bootstrap

SUSPICIOUS: the core workflow is coherent for recording sessions and GitHub-backed chunk storage, and install sources are mostly official. Risk comes from broader-than-advertised repo creation/push behavior, credential forwarding via tokenized git URLs, daemon/persistence coupling, and self-modifying instructions. Not clearly malicious, but higher-trust than a simple bootstrap helper should require.