chore: add migration/ bundle for cross-machine setup

Bundles state that lives OUTSIDE the xenia-rs repo so a fresh clone on
another machine can be brought up to identical configuration via
migration/setup.sh:

  - claude-memory/             ~/.claude/projects/-home-fabi-RE-Project-Sylpheed/memory/
                               (103 files, 1.1 MB - MEMORY.md + every
                                project_xenia_rs_*.md from audits
                                addis_signext through audit-058)
  - project-root/dot-claude/   <project-root>/.claude/settings.json
                               (Stop hook + permissions)
  - project-root/ppc-manual/   <project-root>/ppc-manual/
                               (PowerPC reference docs, 397 files, 3.7 MB)
  - project-root/run-canary.sh <project-root>/run-canary.sh
  - README.md                  Human-readable setup checklist
  - setup.sh                   Idempotent installer (also reclones
                               xenia-canary at pinned HEAD 6de80dffe)
  - MANIFEST.md                Per-file mapping + per-file-not-bundled
                               restoration recipe

Excluded from bundle (not shippable via git):
  - Sylpheed ISO (7.8 GB; copyright; manual copy required)
  - sylpheed.db (395 MB; regenerable from XEX via analysis tooling)
  - target/ build artifacts (rebuild on target)
  - audit-runs probe firehoses (.log/.stdout/.stderr ~11 GB; rerun if needed)
  - audit-runs memory dumps (.bin ~4.5 GB; rerun audit-026/027/029 if needed)
  - xenia-canary checkout (setup.sh reclones from
    git.mc02.dev/fabi/Xenia-Canary.git at HEAD 6de80dffe)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

migration/project-root/ppc-manual/branch/sc.md

@@ -0,0 +1,129 @@
+# `sc` — System Call
+
+> **Category:** [Branch & System](../categories/branch.md) · **Form:** [SC](../forms/SC.md) · **Opcode:** `0x44000002` · _sync_
+
+<!-- GENERATED: BEGIN -->
+
+## Assembler Mnemonics
+
+| Mnemonic | XML entry | Flags | Description |
+| --- | --- | --- | --- |
+| `sc` | `sc` | — | System Call |
+
+## Syntax
+
+```asm
+sc [LEV]
+```
+
+## Encoding
+
+### `sc` — form `SC`
+
+- **Opcode word:** `0x44000002`
+- **Primary opcode (bits 0–5):** `17`
+- **Extended opcode:** —
+- **Synchronising:** yes
+
+| Bits | Field | Meaning |
+| --- | --- | --- |
+| 0–5 | `OPCD` | primary opcode (17) |
+| 6–19 | `—` | reserved |
+| 20–26 | `LEV` | exception level |
+| 27–29 | `—` | reserved |
+| 30 | `1` | fixed 1 |
+| 31 | `—` | reserved |
+
+## Operands
+
+| Field | Role | Description |
+| --- | --- | --- |
+| `LEV` | sc: read | System-call exception level (for `sc`). |
+
+## Register Effects
+
+### `sc`
+
+- **Reads (always):** `LEV`
+- **Reads (conditional):** _none_
+- **Writes (always):** _none_
+- **Writes (conditional):** _none_
+
+## Status-Register Effects
+
+_No condition-register or status-register effects._
+
+## Operation (pseudocode)
+
+```
+system_call_exception(LEV)
+```
+
+## C Translation Example
+
+```c
+/* C translation: the xenia-rs interpreter arm below in           */
+/* Implementation References is the authoritative semantic        */
+/* snapshot. Translate it line-by-line:                            */
+/*   - ctx.gpr[N]  -> r[N]       (or f[]/v[] for FPRs/VRs)        */
+/*   - mem.read_u*/write_u* -> mem_read_u*_be / mem_write_u*_be   */
+/*   - ctx.update_cr_signed(fld, v) -> update_cr_signed(fld, v)   */
+/*   - ctx.xer_ca / xer_ov / xer_so -> xer.CA / xer.OV / xer.SO   */
+/* The Register Effects and Status-Register Effects tables above  */
+/* enumerate every side effect a faithful translation must emit.  */
+```
+
+## Implementation References
+
+**`sc`**
+- xenia-canary XML: [`tools/ppc-instructions.xml` — search for `mnem="sc"`](../../xenia-canary/tools/ppc-instructions.xml)
+- xenia-canary emit: [`src/xenia/cpu/ppc/ppc_emit_control.cc:455`](../../xenia-canary/src/xenia/cpu/ppc/ppc_emit_control.cc#L455)
+- xenia-rs opcode: [`crates/xenia-cpu/src/opcode.rs:63`](../../xenia-rs/crates/xenia-cpu/src/opcode.rs#L63)
+- xenia-rs decoder: [`crates/xenia-cpu/src/decoder.rs:341`](../../xenia-rs/crates/xenia-cpu/src/decoder.rs#L341)
+- xenia-rs interpreter: [`crates/xenia-cpu/src/interpreter.rs:984-997`](../../xenia-rs/crates/xenia-cpu/src/interpreter.rs#L984-L997)
+<details><summary>xenia-rs interpreter body (frozen snapshot)</summary>
+
+```rust
+        PpcOpcode::sc => {
+            // PPCBUG-064: log non-zero LEV (`sc 2` is the Xbox 360 hypervisor-call
+            // convention; canary dispatches it to a different handler than `sc 0`).
+            // Routing LEV=2 requires a StepResult variant extension; deferred.
+            let lev = (instr.raw >> 5) & 0x7F;
+            if lev != 0 {
+                tracing::warn!(
+                    "sc with LEV={} at {:#010x}: dispatched as plain SystemCall (HVcall routing not implemented)",
+                    lev, ctx.pc
+                );
+            }
+            ctx.pc += 4;
+            return StepResult::SystemCall;
+        }
+```
+</details>
+
+<!-- GENERATED: END -->
+
+## Special Cases & Edge Conditions
+
+- **`LEV` field — kernel vs hypervisor.** The 7-bit `LEV` operand selects the privilege level of the syscall:
+  - `LEV = 0` — supervisor (kernel) syscall. Standard application → kernel transition; targets the `0xC00` system-call vector.
+  - `LEV = 1` — reserved.
+  - `LEV = 2` — **hypervisor syscall** (`HVcall`). On the Xenon, `sc 2` traps to the Xbox 360 hypervisor; this is how the kernel itself talks to the supervisor below it (e.g., for security operations, encrypted-memory accesses, page table updates).
+- **`sc` as written by titles.** Almost all guest game code uses `LEV = 0` to call `XboxKrnl.exe`. Game disassembly will show large jump tables of small thunks each ending in `li r0, syscall_no; sc; blr`.
+- **No condition or status side effects.** `sc` updates *no* general-purpose register on entry — neither LR nor CR. The kernel sees the GPR/FPR snapshot as-is and reads the syscall number out of `r0` (Xbox 360 ABI convention, not architectural).
+- **Return path.** Hardware returns from `sc` via [`rfid`](../control/mtmsrd.md)-class instructions in the kernel handler; from the application's perspective execution resumes at `CIA + 4`. Xenia's interpreter realises this by simply pre-incrementing `pc` then returning `StepResult::SystemCall` — the host driver dispatches the syscall and re-enters the loop.
+- **xenia divergence vs hardware.** xenia-rs *does not* model the `0xC00` exception vector or save SRR0/SRR1; the `LEV` operand is currently ignored. All `sc` instructions are treated identically and serviced by the host. This is sufficient because Xbox 360 titles don't observe SRR registers and the host kernel is implemented natively.
+- **Synchronisation.** Marked `sync` in xenia's XML — `sc` is context-synchronising (hardware completes all prior instructions before raising the exception). JITs must flush pending state before emitting the host call.
+- **Reserved bits.** Bit 30 is fixed `1`; bits 6–19 and 27–29 are reserved (must be 0). The 1-bit field at position 30 distinguishes the `sc` encoding from `scv` (later PowerISA addition, not present on the Xenon).
+
+## Related Instructions
+
+- [`bx`](bx.md), [`bcx`](bcx.md), [`bclrx`](bclrx.md), [`bcctrx`](bcctrx.md) — ordinary control flow alternatives.
+- [`tw`](tw.md), [`twi`](twi.md), [`td`](td.md), [`tdi`](tdi.md) — synchronous *trap* exceptions; another way to enter the kernel.
+- [`mtmsr`](../control/mtmsr.md), [`mtmsrd`](../control/mtmsrd.md) — machine-state changes used by the kernel's `sc` handler on return (`rfid`/`hrfid` chain not separately documented in this manual).
+- [`isync`](../control/mtmsr.md) — context-synchronising sibling; `sc` itself implies an isync-like fence.
+
+## IBM Reference
+
+- [AIX 7.3 — `sc` (System Call)](https://www.ibm.com/docs/en/aix/7.3.0?topic=set-sc-system-call-instruction)
+- PowerISA v2.07B, Book III §7 — System Linkage interrupt definitions and `LEV` field semantics.