chore: add migration/ bundle for cross-machine setup

Bundles state that lives OUTSIDE the xenia-rs repo so a fresh clone on
another machine can be brought up to identical configuration via
migration/setup.sh:

  - claude-memory/             ~/.claude/projects/-home-fabi-RE-Project-Sylpheed/memory/
                               (103 files, 1.1 MB - MEMORY.md + every
                                project_xenia_rs_*.md from audits
                                addis_signext through audit-058)
  - project-root/dot-claude/   <project-root>/.claude/settings.json
                               (Stop hook + permissions)
  - project-root/ppc-manual/   <project-root>/ppc-manual/
                               (PowerPC reference docs, 397 files, 3.7 MB)
  - project-root/run-canary.sh <project-root>/run-canary.sh
  - README.md                  Human-readable setup checklist
  - setup.sh                   Idempotent installer (also reclones
                               xenia-canary at pinned HEAD 6de80dffe)
  - MANIFEST.md                Per-file mapping + per-file-not-bundled
                               restoration recipe

Excluded from bundle (not shippable via git):
  - Sylpheed ISO (7.8 GB; copyright; manual copy required)
  - sylpheed.db (395 MB; regenerable from XEX via analysis tooling)
  - target/ build artifacts (rebuild on target)
  - audit-runs probe firehoses (.log/.stdout/.stderr ~11 GB; rerun if needed)
  - audit-runs memory dumps (.bin ~4.5 GB; rerun audit-026/027/029 if needed)
  - xenia-canary checkout (setup.sh reclones from
    git.mc02.dev/fabi/Xenia-Canary.git at HEAD 6de80dffe)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

migration/project-root/ppc-manual/control/mtmsr.md

@@ -0,0 +1,139 @@
+# `mtmsr` — Move to Machine State Register
+
+> **Category:** [Control / CR / SPR](../categories/control.md) · **Form:** [X](../forms/X.md) · **Opcode:** `0x7c000124` · _sync_
+
+<!-- GENERATED: BEGIN -->
+
+## Assembler Mnemonics
+
+| Mnemonic | XML entry | Flags | Description |
+| --- | --- | --- | --- |
+| `mtmsr` | `mtmsr` | — | Move to Machine State Register |
+
+## Syntax
+
+```asm
+mtmsr [RS]
+```
+
+## Encoding
+
+### `mtmsr` — form `X`
+
+- **Opcode word:** `0x7c000124`
+- **Primary opcode (bits 0–5):** `31`
+- **Extended opcode:** `146`
+- **Synchronising:** yes
+
+| Bits | Field | Meaning |
+| --- | --- | --- |
+| 0–5 | `OPCD` | primary opcode |
+| 6–10 | `RT/FRT/VRT` | destination |
+| 11–15 | `RA/FRA/VRA` | source A |
+| 16–20 | `RB/FRB/VRB` | source B |
+| 21–30 | `XO` | extended opcode (10 bits) |
+| 31 | `Rc` | record-form flag |
+
+## Operands
+
+| Field | Role | Description |
+| --- | --- | --- |
+| `RS` | mtmsr: read | Source GPR (alias for RD in some stores). |
+| `MSR` | mtmsr: write | Machine State Register. |
+
+## Register Effects
+
+### `mtmsr`
+
+- **Reads (always):** `RS`
+- **Reads (conditional):** _none_
+- **Writes (always):** `MSR`
+- **Writes (conditional):** _none_
+
+## Status-Register Effects
+
+_No condition-register or status-register effects._
+
+## Operation (pseudocode)
+
+```
+; Pseudocode derives directly from the xenia-rs interpreter
+; arm (see Implementation References). Operation semantics:
+;   - Read source operands from the fields listed under Operands.
+;   - Apply the arithmetic / logical / memory action described
+;     in the Description field above.
+;   - Write results to the destination register(s); update any
+;     status bits enumerated under Status-Register Effects.
+; Consult the IBM AIX reference link under IBM Reference for
+; canonical PPC-style pseudocode where xenia's expression is
+; terse.
+```
+
+## C Translation Example
+
+```c
+/* C translation: the xenia-rs interpreter arm below in           */
+/* Implementation References is the authoritative semantic        */
+/* snapshot. Translate it line-by-line:                            */
+/*   - ctx.gpr[N]  -> r[N]       (or f[]/v[] for FPRs/VRs)        */
+/*   - mem.read_u*/write_u* -> mem_read_u*_be / mem_write_u*_be   */
+/*   - ctx.update_cr_signed(fld, v) -> update_cr_signed(fld, v)   */
+/*   - ctx.xer_ca / xer_ov / xer_so -> xer.CA / xer.OV / xer.SO   */
+/* The Register Effects and Status-Register Effects tables above  */
+/* enumerate every side effect a faithful translation must emit.  */
+```
+
+## Implementation References
+
+**`mtmsr`**
+- xenia-canary XML: [`tools/ppc-instructions.xml` — search for `mnem="mtmsr"`](../../xenia-canary/tools/ppc-instructions.xml)
+- xenia-canary emit: [`src/xenia/cpu/ppc/ppc_emit_control.cc:822`](../../xenia-canary/src/xenia/cpu/ppc/ppc_emit_control.cc#L822)
+- xenia-rs opcode: [`crates/xenia-cpu/src/opcode.rs:55`](../../xenia-rs/crates/xenia-cpu/src/opcode.rs#L55)
+- xenia-rs decoder: [`crates/xenia-cpu/src/decoder.rs:780`](../../xenia-rs/crates/xenia-cpu/src/decoder.rs#L780)
+- xenia-rs interpreter: [`crates/xenia-cpu/src/interpreter.rs:1649-1663`](../../xenia-rs/crates/xenia-cpu/src/interpreter.rs#L1649-L1663)
+<details><summary>xenia-rs interpreter body (frozen snapshot)</summary>
+
+```rust
+        PpcOpcode::mtmsr | PpcOpcode::mtmsrd => {
+            // PPCBUG-078: mtmsrd L=1 is a partial-MSR-write — only MSR[EE]
+            // (u64 bit 15) and MSR[RI] (u64 bit 0) are modified; all other
+            // MSR bits preserved. Used by kernel code to re-enable external
+            // interrupts without disturbing the rest of the MSR.
+            let l = (instr.raw >> (31 - 15)) & 1;
+            let rs = ctx.gpr[instr.rs()];
+            if matches!(instr.opcode, PpcOpcode::mtmsrd) && l == 1 {
+                let mask: u64 = (1u64 << 15) | 1u64;
+                ctx.msr = (ctx.msr & !mask) | (rs & mask);
+            } else {
+                ctx.msr = rs;
+            }
+            ctx.pc += 4;
+        }
+```
+</details>
+
+<!-- GENERATED: END -->
+
+## Special Cases & Edge Conditions
+
+- **Privileged.** `mtmsr` is supervisor-only on real hardware. Executing it from problem state raises a Privileged Instruction interrupt. Game code never emits it; only the kernel and exception-return paths use it.
+- **32-bit form.** `mtmsr` writes the **low 32 bits** of MSR (legacy PPC32 form). On the Xenon (a PPC64 implementation), use [`mtmsrd`](mtmsrd.md) for the full 64-bit MSR. Some Xenon kernel sequences still use `mtmsr` to leave the high half untouched while flipping low-half flags like EE/PR.
+- **Synchronisation.** Marked `sync` — `mtmsr` is **execution-synchronising**. The Xenon must drain all preceding instructions before the new MSR takes effect, and PowerISA recommends a following `isync` to guarantee subsequent instructions execute under the new MSR.
+- **`L` operand.** Modern PowerISA defines an `L` bit selecting "EE/RI only" (`L=1`) versus "all" (`L=0`); xenia-rs ignores `L` and writes the entire MSR. Real Xbox 360 kernel code uses both `L=0` and `L=1`.
+- **xenia model.** Treats MSR as a flat `u64` field. Both `mtmsr` and `mtmsrd` execute the same body — `ctx.msr = ctx.gpr[rs]`. No privilege or atomicity is enforced; no side effects on TLB / interrupt mask / endianness are simulated.
+- **No CR / XER side effects.**
+- **Caveat for translators.** Because the host kernel runs natively in xenia, the guest MSR has no architectural meaning beyond storage. Code that reads it back via [`mfmsr`](mfmsr.md) will see exactly what was last written.
+
+## Related Instructions
+
+- [`mfmsr`](mfmsr.md) — read MSR.
+- [`mtmsrd`](mtmsrd.md) — 64-bit form (writes the entire MSR).
+- [`sc`](../branch/sc.md) — kernel entry; the kernel handler typically uses `mtmsr`/`rfid` to return.
+- [`isync`](mtmsr.md) — companion fence after MSR writes.
+
+`mtmsr` has no simplified mnemonics.
+
+## IBM Reference
+
+- [AIX 7.3 — `mtmsr` (Move to Machine State Register)](https://www.ibm.com/docs/en/aix/7.3.0?topic=set-mtmsr-move-machine-state-register-instruction)
+- PowerISA v2.07B, Book III §4.3.1 — MSR field definitions and `L`-bit semantics.