phase-1 · daemon · 2026-06-09
The daemon stands up
ArgusDaemon is the always-on core: one processor thread receives events from the file watcher and the email scanner and routes them through the gate-keeper pipeline.
The universal contract, enforced from day one: the incident record is written to the hash-chained, append-only SQLite log first, synchronously, before anything else acts. If the log write fails, nothing downstream happens.
The second invariant is the staging zone. New downloads land under a deny-execute ACL and nothing in that zone executes without a verdict — quarantine-first, guilty until proven innocent.
Five smoke tests pass: the daemon starts, watches, routes, logs, and shuts down cleanly.