feat(api): AIN-183 P0-2 · AAMC voter aa_index_source lock

[hizrianraz]

Summary

Two AAMC v1.0 voter slugs (`gemini-3-1-pro`, `mistral-large-3`) shipped with `aa_index_source='estimate_2026_q2'` while the other three (`claude-opus-4-7`, `gpt-5-5`, `grok-4`) shipped with `aamc_v1_lock`. Marketing /models advertises 'AAMC v1.0' across the whole pool, so two voters carrying a provisional source label = discipline #11 mismatch (spec / runtime / copy disagree).

This PR adds an alembic migration to flip the two stragglers, plus an invariant test that prevents regressions.

What this changes

`alembic/versions/20260519_0017_aamc_voter_source_lock.py`

Single UPDATE filtered on the current value (`aa_index_source='estimate_2026_q2'`) so re-applying is a no-op. Rowcount assertion accepts 0 (fresh DB / re-apply) or 2 (first prod apply) and raises on any other value — per Memory #20 (silent no-ops ship as green CI).

Auto-applies on next Railway deploy via the Dockerfile's `alembic upgrade head` (committed in 5ed0e2b).

`tests/integration/test_aamc_invariants.py`

New test `test_aamc_5_voters_use_v1_lock_source` sits next to the existing active-flag invariant. Any future migration that regresses a voter back onto a provisional source label fails CI with a discipline #11 explanation.

Test plan

• CI green (ruff + mypy --strict + pytest passed locally pre-commit)
• After Railway deploy, `curl -s https://api.ainfera.ai/v1/models | jq '.[] | select(.id | test("gemini-3-1-pro|mistral-large-3")) | .aa_index_source'` returns `["aamc_v1_lock", "aamc_v1_lock"]`
• All 5 voters `{claude-opus-4-7, gpt-5-5, gemini-3-1-pro, grok-4, mistral-large-3}` show `aamc_v1_lock`
• Migration is idempotent — second `alembic upgrade head` call (in case of redeploy) succeeds with 0 rows affected

Friction notes

• Audit prompt called the column `aamc_index_source`. Real ORM column is `aa_index_source` (api/ainfera_api/orm.py:332). Migration uses the real name.
• Prompt's original plan was `mcp__claude_ai_Supabase__apply_migration` against project `dftfpwzqxoebwzepygzl`. That project doesn't appear in our authenticated Supabase MCP scope; the one that does (`mezyeiwufubdojlxpqou`) has zero application tables. Memory `project_supabase_is_prod.md` updated to reflect that schema work ships as alembic in api/, not via Supabase MCP — regardless of where DATABASE_URL points (Railway-managed PG or a Supabase project we can't see).

Closes: AIN-183 P0-2 (AAMC source label drift)
Discipline: #1, #11, Memory #20

[linear-code]

AIN-183 🟠 All-repos audit sweep — 14 repos × spec-vs-built + Discipline #3/#4/#11/#17 verification

Severity: 🟠 HIGH — comprehensive repo-level Discipline #1 + #17 audit

Filed 2026-05-18 PM after AIN-153 + AIN-158 spec-vs-built audit revealed Aule shipping less than spec'd then marking parents Done. Pattern requires systematic verification across ALL 14 repos in the ainfera-ai GitHub org.

Founder directive: "Hard revert to In Progress and force the missing work. Also check all repos."

Scope

For each of the 14 repos in ainfera-ai org, Aule audits:

1. Spec vs built — does the repo's stated purpose match what's actually in main?
2. Tickets marked Done — for each Done ticket touching this repo in last 14d, verify the deliverables match the ticket's acceptance gates
3. Surfaces live in production — does the prod deployment match what main branch's app/ or src/ declares?
4. Founder PII grep — 0 matches for "Hizrian|Izzy|Raz|founder|fibromyalgia|ADHD|snowboard|Julius Baer" in any public surface or repo README/docs
5. Internal agent name grep — public-facing surfaces should NOT mention Manwe/Yavanna/Namo/Aule/Tulkas (Varda is acceptable per PUBLIC build(deps): Bump astral-sh/setup-uv from 5 to 7 #1 lock)
6. Lock compliance — D7-D37 locks honored in any new code
7. Discipline fix(orm): use postgresql.ARRAY so capabilities.contains() emits @> #11 — Notion canonical vs code drift

14 repos to audit

Production-facing (Phase 1, urgent)

#	Repo	Audit focus
1	ainfera-ai/web	Marketing + dashboard pages — match D14 + Part 2 spec
2	ainfera-ai/api	FastAPI surfaces, /v1/* endpoints match docs.ainfera.ai claims
3	ainfera-ai/ainfera-os	Monorepo root, docs/ folder, SKILL.md files, package versions
4	ainfera-ai/mcp	mcp.ainfera.ai FastMCP server, tool surface matches docs
5	ainfera-ai/sdk (or python-sdk if named differently)	PyPI ainfera package matches API surface, exported symbols

Agent-implementation (Phase 2)

#	Repo	Audit focus
6	ainfera-ai/varda (or similar)	NemoClaw orchestrator config, GPT-5.5 binding, public surface compliance
7	ainfera-ai/aule	Claude SDK + Opus 4.7 xhigh config, author override in commit history
8	ainfera-ai/yavanna	LangGraph + Sonnet 4.6 + Grok 4, response_review heuristics
9	ainfera-ai/namo	Letta + Gemini 3.1 Pro, memory consolidation
10	ainfera-ai/tulkas	Garak + Mistral Large 3, probe batteries

Customer + tooling (Phase 3)

#	Repo	Audit focus
11	ainfera-ai/hermes-agent (Manwe Customer #1 fork)	v0.14.0 SHA a91a57fa matches reported state
12	ainfera-ai/examples	5 example agent repos per AIN-78
13	ainfera-ai/specs (or similar)	CC-BY 4.0 spec docs match Notion canonical
14	ainfera-ai/.github or org-level	Issue templates, PR templates, CODEOWNERS, branch protection

Audit deliverable per repo

For each repo, Aule produces a comment on this ticket with:

## Repo: ainfera-ai/<name>

### Spec match
- Stated purpose: <from README>
- Actual state: <from main branch traversal>
- Drift: <none / specifics>

### Recent Done tickets touching this repo
- AIN-XYZ — claimed: "..." → actual state: ✅ matches / ⚠️ partial / ❌ missing

### Production-vs-main drift
- Last deploy SHA: <sha>
- main HEAD: <sha>
- Drift: <none / files differ / etc>

### Grep results
- Founder PII: <count> matches → <files>
- Internal agent names in public: <count> matches → <files>

### Lock compliance
- D7-D37 references: <count> 
- Discipline #6 corollary violations: <count>

### Recommendation
- ✅ Clean / ⚠️ Cleanup needed / 🔴 Active violation

### Tickets to file
- <list of child tickets needed if cleanup work surfaces>

Audit commands Aule runs per repo

cd ~/code/ainfera-ai/<repo>
git pull origin main

# Discipline #3 grep
rg -i "hizrian|izzy|raz|fibromyalgia|adhd|snowboard|julius baer|sommelier" \
   --type-not lock \
   --type-not log \
   -l

# Internal agent naming in public surfaces
rg -i "manwe|yavanna|namo|aule|tulkas" \
   src/ app/ public/ docs/ README.md \
   --type-not lock \
   -l

# Discipline #4 author override check (last 50 commits)
git log -50 --pretty=format:'%h %an <%ae>' | rg -v "Aule <aule@" | head -20

# Production-vs-main drift (for deployed repos)
gh api repos/ainfera-ai/<repo>/deployments --jq '.[0:3] | .[].sha'
# Compare against `git rev-parse main`

# Spec vs files
ls -la docs/
cat README.md | head -30

Acceptance gates

• All 14 repos audited
• Audit comment posted per repo on this ticket
• Any 🔴 Active violation gets immediate child ticket filed
• Any ⚠️ Cleanup ticket gets queued for AIN-179 delivery wave
• Summary comment at end: total findings + per-severity counts + recommended next actions
• Aule author override on the audit branch
• No remediation in this ticket — only findings. Remediation = follow-up tickets.

Out of scope

• Code refactoring (only audit-and-report)
• Linter sweeps (separate cleanup pass)
• Test coverage analysis (covered by AIN-118 or successor)
• Performance audit (separate concern)

Connection

• Triggered by: AIN-153 + AIN-158 spec-vs-built mismatch finding (2026-05-18 PM session 3.5 audit)
• Authority: AIN-179 delivery wave + "Also check all repos" directive
• Discipline references: build(deps): Bump astral-sh/setup-uv from 5 to 7 #1 (no Done without proof) + fix(orm): use postgresql.ARRAY so capabilities.contains() emits @> #11 (no drift) + feat(phase-6): PR-J6a · signing-material endpoint + JWS verify middleware #17 (verify before claim)
• Pattern reference: This is Discipline feat(phase-6): PR-J6a · signing-material endpoint + JWS verify middleware #17 operationalized at repo level

Founder authorization

Per "Hard revert to In Progress and force the missing work. Also check all repos" (2026-05-18 session 3.5 PM).

Review in Linear

[cursor]

You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace.

To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard.

[cursor]

You have used all Bugbot PR reviews included in your free trial for your GitHub account on this workspace.

To continue using Bugbot reviews, enable Bugbot for your team in the Cursor dashboard.