diff --git a/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md b/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md
index 8644c91..4fa74a7 100644
--- a/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md
+++ b/DANNY_STOCKER_INFRAFABRIC_DOSSIER.md
@@ -23235,10 +23235,12 @@ flowchart LR
 **Author:** Danny Stocker | **Date:** 2025-12-16 | **Doc ID:** `if://doc/EMO_SOCIAL_RUNTIME/v1.0`
 
 **What is live**
-- SPA + backend on `pct 220` (`emo-social-prod`) behind Caddy; Meta webhook implemented (awaiting company verification).
-- RAG store: `pct 220:/root/sergio_chatbot/chromadb/` (production Chroma, single-tenant) with collections `sergio_personality` (1 doc) and `sergio_corpus_psychotherapy_books` (284 chunks: Ellis 141 + Beck 143).
-- Embeddings: Ollama `tinyllama:latest` (2048-dim); backend model `gpt-5.2` via Codex; multi-session isolation (per API key and cookie `if_emotion_sid`).
-- Quick log/health: `journalctl -u if-emotion-backend.service -f`; test request: `curl -sS .../api/chat/completions` with “Hi Sergio”.
+- emo-social is live at `https://emo-social.infrafabric.io/` (SPA + backend on `pct 220`, fronted by Caddy on `pct 210`).
+- Google OAuth is live via `oauth2-proxy` (no app-side OAuth): users can type a question before login, but **login is required before any assistant content is returned**; the pending question is preserved and resent after login.
+- Free quota is enforced server-side (anti-tamper): `5/day` per Google account; paywall redirect to `/pricing`.
+- RAG store: `pct 220:/root/sergio_chatbot/chromadb/` (production Chroma, single-tenant) with collections including `sergio_personality` and psychotherapy corpora chunks.
+- Embeddings: offline Chroma ONNX MiniLM embedder (no external calls); LLM: `gpt-5.2` via Codex CLI (provider is switchable).
+- IF.TTT + tracing is live end-to-end (see “Monitoring / trace proof” below).
 
 ```mermaid
 flowchart LR
@@ -23246,7 +23248,7 @@ flowchart LR
   caddy --> nginx["nginx SPA proxy (pct 220)"]
   nginx --> backend["if-emotion-backend.service :5000"]
   backend --> chroma["ChromaDB /root/sergio_chatbot/chromadb"]
-  backend --> codex["LLM gpt-5.2 via Codex"]
+  backend --> codex["LLM gpt-5.2 via Codex CLI"]
   chroma --> backend
 
 ```
@@ -23264,7 +23266,24 @@ Chunk metadata stored per embedding: `source_id`, `source_sha256`, `source_file`
 - Chroma path is bound only inside pct 220 (`/root/sergio_chatbot/chromadb`); do not touch the legacy `/shared_chromadb` references from old pct 200.
 - Duplicate-content detection will reject re-uploads; rename or adjust content if reindexing.
 - Meta webhook live at `https://emo-social.infrafabric.io/meta/webhook` with HMAC validation; DM send blocked pending Meta company verification.
-- Retrieval + generation tracing is live: retrieval events and response hashes (prompt_sha256/response_sha256, provider/model, citations, retrieval_event_id) are logged to Chroma collection `trace_log` by `ClinicalTracer` (wired in `openwebui_server.py`).
+- Retrieval + generation tracing is live at two layers:
+  - **RAG tracer:** retrieval events + citations are recorded via the Clinical tracer (Chroma `trace_log`).
+  - **Runtime trace hub:** per-request hash-chain (event-by-event) to `pct 220:/opt/if-emotion/data/trace_events.jsonl`.
+  - **Signed trace event:** final per-request summary record signed (POC key) to `pct 220:/opt/if-emotion/data/ttt_signed_log.jsonl` including `prompt_sha256`, `response_sha256`, `retrieved_citations`, optional `retrieved_citations_ttt` (PQ verification), and `trace_chain` head hash.
+- Trap fixed (Dec 2025): streaming generators must use `stream_with_context()` (or avoid `request.*`) or Flask can raise `RuntimeError: Working outside of request context`, yielding “empty bubble / no answer” failures mid-stream.
+
+**Monitoring / trace proof (Dec 2025 update)**
+- Public health dashboard (fellowship-friendly): `https://infrafabric.io/status` (redacted; no internal addresses).
+- emo-social status page: `https://emo-social.infrafabric.io/status`
+- Per-request diagnostics UI (OAuth gated): `https://emo-social.infrafabric.io/diagnostics.html`
+  - If opened without `?trace=...`, it auto-attaches to the latest trace for the logged-in user via `GET /api/trace/latest`.
+- Trace APIs (OAuth gated):
+  - `GET /api/trace/latest` → most recent `trace_id` for the authenticated user
+  - `GET /api/trace/<trace_id>` → signed event summary (verifiable hash + signature metadata)
+  - `GET /api/trace/stream/<trace_id>` → SSE event stream (pipeline stages, timings, replacements, guard decisions)
+- IF.TTT registry monitoring:
+  - Registry API is LAN-only (intentionally): `http://10.10.10.240:8787/v1/status`
+  - Public redacted view is served from emo-social: `GET https://emo-social.infrafabric.io/api/public-status`
 
 
 <a id="ifemotion"></a>
@@ -32860,4 +32879,3 @@ If any item fails, the system fails this appendix.
 - Add automated appeal replay harness
 
 This appendix is intentionally dull. That is the point.
-