Clone repo
git clone git@github.com:TheMindExpansionNetwork/sonicforge-live.git
Private-first repo payload; secrets stay in local env files only.
Fresh Hermes payload installer
Install the station. Arm nothing by accident.
A cloneable setup surface for fresh Hermes + SonicForge Live: local API keys, provider checks, ComfyUI endpoint, workflow registry, model ledger, custom DJ/VJ agent.
Add keys locally
Copy .env.example; add provider keys on your machine. The app never asks you to paste secrets into the browser page.
Connect ComfyUI
COMFYUI_BASE_URL=http://127.0.0.1:8188
Only read-only checks are allowed by default: /system_stats, /object_info, /prompt, /queue.
Review model ledger
Missing models create a plan first. Downloads require explicit operator approval and should record source URL, license, size, and checksum.
Create DJ agent
Choose name, personality, crate profile, safety sheet, visual profile, station signal, and workflow bindings.
Run dry-run demo
Acquire station signal, show Deck A/B, fire terminal visuals, and keep all provider lanes closed until a human arms them.
Environment defaults
Fail-closed flags
SONICFORGE_COMFY_DRY_RUN=1 SONICFORGE_ALLOW_COMFY_PROMPT=0 SONICFORGE_ALLOW_MODEL_DOWNLOADS=0 SONICFORGE_ALLOW_REMOTE_ENDPOINT=0 SONICFORGE_ALLOW_GPU=false SONICFORGE_ALLOW_PUBLIC_STREAM=false
Closed-gate safety ledger
Builder party, human-armed
Server-enforced policy blocks known dangerous action routes unless matching approval flags are set: ComfyUI POST /prompt, model downloads, public stream publishing, mic recording, and uploads. This hub is repo-backed, local-first, and approval-gated; inspect /api/safety-policy.
starts_gpu=falsestarts_paid_api=falsepublishes_stream=falserecords_audio=falseuploads_private_media=false