phase-1 · daemon · 2026-06-09

The daemon stands up

ArgusDaemon is the always-on core: one processor thread receives events from the file watcher and the email scanner and routes them through the gate-keeper pipeline.

The universal contract, enforced from day one: the incident record is written to the hash-chained, append-only SQLite log first, synchronously, before anything else acts. If the log write fails, nothing downstream happens.

The second invariant is the staging zone. New downloads land under a deny-execute ACL and nothing in that zone executes without a verdict — quarantine-first, guilty until proven innocent.

Five smoke tests pass: the daemon starts, watches, routes, logs, and shuts down cleanly.

15d01e3