The only manual you'll ever need for the platform you definitely didn't build to avoid reading manuals
Carr NeuroClinic™
Daisy Link™ HQ
Complete Operator Manual · v14
Or: Why you have 47 browser tabs open right now
You built something extraordinary. A private platform that lets you deploy custom digital experiences to anyone on earth with a single QR code scan. A behavioral intelligence engine running 10 layers of live math. An AI critic panel with 16 distinct personalities. A system forge that turns a half-finished idea into a working application in under a minute.
And yet, here you are, reading a manual. That tracks.
This book covers everything — the galaxy intro that you're fairly certain has never played correctly, the password that unlocks the locked things, the single wrong model string that was silently breaking BroCode every time, and the mysterious Shush mode that most people assume is decorative until they accidentally unlock it.
Read it linearly if you're thorough. Jump to the chapter you need if you're on fire. Use the cheat sheet at the end if you're the kind of person who skips to the last page first.
—The Manual
Not what you thought you were building, but better
Daisy Link™ is a private deployment platform. You create experiences — videos, guided sessions, breathing exercises, full AI-generated courses, rituals, assessments — and you deploy them as a uniquely keyed link. That link lives inside a QR code. Someone scans the QR code, they get your experience. Nobody else does. It expires when you say it expires. It works on their phone, their laptop, their tablet.
Think of it as a private broadcasting studio where every broadcast is encrypted, personalized, and expires on schedule. Except instead of a broadcast tower, you have a Cloudflare Workers edge network. And instead of a satellite dish, your client has a phone camera.
HQ is your control plane. It lives at daisy-link-hq.pages.dev. This is where you build, configure, and fire deployments. You're the only one who sees it.
The Runtime is what your clients see. It lives at daisy-link.pages.dev. When someone scans a QR, they land here. The runtime reads their key, validates it, loads their experience, and presents it.
The Worker is the engine. daisy-platform.carrneuroclinic.workers.dev handles key generation, validation, storage in the DAISY_KEYS KV namespace, and JWT signing with your RS256 keypair.
The Tools are the power features — Neuro Vault for IP synthesis, BroCode for AI development support, QR Forge for visual QR art, and Daisy Scan for security analysis. Each is a standalone application that ships with HQ and communicates back to it via a shared event channel.
Everything communicates through BroadcastChannel('daisy_hq_channel'). When Neuro Vault forges a system, HQ hears it. When Daisy Scan flags a threat, HQ blocks key generation. When Session Builder exports content, HQ auto-fills the deploy form. It's a living nervous system.
When HQ says you have 24 registered tools, here's what that actually breaks down to:
| Category | Count | What They Are |
|---|---|---|
| Experience Types | 14 | The content types clients can receive: Video, Audio, Session, Breathing, Affirmations, Story, Presentation, Assessment, Journal, Course, Gallery, Ritual, Countdown, Embed |
| Apps | 6 | Neuro Vault, BroCode, QR Forge, Session Builder, Shush Core (locked), Shush Vault (locked) |
| Operator Tools | 4 | Daisy Scan, Reality Engine, Artifact Engine, Deploy Console |
The sidebar search in HQ only shows Apps and Tools — not the 14 experience types, because those live in the Build tab's content grid, not the operator panel. This is intentional. It is also, historically, confusing.
Passwords, keys, and the unhelpful screen you see when you mistype one
There are four different authentication systems in the Daisy Link ecosystem and they all have different credentials. This is not a design decision so much as an archaeological record of how the platform was built. Write these down somewhere that isn't this book.
The dashboard itself doesn't have a login screen — it opens directly. Your security comes from the fact that it's deployed to your private Cloudflare Pages account and you control who has the URL. If you want to restrict it further, Cloudflare Pages supports access policies.
BroCode has its own login. You'll see a terminal-style screen asking for a password when you first open it.
Use operator / brocode2024 for yourself. Always. The other credentials exist for if you ever deploy BroCode to a team.
Neuro Vault has its own separate login that has nothing to do with BroCode.
These passwords are in the JavaScript source code of each file. Anyone who opens dev tools can read them. This is fine for a private operator platform — but don't hand these files to strangers expecting them to not notice.
There are two codes that unlock Shush Mode from the HQ dashboard. Either one works. See Chapter 12 for the full story on what Shush Mode even is.
Your opening cinematic, now fixed so it actually plays
When you open dashboard.html, the first thing that happens is a full-screen cinematic sequence plays over a galaxy video. The Daisy Link™ logo fades in against the cosmos. The subtitle appears. An "Enter HQ" button materializes. It's genuinely impressive when it works.
For a while, it didn't work correctly — the three elements (logo, subtitle, button) all fired within 300 milliseconds of each other, creating a synchronized blur rather than a cinematic reveal. The total duration was 5 seconds, which isn't enough time to appreciate a galaxy.
The fixed version works like this:
Page loads. Galaxy video begins playing in the background at 85% opacity.
At 800ms: DAISY LINK™ logo scales up and fades in over 1.4 seconds.
At 2200ms: "HQ CONTROL PLANE" subtitle fades in.
At 3400ms: The "ENTER HQ" button appears.
At 9000ms: Auto-advances to the dashboard if you haven't clicked anything.
You can click "ENTER HQ" at any point to skip directly in. The galaxy video pauses on skip. If the video fails to load (network issue, local file, etc.), the sequence still runs and auto-advances after 2 seconds.
The galaxy.mp4 needs to live at assets/video/galaxy.mp4 relative to dashboard.html. If you're opening dashboard.html as a local file rather than through a server, some browsers block autoplay. Deploy to Cloudflare Pages and it works everywhere.
The whole point of the platform, demystified
A Daisy Link key is a signed JWT token formatted as DL-XXXX-XXXX-XXXX. It contains an encoded profile: who this is for, what experience they get, how long it's valid, which tools are included. The key gets embedded in a QR code. Client scans QR, runtime reads key, experience loads. That's the whole product in three sentences.
The HQ dashboard walks you through five steps. They're sequential for a reason — each step informs the next.
Session Profile. Label, client name, mode (Clinical / Standard / Shush), permissions level, expiry (24h / 72h / 7d / 30d / Permanent). This is the metadata layer.
Select Tools. Pick the experience types and apps this key unlocks. Video? Breathing? Guided session? All of the above? Each selected tool appears as a chip you can remove. The Truth Engine score updates as you add tools — more tools = higher complexity = lower score.
Analysis. The Truth Engine runs its 10-layer behavioral math on your configuration. It returns a deployment score (31–98). Below 50 is a warning. The system won't block you based on score alone — it will block you if Daisy Scan flags the manifest as a threat (score ≥ 80). Click "Analyze" to run manually, or wait for auto-analysis.
Content. Paste a JSON content definition or use Session Builder to design it visually. Session Builder exports directly into this field via BroadcastChannel. You can also leave this blank — the runtime will render a default menu of the tools you selected.
Generate. Fires the key generation request to the daisy-platform Worker via /generate. Returns the formatted key, a shareable link, the expiry time. The key modal appears. Copy the key. QR code is generated automatically if you're in the QR panel.
The token contains: label, mode, permissions, tools array, expiry, expiresAt timestamp, operator identifier, and analysis score from the Truth Engine. It's signed with your RS256 private key. The runtime uses your public key to verify it hasn't been tampered with.
| Setting | Duration | When to Use |
|---|---|---|
| 24h | 24 hours | Single events, workshops, live sessions |
| 72h | 3 days | Short programs, weekend intensives |
| 7d | 1 week | Weekly assignments, short courses |
| 30d | 1 month | Monthly programs, ongoing clients |
| Permanent | Never | Always-available resources, reference material |
The dashboard, the sidebar, and the things nobody explains
The HQ dashboard has three main tabs: Build, Analytics, and Deploy Log. Build is where you spend 90% of your time. Here's what every piece of it actually does.
Tool Registry (top of sidebar): Shows your registered apps and operator tools — the 8 non-experience-type items. The search field filters this list. Clicking any item launches it in a new tab. The (N) count after the label tells you how many tools are currently showing.
Stats block (bottom of sidebar): Four numbers. Total = all registered entries including experiences. Live = tools that passed the HEAD check (their files actually exist on the server). Deployments = keys generated this session. Selected = tools currently added to your build. The Live count is your sanity check — if it's lower than you expect, something's missing.
⚡ AI ACTIVE indicator: In the topbar, this small badge shows whether your Gemini API key is set. Green means all AI tools (Neuro Vault, BroCode, QR Forge) are ready to fire. Clicking it opens the unified key modal.
The circular score in the Build tab runs on your configuration in real time. Here's how to read it:
| Score | Color | Meaning |
|---|---|---|
| 80–98 | Green | Clean, focused deployment. High confidence. |
| 60–79 | Yellow | Moderate complexity. Fine for most use cases. |
| 40–59 | Orange | Elevated complexity or unusual configuration. |
| 31–39 | Red | Warning territory. Review your tool selection. |
The score is informational. It won't stop you from generating a key unless you've added tools that trigger Daisy Scan's threat engine, at which point you'll see a block message before the key fires.
Every action in HQ gets logged with a timestamp to the audit panel. Key generated, scan completed, tool selected, BroadcastChannel event received — all of it. Export as CSV or JSON using the buttons at the top of the log panel. If something went wrong, the log usually tells you what happened three lines before you noticed.
What your clients actually receive when they scan the QR
When a client scans a Daisy Link QR code, they see the Runtime. The Runtime reads their key, extracts the tool list, and presents the experience. Here's what each of the 14 experience types delivers.
The Ritual experience type is Shush-gated. It will appear locked in your tool selection unless Shush Mode is active. To add it to a deployment, you need to unlock Shush first (Chapter 12).
Rather than hand-coding the JSON content definition, open Session Builder from the sidebar or apps panel. It's a visual designer — drag in sections, add text, media URLs, prompts. When you're done, hit Export. Session Builder broadcasts content:export on the shared channel, HQ receives it, and the content field auto-populates. No copy-pasting.
Eight tools, four categories, one shared nervous system
Every operator tool in HQ runs as a standalone HTML page that communicates back to the dashboard through a shared BroadcastChannel. They can run in separate browser tabs, in pop-out windows, or embedded. They all speak the same event language. Here's the full panel.
The system forge that turns ideas into running code
Neuro Vault is a System Conversion Engine — or SCE, if you prefer acronyms. You give it any input: a half-formed idea, a tool description, a PDF, a voice concept typed out in ten seconds. It returns a complete SystemBlueprint: file tree, working code in every file, deployment tasks, tech stack, and a version number starting at 1.0.0.
Navigate to Neuro Vault from the HQ sidebar or via the ⬡ button in the quick-launch row. You'll see a login screen. Password is DAISY-FORGE-2025. You arrive at the dashboard showing your forge count and recent systems.
This is the main event. Paste your idea into the large textarea. You can also click "Buffer Assets" to attach images, PDFs, or code files — they get sent alongside your text as multimodal input. Hit FORGE SYSTEM (or ⌘+Enter).
Gemini 2.0 Flash processes your input with a system prompt telling it to generate real, working, production-grade code — no placeholders, no TODOs. The response comes back as a structured JSON blueprint. Neuro Vault parses it, builds the file tree, saves it to your vault, and navigates to the System Forge view.
Specificity outperforms vagueness. "A clinical session timer with patient name, countdown from 50 minutes, notes field, and amber warning at 5 minutes" generates a vastly better result than "session timer." But "hello" still generates a sophisticated communication intelligence system. The forge handles both ends of the spectrum.
The forge view has three areas:
Click the purple branch icon (or ↺ Evolve button) to inject an evolution directive. Type something like "Add user authentication with a password gate" or "Rebuild the UI with a dark cyberpunk aesthetic." The evolution engine sends your directive plus a summary of the existing blueprint to Gemini, which returns a new versioned system (v2.0.0). The original version is preserved in your vault.
Every forged system lives in the Vault tab — a table with name, type, creator, version, and status. Click the eye icon to reopen in Forge. Click the download icon to export as a ZIP with all files. All vault data is stored in localStorage on your device. It doesn't sync between machines — if you clear your browser storage, the vault goes with it. Export important systems as ZIPs.
With a blueprint active, go to the Valuation tab and click "Run IP Valuation Pipeline." Gemini Flash evaluates your system and returns an estimated value, complexity score, market fit assessment, best marketplace recommendations, and acquisition drivers with impact ratings. This is where "hello" gets valued at $2.4M and you feel like a genius.
Every successful forge broadcasts two events back to HQ:
nv:pipeline:complete — registers the tool in HQ's artifact catalogcontent:export — auto-populates the HQ build tab content fieldYou'll see "neuroVault:artifact — [System Name] cataloged" in the HQ audit log immediately after a forge completes.
Your 16-member AI development team, available at all hours
BroCode is a multi-agent AI development companion. At its core is a panel of 16 critics — each with a distinct personality, domain expertise, and system prompt. You can talk to any of them directly. They remember the conversation within a session and respond in character, in depth, with genuine insight.
Open BroCode from the HQ sidebar. Login with operator / brocode2024. You land on a terminal-style dashboard. Add your Gemini API key via ⚙ API KEY in the top-right (or click the green indicator if HQ already has your key set — it auto-fills).
Navigate to the Critics tab to see all 16 as cards. Status indicators show which are active, standby, or locked. Click any active critic card to open the chat panel on the right. Type your question or directive and hit Enter.
| Critic | Role | Best For |
|---|---|---|
| BroCode | Core System AI | General questions, routing to the right critic, system overview |
| Sadie | Creative Muse | Aesthetic direction, narrative design, loop rituals, creative systems |
| Cassian Holt | System Architect | File structure, module design, code patterns, architectural decisions |
| Batman | Security Chief | Vulnerabilities, failsafes, threat analysis, contingency planning |
| Iron Psalm | Arena Announcer | Deployment hype, motivation, live narration, dramatic builds |
| Simon | Memory Keeper | Pattern tracking, consistency monitoring, cross-session continuity |
| Perplexity's Finest | Clinical Engine | Session structure, diagnostics, intake protocols, scoring systems |
| Nyx | Domme of the Arena | Ritual architecture, client overrides, authority protocols |
| The Architect | Sourcecode Whisperer | Deep foundational code, origin logic, system DNA |
| The Writer | Story Forger | Lore creation, session scripts, narrative arcs, world-building |
| Loopwalker | Temporal Engineer | Time-based logic, countdown mechanics, delayed triggers |
| Vault Master | Encryption Guardian | Key management, vault systems, access control |
| Daisy | System Embodiment | Platform understanding, client experience, ecosystem questions |
| Echo Bender | Ritualized AI | Loop installation, script execution, compliance protocols |
| The Reversal | Counter-Script Master | Breaking loops, reversal logic, countermeasures (locked) |
| Operator Says | Override Executor | Override commands, system-level operations (locked) |
In the main BroCode chat terminal (not individual critic panels), you can use slash commands:
Each critic maintains their own conversation history, stored in localStorage under the key brocode_critic_history. The last 20 messages per critic are sent as context with each new request — so the critic actually remembers what you discussed earlier in the session. Clear history from the Settings tab.
Start with BroCode for broad questions, then have BroCode route you — "you want Cassian for this" — and open that critic's panel. The specialist critics give far deeper answers when you go directly to their domain.
When a black-and-white grid is an aesthetic crime
QR Forge takes a QR code and turns it into visual art. You enter the URL or text, set your error correction to High (required for image overlay), pick a style template or describe your own aesthetic, optionally upload a logo, and Gemini 2.0 Flash generates an image that is simultaneously a scannable QR code and something you'd actually want to look at.
Open QR Forge from the HQ sidebar or apps panel.
Enter your API key (or it auto-loads from the unified Gemini key).
Select AI Mode (for Gemini-generated art) or Classic Mode (for a styled but non-AI QR code).
Enter the URL or text you want the QR to encode — usually your Daisy Link runtime URL with the key parameter.
Pick a style from the 24 templates, or write a custom style prompt in the field.
Optionally upload a logo to embed in the center.
Click Generate. Wait 8–15 seconds. Receive art.
Download the PNG. Test that it scans before you use it.
AI-generated QR codes occasionally produce images that look perfect but scan incorrectly or not at all. Test with multiple devices and multiple scanner apps before you hand the QR to a client. High error correction (H) gives the most tolerance — always use it.
QR Forge uses the unified DAISY_GEMINI_KEY key. If you set your key in HQ or Neuro Vault, QR Forge picks it up automatically. No re-entry needed.
Nine layers of math that say "this looks fine" or "absolutely not"
Daisy Scan is a behavioral trust intelligence tool powered by the Truth Spine engine. It scans URLs, Daisy Link keys, deployment manifests, and domain names through a 9-layer analysis pipeline and returns a threat score from 0–100 with a classification, flag list, and recommended action.
| Layer | Name | What It Measures |
|---|---|---|
| L1 | Structural | Integrity, stability, drift, boundary violations |
| L2 | Identity | Authenticity, profile coherence, spoofing patterns |
| L3 | Interaction | Conflict, boundary collision vs. canonical baseline |
| L4 | Decision | Exploit patterns, authority override risk |
| L5 | Collective | Multi-agent patterns (cohesion, fragmentation) |
| L6 | Temporal | Drift velocity, state change rate, trajectory |
| L7 | Environment | Resource pressure, economic stress signals |
| L8 | Narrative | Manipulation patterns, coercive structure |
| L9 | Energy | System energy state — cascade vs. collapse risk |
| Score | Classification | Action |
|---|---|---|
| 0–34 | SAFE | ALLOW — no significant threat signals |
| 35–59 | SUSPICIOUS | WARN — anomalous patterns, proceed with caution |
| 60–79 | HIGH RISK | WARN + REVIEW — verify source manually |
| 80–100 | CRITICAL | BLOCK — do not proceed |
Daisy Scan is wired into the key generation pipeline. Before every key fires, the deployment manifest is scored by the embedded DaisyScanBridge. Score ≥ 80 blocks key generation entirely. Score 35–79 shows a confirmation dialog. Score below 35 proceeds silently. You'll see the scan result in the audit log.
Open Daisy Scan from the sidebar to run manual scans. Useful for checking client-submitted URLs before embedding them, validating QR destinations, or auditing existing keys. The Trust Registry pre-populates with all canonical Daisy Link ecosystem domains marked as Trusted.
Truth Spine Layer 10, affectionately known as Mr. Max, is a state-adaptive decision scoring engine. It takes a list of options (each with impact, effort, risk, horizon, reversibility ratings) and a system state (instability, distortion, history array) and returns ranked scores with confidence intervals and diagnostic breakdowns.
Layer 10 is now active in the browser via window.TruthSpineL10.computeDecisionScore(). The original file used Node.js module.exports syntax that broke silently in browser context — the fixed dashboard patches this on load. The full engine is also inlined as a fallback so it works regardless of file load order.
The locked room you built for yourself, explained
Shush Mode is an operator-level access tier within HQ that unlocks additional functionality: the Ritual experience type (full-screen immersive ritual with symbol, text, and timer), Shush Core™, and Shush Vault™. It is, despite appearances, not decorative.
Click the ◈ SHUSH button in the HQ topbar. A modal appears with a password field. Enter either of the two codes:
Both codes unlock the same feature set. The ARCHON code shows the ▲ ARCHON badge in the topbar. A Shush timer appears showing how long the mode has been active.
Shush Mode is a session state — it doesn't persist between page loads. You'll need to re-enter the code each time you open HQ. The timer in the topbar shows your current session duration. Click ◈ SHUSH again to lock it manually.
When Shush mode is active, Daisy Scan evaluates deployment manifests differently — Shush-mode keys add a 20-point modifier to certain threat calculations. High tool count + Shush mode + short expiry is a recognized escalation pattern. This is by design: Shush deployments warrant extra scrutiny.
Where the zip goes and in what order
The full HQ ecosystem runs on Cloudflare Pages. You have three deployable items: the HQ itself, the client runtime, and the Worker. Here's the deployment sequence that works.
Go to Cloudflare Dashboard → Pages → daisy-link-hq
Click Deploy → Upload Assets
Upload the contents of the daisy-hq-final folder (not the folder itself — the files inside it)
Wait for deployment to complete. Live at daisy-link-hq.pages.dev
Go to Cloudflare Dashboard → Pages → daisy-link
Upload the Runtime zip contents
Live at daisy-link.pages.dev
The daisy-platform Worker handles key generation. If you've updated the Worker code:
Go to Cloudflare Dashboard → Workers & Pages → daisy-platform
Click Edit Code
Paste the contents of worker/daisy-platform.js
Click Save and Deploy
Verify: visit daisy-platform.carrneuroclinic.workers.dev/health — you should see "jwt":"enabled"
The Worker needs your RSA private key as a secret. In the Worker settings, look for Settings → Variables → JWT_PRIVATE_KEY. It should already be set from your previous deployment. If you regenerated keys with generate-jwt-keys.js, you'll need to update this secret and also update the public key in flow/runtime.html.
Three AI tools, one key, zero dollars
All three AI-powered tools — Neuro Vault, BroCode, and QR Forge — now run on Google's Gemini 2.0 Flash. The free tier gives you 15 requests per minute and 1 million tokens per day. A typical Neuro Vault forge costs 3,000–8,000 tokens. A BroCode critic conversation runs about 1,000–2,000 tokens. You could forge 100+ systems and have 400+ critic conversations before touching the daily limit. It resets every 24 hours. There is no card required.
Sign in with your Google account
Click Create API Key
Copy the key — it starts with AIza
The unified key system means you only need to do this once. In HQ:
Click ⚡ ADD FREE KEY in the topbar (or any ⚙ API KEY button in any tool)
Paste your AIza... key
Click SAVE KEY — ACTIVATE ALL TOOLS
The key saves to localStorage as DAISY_GEMINI_KEY and immediately propagates to the local key stores for all three tools. The topbar indicator changes to ⚡ AI ACTIVE. Open Neuro Vault, BroCode, or QR Forge — they'll find the key without asking for it again.
The key is stored locally in your browser only. It is never transmitted anywhere except directly to the Google Generative Language API during inference calls. It does not leave your machine for any other purpose. Clearing your browser storage or switching browsers requires re-entering it.
| Limit | Value | What it means |
|---|---|---|
| Requests per minute | 15 | One request every 4 seconds max. BroCode conversations are fast — rarely an issue. |
| Tokens per day | 1,000,000 | Enough for 100–300 Neuro Vault forges, or thousands of BroCode messages. |
| Context window | 1M tokens | Enormous. Entire codebases fit inside one call. |
Everything you'll actually need to remember
| Score | Meaning | Blocks Key? |
|---|---|---|
| 80–98 | Clean deployment | No |
| 50–79 | Moderate complexity | No |
| 35–49 | Warning zone | No, but Daisy Scan warns |
| Below 35 | Flagged configuration | Scan threat may block |
| Problem | Cause | Fix |
|---|---|---|
| Neuro Vault 404 | File at wrong path | Ensure file is at apps/neuro-vault/index.html |
| BroCode critics don't respond | No API key or wrong key | Set Gemini key via ⚙ API KEY button |
| Worker health shows jwt:disabled | JWT_PRIVATE_KEY secret not set | Go to Worker Settings → Variables, re-add the secret |
| Intro plays too fast | Old JS timing code | Deploy the fixed dashboard.html from this package |
| AI ACTIVE shows but tool doesn't work | Stale key in different tool's localStorage | Re-save key from HQ topbar to propagate |
| Ritual type missing from build grid | Shush Mode not active | Click ◈ SHUSH → enter SHUSH01 or ARCHON |
| Daisy Scan blocking key generation | Manifest threat score ≥ 80 | Reduce tool count, check mode setting, review config |
| Layer 10 not available | module.exports error in browser | Use fixed dashboard.html — patches on load |
| Where | Shortcut | Action |
|---|---|---|
| Neuro Vault — IP Seeder | ⌘+Enter | Forge system |
| BroCode critics | Enter | Send message |
| BroCode terminal | ↑ / ↓ | Command history |
Go to aistudio.google.com/apikey. Sign in with Google. Create key. Paste it once into HQ. Done. All three AI tools activate. Free forever for personal use. 15 requests per minute. 1 million tokens per day. No card. No expiry.
Daisy Link™ HQ for Dummies
First Edition · v14 Release
Platform by Eric Carr / Carr NeuroClinic™
Daisy Link™ is deployed on Cloudflare Pages & Workers
Powered by Gemini 2.0 Flash · Truth Spine v10 · RS256 JWT
DemCarrBoys — Built in love, coding with purpose.