ALL MEMOS Download .docx

TITAN — install, deploy, and full restore test plan

Version: v1 · 2026-04-21 · HERALD

Status: printable · for packaging TITAN to a new Mac or PC

Rough-Ask: R0116

This document is the complete recipe for taking a titan-pack-YYYY-MM-DD-HHMM.zip archive off the source machine, restoring it on a brand-new Mac / PC / Linux box, and proving — with a structured test plan — that every subsystem is working end-to-end.

---

1. What TITAN is (so you know what you're restoring)

TITAN is a persistent personal AI operating brain. It spans three layers:

1. Code + scripts + plans — Python / TypeScript modules, scheduled tasks, the CDK infrastructure, hook scripts, PM dashboards, strategy memos, and sub-agent definitions.

2. Tiered memory — hot / warm / cold / staging directories under TITAN/knowledge/memory/ and ~/.claude/knowledge/memory/. These are plain markdown, version-controlled, and grow over time.

3. Configuration — Claude Code user settings, MCP server lists, skills, hooks, and environment variables.

A complete restore brings all three back online on the target machine.

---

2. Prerequisites on the target machine

2.1 Software (all OSes)

| Tool | Minimum version | Why |

|---|---|---|

| Python | 3.12 | TITAN scripts + Lambda bundling parity |

| Git | 2.40+ | Repo restore |

| AWS CLI v2 | 2.15+ | Bedrock / Lambda / S3 operations |

| Node.js | 20 LTS | CDK TypeScript redeploy |

| Claude Code CLI | latest | Actually run TITAN |

| 1Password / password manager | any | Restoring secrets |

Recommended: a terminal multiplexer (tmux / iTerm2 split panes) for the parallel-work directive.

2.2 Accounts to re-authenticate

• AWS account 516005192254 — aws configure with re-issued access keys. Re-use profile name.
• Anthropic / Claude API — log in via claude /login in the CLI.
• Bedrock marketplace agreement — already accepted under account 516005192254; no action needed.
• Gmail MCP — re-authorize the OAuth token if you ship Claude Code with the same MCP config.
• Cognito (once SSO lands) — re-register Google + Apple OAuth client credentials.

2.3 DNS / domain

silentinfinity.com lives on Route 53 under the same AWS account. No DNS migration needed — the production site is cloud-hosted and keeps running while the restore happens locally.

---

3. Install steps — step by step

3.1 Create the target paths

Pick where TITAN will live. Export as env vars so subsequent commands are portable.

Windows (PowerShell):

$env:TITAN_HOME = "F:\TITAN"
$env:CLAUDE_HOME = "$env:USERPROFILE\.claude"

macOS / Linux (bash / zsh):

export TITAN_HOME=~/TITAN
export CLAUDE_HOME=~/.claude

Create both directories.

3.2 Unzip the pack archive

unzip titan-pack-YYYY-MM-DD-HHMM.zip -d /tmp/titan-restore

Move contents into place:

mv /tmp/titan-restore/titan/*  $TITAN_HOME/
mv /tmp/titan-restore/claude/* $CLAUDE_HOME/
mv /tmp/titan-restore/MANIFEST.json $TITAN_HOME/
mv /tmp/titan-restore/RESTORE.md   $TITAN_HOME/

3.3 Run integrity verification

python $TITAN_HOME/scripts/titan-verify.py titan-pack-YYYY-MM-DD-HHMM.zip

Expected output: every file matches its SHA-256. Zero drift, zero missing.

3.4 Restore tracked repos from git

Open $TITAN_HOME/MANIFEST.json, look up tracked_repos. For each entry:

git clone <remote_url> <local_dir>
cd <local_dir>
git checkout <head_sha>

This pins each repo to the exact SHA it was at pack time. Bypass if you want the latest commits instead.

3.5 Re-create secrets

These are intentionally excluded from the archive. Re-create from your password manager:

• F:/projects/innerverse/.env (or equivalent) with ALLOWED_ORIGIN, HEALTH_DEEP_TOKEN, BEDROCK_MODEL_ID (optional override)
• AWS access keys via aws configure
• Any Resend / Cognito secrets once those services are wired
• Claude Code settings that reference API keys

3.6 Install Python dependencies (per repo)

cd $TITAN_HOME && python -m pip install -r server/requirements.txt
cd F:/projects/innerverse && python -m pip install -r backend/requirements.txt

3.7 Reinstall Node modules (CDK only)

cd F:/projects/innerverse/infra && npm install

3.8 Smoke test

python $TITAN_HOME/scripts/titan-task-state.py tail

If the in-flight log tails without error, memory + scripts are alive.

---

4. The test plan — proving the restore actually works

Restore is not "done" until these 16 checks pass. This is the robust validation layer.

4.1 Integrity tier

| # | Test | How to run | Pass criterion |

|---|---|---|---|

| 1 | Archive SHA-256 verification | python titan-verify.py | 0 drift, 0 missing |

| 2 | Git repo SHA pin check | git rev-parse HEAD in each repo | Matches MANIFEST.json |

| 3 | Manifest schema parse | python -c "import json; json.load(open('MANIFEST.json'))" | No JSON error |

4.2 Local runtime tier

| # | Test | How to run | Pass criterion |

|---|---|---|---|

| 4 | Python 3.12 launch | python --version | 3.12.x |

| 5 | Claude Code CLI auth | claude /status | Authenticated |

| 6 | AWS CLI auth | aws sts get-caller-identity | Account = 516005192254 |

| 7 | TITAN scripts import | python -c "import titan-task-state" (no error) | No ImportError |

| 8 | Knowledge memory readable | ls $TITAN_HOME/knowledge/memory/hot/ | Returns file list |

| 9 | Claude global config intact | ls $CLAUDE_HOME/CLAUDE.md | File present |

4.3 Cloud connectivity tier

| # | Test | How to run | Pass criterion |

|---|---|---|---|

| 10 | Bedrock list models | aws bedrock list-foundation-models --region us-east-1 | Returns list including Sonnet 4.6 |

| 11 | DynamoDB tables readable | aws dynamodb list-tables --region us-east-1 | Returns innerverse-* tables |

| 12 | S3 buckets accessible | aws s3 ls | innerverse-cf-logs etc. visible |

| 13 | Lambda function state | aws lambda get-function --function-name innerverse-mirror | State = Active |

| 14 | CloudFront distribution | aws cloudfront get-distribution --id E2M8T6S9SM3OQY | Status = Deployed |

4.4 End-to-end tier

| # | Test | How to run | Pass criterion |

|---|---|---|---|

| 15 | Live site reply | curl -s https://silentinfinity.com/ | HTTP 200 + HTML contains iv-ambient |

| 16 | Chat invoke path | POST to /invoke with {uid:test,cid:smoke,turnIndex:0,userMessage:"hello"} | Returns streaming SSE with at least one delta event |

4.5 Run all tests at once

A single script titan-restore-smoke.py runs all 16 checks and reports pass/fail with timings. Lives in $TITAN_HOME/scripts/ after restore.

4.6 Rollback plan

If any test fails critically:

1. Do NOT touch production (silentinfinity.com stays live — restore is local).

2. Re-unzip the archive into a fresh directory.

3. Re-run titan-verify.py to catch corrupted extraction.

4. If SHA checks pass but cloud tests fail: it's an AWS permissions issue, not a restore issue.

5. If SHA fails: ship a fresh pack from the source machine and retry.

---

5. Task-history ledger (per your directive)

Separate from pack/restore — every Claude or TITAN task should be documented with:

• Task description (1-line human summary)
• Duration (wall clock)
• Token spend (input + output + cache_read + cache_write)
• Cost (USD, computed via pricing.py)
• Model used
• Outcome (shipped, failed, rolled back, pending-user)
• Files touched (git SHAs before + after)

Proposed implementation:

• New DynamoDB table titan-task-history with schema:

- pk = task_date (YYYY-MM-DD)

- sk = timestamp + task_id

- Attributes: description, duration_ms, tokens_in, tokens_out, cache_read, cache_write, cost_usd, model_id, outcome, files_touched[], git_sha_before, git_sha_after

• Hook: after every TaskOutput-producing invocation, append one row via a fire-and-forget writer.

• Weekly export: SAGE dashboard shows spend by task category (research / code / docs / deploy / email).

• Portability: the table is included in the Silver-tier data-lake export so task-history follows TITAN to any new machine.

This lives in the SAGE / ANALYTICS domain — I'll wire it into the Lambda + TITAN hook path in the next sprint.

---

6. Packaging for handoff

When you're ready to ship the pack to another machine:

1. Run python F:/TITAN/scripts/titan-pack.py — produces a zip in F:/TITAN/backups/

2. Upload the zip to S3 with KMS-SSE encryption:

```

aws s3 cp titan-pack-YYYY-MM-DD-HHMM.zip s3://innerverse-cf-logs/backups/ --sse aws:kms

```

3. (Or) move it to an encrypted USB drive.

4. On the target machine, download + decrypt + follow sections 3 and 4 above.

---

7. Secrets handoff (the hard part)

Because TITAN's pack excludes secrets by design, the operator must carry:

• AWS access key ID + secret (or re-issue on the new machine)
• Anthropic API key (if using Anthropic direct, not just Bedrock)
• Resend API key (once magic-link is wired)
• Any Cognito client secrets (once SSO is wired)
• Gmail OAuth token (if re-authenticating the Gmail MCP)

Recommended carry medium: 1Password Vault shared item or an age-encrypted .env file. Never email, never Slack, never paste into a public channel.

---

8. Version history

| Version | Date | Author | Changes |

|---|---|---|---|

| v1 | 2026-04-21 | HERALD | Initial install + deploy + test plan |

---

— HERALD