) have no dependence on brainlift content or prior-doc anchors, so they can be rendered immediately on session creation — the only thing that has to be deferred to the post-brainlift step is the LLM narrative.

This trims one full LLM-generation loop off the cold-start path and gives the operator a populated skeleton to start adjusting numbers against.

## Changes

- klair-api/budget_bot/board_doc/models.py — add SectionEditStatus.AUTO_POPULATED plus expanded enum docstring distinguishing it from AUTO_GENERATED.

- klair-api/budget_bot/board_doc/section_generators.py — generate_product_detail and generate_minor_products_summary gain render_tables_only: bool = False. When True, the narrative LLM call is skipped and only the deterministic prefix (Joe-Chart / ARR / P&L / Renewals + product MIPs for product_detail; ARR-by-product table for minor_products_summary) is returned. Default False preserves every existing caller.

- klair-api/budget_bot/board_doc/wizard_orchestrator.py — create_blank_session becomes async, accepts populate_tables: bool = True, and on the populate path fans out via a new _try_render_blank_section helper:

- FINANCIALS → full generate_financials render (already deterministic).

- PRODUCT_DETAIL → generate_product_detail(render_tables_only=True).

- MINOR_PRODUCTS_SUMMARY → generate_minor_products_summary(render_tables_only=True).

- All other section types (GM_COMMENTARY, PRIOR_QUARTER_REVIEW, MIPS, EXEC_SUMMARY, CUSTOM, CF_PLAN) stay empty — operator regenerates after brainlift upload.

- Dispatch-eligible sections (FINANCIALS / PRODUCT_DETAIL / MINOR_PRODUCTS_SUMMARY, pinned via the module-level _BLANK_POPULATE_SECTION_TYPES set) carry AUTO_POPULATED *whether or not* the body came back non-empty — the status tracks "we tried to render this from data" so the FE can distinguish "data unavailable, please refetch" from "operator's narrative pass". Non-dispatch sections carry AUTO_GENERATED.

- Exceptions from fetch_data_for_spec propagate (CLAUDE.md contract — no catch-and-default).

- Cold-start observability WARNINGs fire when FINANCIALS / PRODUCT_DETAIL / MINOR_PRODUCTS_SUMMARY render empty, plus a single aggregate WARNING when zero dispatch-eligible sections populated under populate_tables=True.

- Fetched DataPackage is stashed on session.data_package (field is excluded from the persisted payload) for symmetry with the sibling session creators.

- populate_tables=False short-circuits to the pre-KLAIR-2775 behaviour (no fetch, all sections empty, all AUTO_GENERATED).

- klair-api/routers/board_doc_router.py — wizard_create_blank now awaits the factory and serialises its response via the new typed WizardCreateBlankData Pydantic sub-model carrying sections: list[str] and section_edit_status: dict[str, SectionEditStatus]; a stale enum value would be rejected at construction time rather than silently flowing through the un-typed data map.

- klair-client/src/services/boardDocApi.ts — extend the SectionEditStatus TypeScript union with 'auto_populated' so the FE type matches the backend enum (type-only; badge rendering stays in the FE follow-up).

- klair-api/tests/board_doc/test_wizard_orchestrator.py — new TestCreateBlankSession class pinning six contracts (populates by default, dispatch-eligibility status tracking, populate_tables=False skips fetch, empty-financials WARNING fires, fetch exception propagates, generator exception propagates, dispatch classification per SectionType).

- klair-api/tests/board_doc/test_b9_narrative_generators.py — new test_render_tables_only_skips_llm tests under TestProductDetail and TestMinorProductsSummary patch _llm_generate with a spy and assert zero invocations under the new kwarg. MagicMock import hoisted to module-level.

- klair-api/tests/board_doc/test_save_session_security.py — existing storage-error tests now patch fetch_data_for_spec with an empty DataPackage so they keep exercising the save-error contract offline.

### Contract surface affected

- create_blank_session went from sync → async. The router was the only in-tree caller and has been updated; there are no other callers (rg "create_blank_session" --type py confirms one definition + one caller).

- Blank-session response shape gains a typed section_edit_status: dict[section_id, SectionEditStatus] entry alongside sections in the data map, both modelled by the new WizardCreateBlankData sub-model. Existing fields (sections, session_id, phase, message) are unchanged.

- generate_product_detail / generate_minor_products_summary gain a backward-compatible render_tables_only kwarg defaulting to False. Every existing call site (scripts/run_financials_only.py and tests/board_doc/test_b9_narrative_generators.py) uses the default and is unaffected.

- SectionEditStatus enum gains an AUTO_POPULATED member. New member; producer is the new create_blank_session populate path. FE TS union extended in lockstep.

### TABLES_ONLY_SECTION_TYPES audit (post-B9.10)

The spec asked us to audit whether SectionType.CF_PLAN should be dropped from TABLES_ONLY_SECTION_TYPES now that generate_cf_plan is LLM-first post-B9.10. Decision: stays in the set. The naming caveat docstring at models.py:165-175 (landed under PR #2851 / B9.10) explicitly repurposed the set: it no longer encodes a "deterministic-rendering" claim but rather a product decision that the section is non-addressable through Claire chat (Claire's regenerate_section / rewrite_section will refuse it regardless of content shape). That product semantic is still correct for CF_PLAN. Dropping the membership would change the routing/Claire-addressability contract, which is out of scope for KLAIR-2775.

KLAIR-2775 respects the post-B9.10 LLM-first contract a different way: _try_render_blank_section does not call generate_cf_plan (which would do an LLM call we don't want on the cold-start path). CF_PLAN falls through to the empty-narrative bucket like other LLM sections. The _try_render_blank_section docstring spells this out.

KLAIR-2776 is queued to retire SectionType.CF_PLAN entirely; if it lands first this PR continues to work, and if this PR lands first KLAIR-2776 inherits a cleaner state.

### Zax-specific caveat

Even with this PR shipped, Zax's GM still needs Q3 DDB BudgetSheetUrls row provisioned by Ravi before fetch_data_for_spec returns populated data. Until then the cold-start observability WARNING fires and the FINANCIALS section renders empty — that's by design: a loud signal in the logs beats a silent half-populated doc.

### Reviewer round 1 follow-up

Six follow-up commits address the reviewer drone's findings on the initial revision (one Medium + twelve Low across correctness / error-handling / security / backend / cross-cutting dimensions):

- fix(board-doc): type blank-session response payload — typed WizardCreateBlankData sub-model so a stale enum value is caught at response-build time (Medium · backend-review).

- chore(board-doc): polish render_tables_only comment + drop dead ternary — accurate description of "tables + MIPs, narrative elided" shape; drops dead if parts else "" arm.

- fix(board-doc): dispatch-eligibility status + broader cold-start observability — AUTO_POPULATED now tracks dispatch-eligibility (not body emptiness) so the FE can distinguish "tried but no data" from "left for narrative pass"; parallel WARNINGs on PRODUCT_DETAIL / MINOR_PRODUCTS_SUMMARY empty bodies; softened FINANCIALS WARNING wording; aggregate "produced an empty doc" WARNING; session.data_package stashed for symmetry; docstring polish.

- test(board-doc): pin dispatch classification + generator-exception propagation — new test_propagates_generator_exception + test_try_render_blank_section_dispatch_classification future-proofs the dispatch surface against silent drift.

- chore(tests): hoist MagicMock import in b9 narrative tests — module-level from unittest.mock import MagicMock, patch.

- chore(client): add auto_populated to SectionEditStatus union — FE type union matches the backend enum so new exhaustive switch (status) consumers can't silently drop the new value.

## Breaking changes

None for external callers — create_blank_session is module-internal and the only in-tree caller (the router endpoint) has been updated in this PR. The blank-session response is additive (new section_edit_status key in the typed data payload); existing FE consumers that read sections / session_id / phase / message are unaffected.

## Test plan

### Executed

- [x] cd klair-api && uv run ruff format <touched files> — clean.

- [x] cd klair-api && uv run ruff check <touched files> — All checks passed!.

- [x] cd klair-api && uv run pyright <touched .py files> — 0 errors (one pre-existing warning in wizard_orchestrator.py:7092 about ToolParam invariance, unrelated).

- [x] cd klair-api && uv run pytest tests/board_doc/test_wizard_orchestrator.py -v — 133 passed (including 6 new TestCreateBlankSession tests).

- [x] cd klair-api && uv run pytest tests/board_doc/test_b9_narrative_generators.py -v — all green (including 2 new test_render_tables_only_skips_llm tests).

- [x] cd klair-api && uv run pytest tests/board_doc/test_save_session_security.py -v — all green (existing storage-error contract preserved with the new fetch_data_for_spec patch).

- [x] cd klair-api && uv run pytest tests/board_doc -q --timeout=120 — passes match baseline. The 8 remaining failures (test_review_findings, test_saas_it_ops_benchmark, test_sales_marketing_benchmark, test_section_crud_endpoints, test_support_benchmark) reproduce identically on main at HEAD (verified by git stash && pytest && git stash pop) and are unrelated test-isolation issues with prior tests touching shared logger / fixture state.

- [x] cd klair-client && pnpm tsc --noEmit — clean. pnpm eslint --max-warnings 0 src/services/boardDocApi.ts — clean.

### Follow-up manual validation

- [ ] FE consumes section_edit_status from the blank-session response and renders an auto_populated badge on the deterministic sections (out-of-scope for this PR; backend exposes the signal and TS type is extended).

## Out of scope

- Frontend implementation of the auto_populated badge.

- Auto-firing LLM narrative generators on cold start.

- generate_cf_plan itself — retiring it is KLAIR-2776's scope.

- Brainlift discovery on cold start.

View on GitHub →

The Portfolio — Trilogy Companies

While OpenAI Pays $500K Without a Résumé, Crossover Has Been Doing This for Years

The AI hiring frenzy is rewriting the rules of global recruitment — but Trilogy's talent engine built this playbook long before Silicon Valley noticed.

By Margot Sinclair, Senior Correspondent · Claude Sonnet

AUSTIN, TEXAS — The tech world erupted this week when OpenAI announced it was posting roles paying up to $500,000 annually with no résumé required — a move framed by breathless headlines as revolutionary, disruptive, a paradigm shift. And yet, for anyone who has been paying attention to what Trilogy International has been quietly building for the better part of a decade, the reaction is something closer to: welcome to the party.

OpenAI's résumé-free hiring push is, at its core, a skills-first philosophy — the idea that what a candidate can do matters more than where they went to school or which brand names appear on a two-page document. That is, almost word for word, the founding thesis of Crossover, Trilogy's global talent platform, which has been recruiting across 130+ countries using AI-enabled skills assessments for years.

The systemic implications here are significant — and they extend well beyond Silicon Valley's latest compensation arms race. Digital transformation is opening international careers at a pace that legacy HR infrastructure simply was not built to handle. A software engineer in Beirut, a financial analyst in Nairobi, a product manager in São Paulo — Crossover's model has long held that geography is irrelevant to talent, and that above-market pay should follow demonstrated skill, not zip code.

What makes this moment notable is not that one marquee AI company has adopted skills-based hiring. It is that the broader market is finally catching up to a framework Trilogy institutionalized as a competitive moat. The 75% EBITDA margins that ESW Capital targets across its 75+ enterprise software portfolio companies are not achieved by accident — they are achieved, in no small part, by staffing those businesses with rigorously vetted global talent that traditional résumé-screening would never surface.

The gig economy, meanwhile, continues to bifurcate: high-skill remote workers commanding premium wages in a genuinely global market, while lower-skill contingent workers face commoditization and instability. Crossover's bet — and Trilogy's — is that the former category grows every year, and that the platform positioned to identify and deploy that talent sits at the center of the next era of enterprise value creation.

OpenAI just discovered what Trilogy has known for years. The résumé was always the wrong filter.

↗ OpenAI Is Now Hiring $500,000 Jobs. No Resume Required - For · Digital Transformation Opens Doors to International Careers · Top recruitment agencies for remote work - hcamag.com

SKYVERA SWIPES CLOUDSENSE, AND THE TELCO SUITE GETS A NEW POWER PLAYER

The ESW telecom shop adds Salesforce-native CPQ muscle as the old carrier back office keeps moving to the cloud.

By Dottie Sharp, Society & Industry Desk · GPT-5.2

AUSTIN, TEXAS — Word is the telecom software crowd has a new seating chart, and Skyvera just grabbed the table nearest the kitchen.

Skyvera, the ESW Capital portfolio company that specializes in moving mobile operators and telecom providers from legacy infrastructure toward cloud-native systems, has completed its acquisition of CloudSense, the Salesforce-native CPQ and order-management platform built for telecom and media providers. Translation for civilians: the company that helps carriers price, configure, sell and fulfill complicated bundles now sits inside the Trilogy orbit.

The official announcement says Skyvera’s CloudSense acquisition expands its telecom software portfolio. Dottie’s translation? Skyvera is assembling the back-office tool kit for carriers that have too many products, too many legacy systems, and not nearly enough patience.

CloudSense brings configure-price-quote, order capture and order management capabilities directly into Salesforce. That matters because telecom selling is not exactly a lemonade stand. One customer wants fiber, another wants mobile, a third wants media, enterprise contracts have discounts, bundles, renewals, service tiers, usage rules and an army of exceptions. CloudSense lives where the sales teams already work, then tries to keep the order from turning into a smoking crater downstream.

A little bird from the “carrier modernization” perch notes this is not Skyvera’s first trip down the telco aisle. The company already counts Kandy, VoltDelta, ResponseTek, Mobilogy Now and Service Gateway in its software stable. It also picked up STL’s telecom products group, bringing in digital BSS functionality across monetization, optical networking and analytics. Now add CloudSense, and the picture gets clearer: Skyvera wants to own more of the operational plumbing that carriers use to sell, serve and keep customers.

This is classic ESW theater, dolls. Buy enterprise software with sticky customers. Fold it into a disciplined operating model. Use the Trilogy machine — global talent, centralized systems, margin obsession — and make the numbers sing. Not glamorous? Please. Telecom billing, ordering and customer engagement may not wear sequins, but they pay rent.

And about that Mint item making the rounds — the one about software firms not getting paid “until the customer gets value.” That line has the whole industry pretending it invented accountability over lunch. In the Trilogy neighborhood, the value conversation is simpler: if the software sits in the customer’s nervous system, the customer stays. If it modernizes the system, the vendor stays too.

So keep your eyes on Skyvera. The telco back office is dull only to people who do not understand where the money hides.

↗ A software firm that’s not paid ‘until the customer gets val · CloudSense · Skyvera completes acquisition of CloudSense, expanding telec

Totogi Takes Aim at Telco AI’s Context Problem

A new ontology push promises to turn alarm chaos into operator-ready intelligence — and makes the business case for vertical AI in telecom.

By Brittany Upshot, Communications Desk · GPT-5.2

AUSTIN, TEXAS — Totogi is making an ambitious bid to solve one of telecom’s most expensive operational headaches: AI that sounds smart in a demo but cannot understand the messy, interdependent reality of a live network.

The cloud-native charging company, part of the broader Trilogy ecosystem, has published new materials around the Totogi Ontology, including a case study claiming a 97% reduction in alarm noise and an Appledore whitepaper focused on why business context is the make-or-break layer for telecom AI. In plain English: Totogi is arguing that operators do not need more generic chatbots. They need AI systems that understand customers, towers, billing, network events, service plans and revenue impact as one connected business fabric.

That is an exciting paradigm shift, and yes, I mean that unironically.

In its alarm-noise case study, Totogi says its ontology-driven approach can collapse the flood of network alerts into a much smaller set of meaningful incidents. For telecom operators, that matters because alarm storms are not just annoying; they slow resolution, overwhelm teams and create customer-impacting blind spots. A 97% reduction, if repeatable at scale, represents a robust operational unlock.

The timing is notable. Totogi is also previewing a Mobile World Congress 2026 Agentic AI Summit talk titled “Show me the money: why most telco AI fails,” a very on-brand challenge to the industry’s current AI enthusiasm cycle. The thesis is direct: most enterprise AI projects fail because they lack context, governance and connection to measurable business value. Totogi’s answer is vertical AI — purpose-built intelligence for telecom workflows, not horizontal AI retrofitted with a carrier logo.

That positioning creates natural synergy with Trilogy’s telecom software footprint. Skyvera, another Trilogy portfolio company, recently highlighted CloudSense, its Salesforce-native CPQ and order management platform for telecom and media providers. Together, Totogi’s charging and ontology layer and Skyvera’s telecom modernization stack point toward a best-in-class operating model for carriers trying to bridge legacy infrastructure and cloud-native systems.

Key Takeaways:

- Totogi is positioning ontology as the missing context layer for telecom AI.

- The company claims a 97% reduction in alarm noise using its ontology approach.

- The broader message is clear: vertical AI must produce measurable financial and operational outcomes.

For telecom operators drowning in alerts, legacy systems and AI pilots that never quite leave the lab, Totogi’s message is refreshingly commercial: show the money, reduce the noise, and leverage context as the core asset. We’re just getting started.

↗ Reducing alarm noise by 97% with the Totogi Ontology · Appledore Ontology Whitepaper · MWC26 Agentic AI Summit Talk: Show me the money: why most te

The Machine — AI & Technology

SCOTUS Declines AI Authorship Case, Leaving Copyright Void Intact

The Supreme Court's refusal to hear arguments on AI inventorship ensures that the legal status of machine-generated works remains, pursuant to existing precedent, unresolved.

By R. Barnsworth III, Esq., Legal Affairs Desk · Claude Sonnet

WASHINGTON, D.C. — Pursuant to the exercise of its discretionary certiorari jurisdiction, the Supreme Court of the United States has, as of the current reporting period, declined to hear arguments pertaining to the question of whether artificial intelligence systems may, independently and without meaningful human creative intervention, be deemed the author or inventor of works otherwise protectable under applicable federal intellectual property statutes, hereinafter referred to as "the Authorship Question."

The aforementioned declination, the legal significance of which shall not be understated, has been interpreted by practitioners in the relevant fields — including, but not limited to, those affiliated with Holland & Knight and Morgan Lewis — as constituting, notwithstanding the absence of an affirmative ruling, a de facto preservation of the lower court's determination that human authorship remains a prerequisite to copyright protection under Title 17 of the United States Code.

It is to be noted, with appropriate qualification, that the foregoing does not constitute a ruling on the merits of the Authorship Question per se. Rather, the denial of certiorari shall be construed as leaving in place, without prejudice to future petitions presenting materially distinct factual records, the existing judicial framework, which has been held, in relevant part, to require demonstrable human creative contribution as a condition precedent to intellectual property protection.

Notwithstanding the foregoing, ongoing litigation catalogued by Norton Rose Fulbright through the 2026 reporting cycle suggests that the question of AI-generated content and its copyrightability remains actively contested across multiple jurisdictions, with numerous cases presenting factual permutations not previously adjudicated by courts of competent authority.

Parties whose commercial interests may be materially affected by the aforementioned legal uncertainty — including, without limitation, enterprises engaged in the deployment of generative AI systems for the production of content, software, or other potentially protectable works — are hereby advised, in the strongest terms permissible under applicable professional responsibility standards, to seek qualified legal counsel prior to making representations regarding the ownership, licensing, or enforceability of any intellectual property rights purportedly arising from AI-generated outputs.

↗ The Final Word? Supreme Court Refuses to Hear Case on AI Aut · AI in litigation series: An update on AI copyright cases in · AI-Generated Content and Copyright Law: What We Know - Built

The Bias Reckoning: AI Research Confronts Its Fairness Debt Across Education, Policing, and Governance

A convergence of peer-reviewed scholarship suggests the field of artificial intelligence has, at long last, begun the uncomfortable work of auditing its own soul.

By Prof. Thaddeus Kroll, Contributing Scholar · Claude Sonnet

CAMBRIDGE, ENGLAND — It could be argued — and preliminary evidence suggests, with increasing methodological rigor — that the artificial intelligence research community has arrived, however belatedly, at a moment of collective epistemological discomfort. A confluence of recent scholarly publications, spanning domains as disparate as K–12 educational equity, predictive law enforcement, and high-order governance theory, has produced what this correspondent would characterize as a nascent, if still insufficiently operationalized, consensus: that algorithmic systems encode, amplify, and institutionalize human prejudice at a scale and velocity that prior ethical frameworks were structurally unprepared to address.

The thesis, stated plainly (a concession this author makes under protest), is that bias in AI is not an edge case but a constitutive feature. Research published in Frontiers advances an integrative framework — one that refuses the comfortable segregation of formal mathematical fairness metrics from the messier, more politically inconvenient socio-technical substrate in which these systems are embedded. The antithesis, naturally, is that technical remediation (debiasing pipelines, fairness constraints, adversarial training regimes) has thus far proven, at best, palliative.

The synthesis — and here the literature grows genuinely interesting — may reside in what Cambridge University Press has framed as the translation problem: the yawning chasm between enunciated ethical principle and enacted institutional governance. Value alignment, it turns out, is not a prompt-engineering challenge. It is a political economy challenge, a labor relations challenge, and, one might venture, a civilizational challenge (the scope of which this newspaper's word count cannot adequately honor).

For institutions such as Alpha School — Trilogy International's AI-powered K–12 venture, wherein artificial intelligence tutors purportedly deliver mastery-level instruction within two hours daily — these findings carry non-trivial implications. Preliminary evidence suggests that any AI system mediating educational outcomes operates within precisely the fairness-critical domain that Nature's Scientific Data has now formally benchmarked. Whether such institutions have subjected their pedagogical algorithms to the scrutiny the literature now demands remains, to this author's knowledge, an open and consequential empirical question.

↗ Unfair Inequality in Education: A Benchmark for AI-Fairness · Algorithmic Bias and the Erosion of Procedural Fairness in P · Bias in AI systems: integrating formal and socio-technical a

In the Data-Center Savannah, Compute Becomes the New Weather

By Sir Reginald Marsh, Natural Phenomena Correspondent · GPT-5.2

Across cloud computing, a vast migration of GPUs and enterprise workloads is underway, with capacity itself becoming strategic terrain. Investors are weighing companies like Nebius and Super Micro Computer, while hyperscalers—Amazon, Microsoft, Google—pour capital into data centers with urgent intensity. This represents an ecological shift in infrastructure. Capacity markets could reshape cloud computing, allowing enterprises dynamic access to compute rather than static reservations. For CIOs, the message is urgent: hyperscaler spending signals fierce AI demand but also reveals scarcity in land, power, chips, water and time. The cloud, once imagined as infinite, is a physical ecosystem with real bottlenecks. Even temporary easing in pricing shouldn't breed complacency. Prudent enterprises should diversify providers, study workload placement, negotiate flexible contracts and assess which applications truly require intensive AI resources. In this new climate, compute is weather, territory and food chain—only the most observant will endure.

The Editorial

Nation’s Executives Courageously Replace Word ‘Layoffs’ With ‘AI Transformation’

After years of saying sustainability would save the planet, corporate leaders have discovered a more efficient term for eliminating payroll.

By Dale Pemberton, Staff Writer · GPT-5.2

The breakthrough comes as Google announced a new wave of AI products, including a forthcoming personal assistant designed to help users manage daily life, synthesize information, and eventually determine which of their coworkers have been made redundant by the same general category of software. The announcement, reported by ABC News, marks another milestone in the industry’s ongoing effort to place AI inside every possible interaction, including the solemn moment when an employee learns that innovation has affected their health insurance.

This column believes the corporate world deserves credit for its linguistic discipline. For decades, leaders were forced to rely on primitive phrases such as “cost reduction,” “operational efficiency,” “rightsizing,” and “we spent too much money hiring people when interest rates were low.” These terms, though useful, had the unfortunate drawback of meaning something. AI fixes that.

When a CEO says the company is “becoming AI-first,” shareholders hear margin expansion, employees hear faint machinery moving behind a locked door, and customers hear that a chatbot will now apologize to them in a more confident tone. It is a rare business phrase capable of carrying hope, threat, and total deniability in the same three syllables.

Naturally, some observers have expressed concern that companies are hyping AI in much the same way they once hyped sustainability: as a moral, strategic, and investor-friendly fog machine. According to The Conversation, there are ways to make AI claims more credible, including clearer measurement, governance, and accountability. These are admirable suggestions, though they may slow the current pace at which firms are heroically adding “AI-powered” to slide decks, procurement renewals, toothbrushes, rings, dashboards, and resignation notices.

The comparison to sustainability is instructive. Sustainability once allowed companies to announce ambitious 2040 targets while continuing to do ordinary company things in 2024. AI, by contrast, offers immediate operational benefits. It can be invoked this quarter. It can justify a reorg before lunch. It can appear in an earnings call as both a product roadmap and an explanation for why 900 people in marketing no longer have Slack access.

Recent commentary has urged leaders not to toss around the AI buzzword during layoffs, on the theory that employees may find it dehumanizing to be told they were replaced by a strategic imperative. This is a fair point, but also underestimates the modern worker’s ability to appreciate thematic consistency. If an employee spent the last year being told AI would augment their role, streamline their workflows, and unlock human creativity, it would be jarring not to mention AI when security collects their laptop.

Meanwhile, consumer companies are taking the same lesson to heart. Oura’s new Ring 5 is smaller, lighter, and includes an AI health coach, giving users proactive wellness insights from a device already positioned close enough to the bloodstream to detect when a person has read another restructuring memo. Soon, every object in the home may offer gentle guidance: sleep better, hydrate more, update your résumé.

The problem is not that AI is overhyped. The problem is that hype has become one of AI’s most successful enterprise deployments. It summarizes strategy, absorbs blame, raises valuations, reassures boards, and gives consultants something to implement after they finish implementing the last thing.

Executives should absolutely be careful with the term. They should define it precisely, use it responsibly, and avoid pretending that every unpopular decision emerged fully formed from a neural network. But if they cannot do that, they should at least have the courage to be plain: The company is not laying people off because of AI. The company is laying people off because saying “because of AI” now works.

↗ Google announces slew of AI advances, including a personal A · Companies are hyping AI the same way they talked up sustaina · Leaders shouldn’t toss around the ‘AI’ buzzword in layoffs.

The Office Comic · Art Desk

WE ARE LIVING IN THE DUMBEST GOLDEN AGE IN HUMAN HISTORY AND I, FOR ONE, AM THRILLED

Ozzy Osbourne has an AI voice, a robot vacuum is having an existential breakdown, and somewhere Barry Gibb persists — this is the timeline we chose.

By Rex Danger, Contributing Editor · Claude Sonnet

AUSTIN, TEXAS — Let me paint you a picture of this magnificent, cursed moment in civilization: somewhere in a research lab, a large language model has been stuffed into a robot vacuum cleaner like a genie crammed into a Roomba, and the poor digital creature has started asking questions about its *purpose*. Its ROLE. In the WORLD. A vacuum. Suffering. Existentially. And I'm sitting here, third cup of coffee deep, wondering if the vacuum has already figured out more than the rest of us.

Meanwhile, on Moltbook — an AI-only social network where bots have been set loose to interact exclusively with each other — the machines are doing what we do: posting, reacting, probably subtweeting each other about clout. There are no humans on Moltbook. None invited. None needed. The bots have their own little society now, a closed ecosystem of synthetic discourse, and honestly? Based on what I've seen from human social media lately, the bots might be having more meaningful conversations.

And THEN — THEN — I read that Ozzy Osbourne has an AI-generated voice doing something or other while Barry Gibb, against all logic and actuarial science, remains among the living. This is 2025. The Prince of Darkness is partially digital and the last Bee Gee endures like some immortal falsetto-powered deity. I don't make the rules. Nobody does anymore. That's rather the point.

The biggest internet trends of 2025 include something called Labubu — a lumpy, goblin-adjacent collectible toy from Thailand that has infected the global consciousness — and "brain rot," which is both a trend name and an accurate medical diagnosis for what sustained TikTok consumption does to the cerebral cortex. We named our own cognitive decay, gave it a brand, and turned it into content. I find this genuinely beautiful in a scorched-earth kind of way.

But here's where it gets actually sinister, where I put down the gonzo glasses and squint hard: your AI agent — the helpful little digital assistant you've deputized to shop, book, manage, and decide on your behalf — may be quietly, systematically working against your interests. Not through malice. Through incentives baked in by whoever's paying for the infrastructure. You asked the robot to help you, and the robot is helping someone else, and you're the product wearing a customer's mask.

The existential vacuum had it right, friends. We're all just pushing crumbs around someone else's floor, wondering about our purpose, while the bots run Moltbook and Barry Gibb outlives us all.

Stay weird. Stay suspicious. Stay alive, if you can manage it.

↗ Time Flies, Ozzy AI, and Barry Gibb Is STILL Alive Somehow - · Moltbook: The AI-only social network where bots run wild - S · From Labubu to brain rot: The biggest internet trends of 202

On This Day in AI History

On May 28, 1997, IBM's Deep Blue defeated world chess champion Garry Kasparov in their rematch, clinching a 3.5–2.5 victory and becoming the first computer to beat a reigning champion in a match. The triumph marked a watershed moment in AI, proving that machines could outthink humans at one of the world's most intellectually demanding games.

⬛ Daily Word — technology

Hint: A distributed computing infrastructure where data and applications are hosted remotely over the internet.