docs: improve readability and consistency across other documentation
This commit is contained in:
parent
2e06d8f4e8
commit
33697e9b82
5 changed files with 154 additions and 111 deletions
201
README.md
201
README.md
|
|
@ -49,6 +49,7 @@ evolving synthesis. Knowledge is compiled once and kept current.
|
|||
Contradictions have been flagged. The synthesis already reflects everything ingested.
|
||||
|
||||
This means:
|
||||
|
||||
- No vector database.
|
||||
- No embedding pipeline.
|
||||
- No external retrieval infrastructure.
|
||||
|
|
@ -103,11 +104,11 @@ genome-{name}/
|
|||
|
||||
### Three layers
|
||||
|
||||
| Layer | Path | Owner | Rule |
|
||||
|-------|------|-------|------|
|
||||
| Raw sources | `raw/` | Human | Immutable. LLM reads only. Never modified. |
|
||||
| Wiki | `wiki/` | LLM | Agent creates, updates, cross-links, maintains. |
|
||||
| Schema | `AGENTS.md` | Human + LLM | Co-evolved contract defining structure and workflows. |
|
||||
| Layer | Path | Owner | Rule |
|
||||
| ----------- | ----------- | ----------- | ----------------------------------------------------- |
|
||||
| Raw sources | `raw/` | Human | Immutable. LLM reads only. Never modified. |
|
||||
| Wiki | `wiki/` | LLM | Agent creates, updates, cross-links, maintains. |
|
||||
| Schema | `AGENTS.md` | Human + LLM | Co-evolved contract defining structure and workflows. |
|
||||
|
||||
### Framework structure
|
||||
|
||||
|
|
@ -154,6 +155,7 @@ All tools (git-crypt, bw, qmd) have native Linux binaries.
|
|||
### macOS — full support
|
||||
|
||||
All scripts are compatible with macOS. Requirements:
|
||||
|
||||
- bash 3.2+ (macOS default) — fully supported. All `bash 4+` constructs removed.
|
||||
- GNU coreutils not required — BSD variants of `date`, `grep`, `sed` all handled.
|
||||
- `git-crypt`: install via Homebrew — `brew install git-crypt`
|
||||
|
|
@ -166,6 +168,7 @@ If you use Homebrew bash (`brew install bash`), the scripts work identically to
|
|||
**Git Bash and native Windows are not supported.**
|
||||
|
||||
Reasons:
|
||||
|
||||
- `git-crypt` has no native Windows binary.
|
||||
- Process substitution `<(...)` used for runtime key injection is not available
|
||||
in Git Bash or PowerShell.
|
||||
|
|
@ -179,13 +182,13 @@ All setup and runtime operations work identically to native Linux inside WSL2.
|
|||
|
||||
The system is designed for a homelab architecture:
|
||||
|
||||
| Component | Recommended | Role |
|
||||
|-----------|-------------|------|
|
||||
| Storage node | Any Linux server with NFS | Hosts Forgejo, stores genome repos |
|
||||
| AI compute node | GPU server (16GB+ VRAM) | Runs local LLM agent sessions |
|
||||
| VRAM | 16GB minimum | 14B model at Q5_K_M ≈ 10GB weights; ~6GB for KV cache |
|
||||
| Local LLM | 14B–32B quantised | Active wiki maintenance sessions |
|
||||
| Large LLM | 70B (async) | Deep reflection, complex synthesis (scheduled, not interactive) |
|
||||
| Component | Recommended | Role |
|
||||
| --------------- | ------------------------- | --------------------------------------------------------------- |
|
||||
| Storage node | Any Linux server with NFS | Hosts Forgejo, stores genome repos |
|
||||
| AI compute node | GPU server (16GB+ VRAM) | Runs local LLM agent sessions |
|
||||
| VRAM | 16GB minimum | 14B model at Q5_K_M ≈ 10GB weights; ~6GB for KV cache |
|
||||
| Local LLM | 14B–32B quantised | Active wiki maintenance sessions |
|
||||
| Large LLM | 70B (async) | Deep reflection, complex synthesis (scheduled, not interactive) |
|
||||
|
||||
> **On VRAM constraints:** with a 16GB card and a 14B model, the KV cache budget
|
||||
> is ~6GB — approximately 32k tokens of effective context. Every token in `AGENTS.md`,
|
||||
|
|
@ -198,18 +201,18 @@ The system is designed for a homelab architecture:
|
|||
|
||||
### Required
|
||||
|
||||
| Tool | Purpose |
|
||||
|------|---------|
|
||||
| `git` | Version control |
|
||||
| `git-crypt` | Transparent file encryption |
|
||||
| `curl` | REST API calls to Forgejo/GitHub |
|
||||
| `jq` | JSON parsing |
|
||||
| Tool | Purpose |
|
||||
| ----------- | -------------------------------- |
|
||||
| `git` | Version control |
|
||||
| `git-crypt` | Transparent file encryption |
|
||||
| `curl` | REST API calls to Forgejo/GitHub |
|
||||
| `jq` | JSON parsing |
|
||||
|
||||
### Optional
|
||||
|
||||
| Tool | Purpose |
|
||||
|------|---------|
|
||||
| `bw` | Bitwarden CLI — runtime key injection from Vaultwarden (no key on disk) |
|
||||
| Tool | Purpose |
|
||||
| ----- | ----------------------------------------------------------------------- |
|
||||
| `bw` | Bitwarden CLI — runtime key injection from Vaultwarden (no key on disk) |
|
||||
| `qmd` | Local BM25 + vector search for Markdown files with MCP server interface |
|
||||
|
||||
> **`bw` vs `bws`:** Use `bw` (standard Bitwarden CLI). `bws` is the Bitwarden
|
||||
|
|
@ -347,6 +350,7 @@ make setup
|
|||
- Commits submodule pointer in master repo
|
||||
|
||||
After setup completes:
|
||||
|
||||
- Upload all files in `keys/` to Vaultwarden (see Key Management)
|
||||
- Delete key files from disk: `rm keys/*.key`
|
||||
|
||||
|
|
@ -354,16 +358,16 @@ After setup completes:
|
|||
|
||||
## Makefile Reference
|
||||
|
||||
| Target | Description |
|
||||
|--------|-------------|
|
||||
| `make setup` | Full system initialisation — master repo + all genomes in `registry.sh` |
|
||||
| `make add-genome NAME=x DESC="y"` | Scaffold and register a single new genome |
|
||||
| `make lint` | Run quality checks across all genomes (schema, privacy, decay, page size) |
|
||||
| `make status` | Show submodule status and first 10 git-crypt encryption states |
|
||||
| `make lock` | Lock all encrypted repos (master + all genome submodules) |
|
||||
| `make doctor` | Verify required tools: git, git-crypt, curl, jq; warn if bw missing |
|
||||
| `make sync` | `git submodule update --init --recursive` + report unpushed commits per genome |
|
||||
| `make help` | Print all available targets |
|
||||
| Target | Description |
|
||||
| --------------------------------- | ------------------------------------------------------------------------------ |
|
||||
| `make setup` | Full system initialisation — master repo + all genomes in `registry.sh` |
|
||||
| `make add-genome NAME=x DESC="y"` | Scaffold and register a single new genome |
|
||||
| `make lint` | Run quality checks across all genomes (schema, privacy, decay, page size) |
|
||||
| `make status` | Show submodule status and first 10 git-crypt encryption states |
|
||||
| `make lock` | Lock all encrypted repos (master + all genome submodules) |
|
||||
| `make doctor` | Verify required tools: git, git-crypt, curl, jq; warn if bw missing |
|
||||
| `make sync` | `git submodule update --init --recursive` + report unpushed commits per genome |
|
||||
| `make help` | Print all available targets |
|
||||
|
||||
### Examples
|
||||
|
||||
|
|
@ -407,6 +411,7 @@ After adding: upload the new key to Vaultwarden and delete the key file.
|
|||
### Removing a genome
|
||||
|
||||
Manual process:
|
||||
|
||||
```bash
|
||||
# In master repo
|
||||
git submodule deinit genome-name
|
||||
|
|
@ -421,16 +426,16 @@ git push
|
|||
When a genome is scaffolded, `render_template` replaces these placeholders in all
|
||||
template files:
|
||||
|
||||
| Placeholder | Source | Example |
|
||||
|-------------|--------|---------|
|
||||
| `{{GENOME_NAME}}` | registry.sh | `genome-dev` |
|
||||
| `{{GENOME_NAME_UPPER}}` | derived | `GENOME-DEV` |
|
||||
| `{{GENOME_DESC}}` | registry.sh | `Web development...` |
|
||||
| `{{FORGEJO_URL}}` | globals.env | `https://git.yourserver.com` |
|
||||
| `{{FORGEJO_USER}}` | globals.env | `yourusername` |
|
||||
| `{{VAULTWARDEN_URL}}` | globals.env | `https://vault.yourserver.com` |
|
||||
| `{{MASTER_REPO}}` | globals.env | `master-knowledge-genome` |
|
||||
| `{{DATE}}` | runtime | `2026-05-11` |
|
||||
| Placeholder | Source | Example |
|
||||
| ----------------------- | ----------- | ------------------------------ |
|
||||
| `{{GENOME_NAME}}` | registry.sh | `genome-dev` |
|
||||
| `{{GENOME_NAME_UPPER}}` | derived | `GENOME-DEV` |
|
||||
| `{{GENOME_DESC}}` | registry.sh | `Web development...` |
|
||||
| `{{FORGEJO_URL}}` | globals.env | `https://git.yourserver.com` |
|
||||
| `{{FORGEJO_USER}}` | globals.env | `yourusername` |
|
||||
| `{{VAULTWARDEN_URL}}` | globals.env | `https://vault.yourserver.com` |
|
||||
| `{{MASTER_REPO}}` | globals.env | `master-knowledge-genome` |
|
||||
| `{{DATE}}` | runtime | `2026-05-11` |
|
||||
|
||||
---
|
||||
|
||||
|
|
@ -441,9 +446,9 @@ template files:
|
|||
Each genome uses a unique symmetric AES-256-CTR key managed by git-crypt.
|
||||
Two directories in every genome are always encrypted:
|
||||
|
||||
| Directory | Contents | On remote |
|
||||
|-----------|----------|-----------|
|
||||
| `raw/private/` | Sensitive source material | Opaque binary blob |
|
||||
| Directory | Contents | On remote |
|
||||
| --------------- | --------------------------- | ------------------ |
|
||||
| `raw/private/` | Sensitive source material | Opaque binary blob |
|
||||
| `wiki/private/` | Private synthesis and notes | Opaque binary blob |
|
||||
|
||||
All other directories (`raw/articles/`, `wiki/sources/`, etc.) are plaintext.
|
||||
|
|
@ -502,6 +507,7 @@ PRIVATE_CONTEXT: enabled ← Agent may read/write private/. Requires git-cryp
|
|||
```
|
||||
|
||||
Rules:
|
||||
|
||||
- Never inferred. Never carried over from a previous session.
|
||||
- `enabled` requires the operator to confirm that `git-crypt unlock` has run on the host.
|
||||
- Per-genome, per-session: enabling for `genome-finance` does NOT enable for `genome-dev`.
|
||||
|
|
@ -530,6 +536,7 @@ The key flows: Vaultwarden → `bw get notes` → `base64 -d` → kernel pipe
|
|||
At no point is the key written to any file on disk.
|
||||
|
||||
Lock a genome when the session ends:
|
||||
|
||||
```bash
|
||||
git-crypt lock
|
||||
```
|
||||
|
|
@ -544,11 +551,11 @@ git-crypt lock
|
|||
|
||||
Each genome key is stored as a base64-encoded Secure Note in Vaultwarden:
|
||||
|
||||
| Genome | Vaultwarden Note Name |
|
||||
|--------|----------------------|
|
||||
| `genome-dev` | `genome-dev key` |
|
||||
| `genome-finance` | `genome-finance key` |
|
||||
| `genome-homelab` | `genome-homelab key` |
|
||||
| Genome | Vaultwarden Note Name |
|
||||
| ---------------- | --------------------- |
|
||||
| `genome-dev` | `genome-dev key` |
|
||||
| `genome-finance` | `genome-finance key` |
|
||||
| `genome-homelab` | `genome-homelab key` |
|
||||
|
||||
After `make setup` or `make add-genome`, key files are exported to `keys/`.
|
||||
Upload procedure:
|
||||
|
|
@ -593,6 +600,7 @@ gcrypt_rotate_key "genome-dev"
|
|||
```
|
||||
|
||||
`gcrypt_rotate_key` performs:
|
||||
|
||||
1. Unlocks repo with existing key
|
||||
2. Removes old key material
|
||||
3. Generates new symmetric key via `git-crypt init`
|
||||
|
|
@ -603,13 +611,16 @@ gcrypt_rotate_key "genome-dev"
|
|||
> **Limitation:** git history still contains blobs encrypted with the old key.
|
||||
> Anyone with the old key and git history access can decrypt them. To purge old
|
||||
> encrypted blobs from history:
|
||||
>
|
||||
> ```bash
|
||||
> git filter-repo --invert-paths --path raw/private --path wiki/private
|
||||
> git push --force origin main
|
||||
> ```
|
||||
>
|
||||
> This rewrites all commit hashes — coordinate with any collaborators first.
|
||||
|
||||
After rotation:
|
||||
|
||||
- Upload new key to Vaultwarden (replace existing note)
|
||||
- Delete both `keys/genome-dev.key` and `keys/genome-dev-rotated-*.key` from disk
|
||||
- Revoke access from previous key holders
|
||||
|
|
@ -621,6 +632,7 @@ After rotation:
|
|||
### Prerequisites for every session
|
||||
|
||||
Before starting an LLM agent session on a genome:
|
||||
|
||||
1. The host (AI server) runs `git-crypt unlock` for the required genomes
|
||||
2. The orchestrator prepares context: `tail -n 20 wiki/log.md`
|
||||
3. Declare `PRIVATE_CONTEXT` state explicitly in the opening prompt
|
||||
|
|
@ -651,6 +663,7 @@ sequentially — not one session with 5 files.
|
|||
### n8n automation
|
||||
|
||||
For Forgejo webhook → automated ingest:
|
||||
|
||||
1. Forgejo sends webhook on push to `raw/`
|
||||
2. n8n receives webhook, identifies new files
|
||||
3. n8n starts one agent session per new file (sequential, not parallel)
|
||||
|
|
@ -677,6 +690,7 @@ Triggered by a new file in `raw/` (manual or via webhook).
|
|||
9. Commit on `feat/ai-ingest-<slug>`; open PR using `templates/pr-description.md`
|
||||
|
||||
For private sources (`PRIVATE_CONTEXT: enabled` required):
|
||||
|
||||
- All output goes to `wiki/private/<slug>.md` only
|
||||
- PR title: `[PRIVATE] ingest: <slug>`
|
||||
|
||||
|
|
@ -697,11 +711,13 @@ For general orientation without a specific query: read `wiki/index.md` directly.
|
|||
The lint workflow is split between deterministic bash checks and semantic LLM judgment.
|
||||
|
||||
**Step 1 — operator runs bash linter:**
|
||||
|
||||
```bash
|
||||
make lint
|
||||
```
|
||||
|
||||
The bash linter checks automatically:
|
||||
|
||||
- YAML frontmatter validity (all mandatory fields present)
|
||||
- Domain consistency (domain field matches genome name)
|
||||
- Type validity (value from allowed list)
|
||||
|
|
@ -713,6 +729,7 @@ The bash linter checks automatically:
|
|||
**Step 2 — operator provides bash output to LLM agent:**
|
||||
|
||||
The agent applies semantic judgment to findings the bash linter cannot make:
|
||||
|
||||
- **Orphan pages** (from bash list): for each orphan, identify 1-3 existing pages
|
||||
that should link to it; propose specific additions
|
||||
- **Implicit concepts** (from bash term frequency list): determine if a candidate
|
||||
|
|
@ -735,22 +752,28 @@ The PR description uses `templates/pr-description.md`:
|
|||
|
||||
```markdown
|
||||
## Summary
|
||||
|
||||
One sentence: goal of this session and source processed.
|
||||
|
||||
## Pages Created
|
||||
|
||||
| Path | Type | Maturity |
|
||||
|
||||
## Pages Modified
|
||||
|
||||
| Path | Change |
|
||||
|
||||
## Contradictions Found
|
||||
[ ] None / [ ] n conflict file(s) created
|
||||
|
||||
[ ] None / [ ] n conflict file(s) created
|
||||
|
||||
## Private Data Accessed
|
||||
[ ] No (PRIVATE_CONTEXT: disabled) / [ ] Yes
|
||||
|
||||
[ ] No (PRIVATE_CONTEXT: disabled) / [ ] Yes
|
||||
|
||||
## Scoped Lint (post-ingest)
|
||||
[ ] Frontmatter valid [ ] No broken links [ ] No issues found
|
||||
|
||||
[ ] Frontmatter valid [ ] No broken links [ ] No issues found
|
||||
```
|
||||
|
||||
This makes human review fast and structured: read the table, scan the diff,
|
||||
|
|
@ -776,10 +799,10 @@ The operator resolves the conflict, updates relevant pages, closes the PR.
|
|||
|
||||
Pages have a `last_updated` field in frontmatter. During lint passes:
|
||||
|
||||
| Maturity | Threshold | Action |
|
||||
|----------|-----------|--------|
|
||||
| `stable` | 180 days | Flag as stale — add `⚠️ STALE` callout |
|
||||
| `draft` | 90 days | Flag as stale — add `⚠️ STALE` callout |
|
||||
| Maturity | Threshold | Action |
|
||||
| -------- | --------- | -------------------------------------- |
|
||||
| `stable` | 180 days | Flag as stale — add `⚠️ STALE` callout |
|
||||
| `draft` | 90 days | Flag as stale — add `⚠️ STALE` callout |
|
||||
|
||||
The agent proposes re-validation but does not change `maturity` without new source evidence.
|
||||
|
||||
|
|
@ -816,47 +839,47 @@ private: true | false
|
|||
---
|
||||
```
|
||||
|
||||
| Field | Rules |
|
||||
|-------|-------|
|
||||
| `type` | Must be one of: `source entity concept query conflict private index log` |
|
||||
| `maturity: draft` | Single source or unvalidated |
|
||||
| `maturity: stable` | Confirmed by 2+ independent sources |
|
||||
| `maturity: deprecated` | Superseded — add `> **DEPRECATED:** <reason>` callout at top |
|
||||
| `private: true` | Required on all pages in `wiki/private/` and `raw/private/` |
|
||||
| Field | Rules |
|
||||
| ---------------------- | ------------------------------------------------------------------------ |
|
||||
| `type` | Must be one of: `source entity concept query conflict private index log` |
|
||||
| `maturity: draft` | Single source or unvalidated |
|
||||
| `maturity: stable` | Confirmed by 2+ independent sources |
|
||||
| `maturity: deprecated` | Superseded — add `> **DEPRECATED:** <reason>` callout at top |
|
||||
| `private: true` | Required on all pages in `wiki/private/` and `raw/private/` |
|
||||
|
||||
Do not use semantic versioning for content. Git history tracks every change.
|
||||
`maturity` captures epistemic state; `last_updated` tracks recency.
|
||||
|
||||
### Page types and directories
|
||||
|
||||
| Type | Directory | Description |
|
||||
|------|-----------|-------------|
|
||||
| `source` | `wiki/sources/` | One page per processed raw source |
|
||||
| `entity` | `wiki/entities/` | People, tools, organisations, projects |
|
||||
| `concept` | `wiki/concepts/` | Patterns, theories, architectural decisions |
|
||||
| `query` | `wiki/queries/` | Preserved answers and analyses |
|
||||
| `conflict` | `wiki/queries/conflict-*.md` | Unresolved contradictions |
|
||||
| `private` | `wiki/private/` | Private synthesis (PRIVATE_CONTEXT: enabled) |
|
||||
| `index` | `wiki/index.md` | Primary navigation catalog (singleton) |
|
||||
| `log` | `wiki/log.md` | Operations ledger (singleton) |
|
||||
| Type | Directory | Description |
|
||||
| ---------- | ---------------------------- | -------------------------------------------- |
|
||||
| `source` | `wiki/sources/` | One page per processed raw source |
|
||||
| `entity` | `wiki/entities/` | People, tools, organisations, projects |
|
||||
| `concept` | `wiki/concepts/` | Patterns, theories, architectural decisions |
|
||||
| `query` | `wiki/queries/` | Preserved answers and analyses |
|
||||
| `conflict` | `wiki/queries/conflict-*.md` | Unresolved contradictions |
|
||||
| `private` | `wiki/private/` | Private synthesis (PRIVATE_CONTEXT: enabled) |
|
||||
| `index` | `wiki/index.md` | Primary navigation catalog (singleton) |
|
||||
| `log` | `wiki/log.md` | Operations ledger (singleton) |
|
||||
|
||||
### Page size limits
|
||||
|
||||
| Limit | Lines | Action |
|
||||
|-------|-------|--------|
|
||||
| Soft cap | 400 | Bash linter warns |
|
||||
| Hard cap | 800 | Bash linter errors — split the page |
|
||||
| Limit | Lines | Action |
|
||||
| -------- | ----- | ----------------------------------- |
|
||||
| Soft cap | 400 | Bash linter warns |
|
||||
| Hard cap | 800 | Bash linter errors — split the page |
|
||||
|
||||
These limits ensure pages fit within the LLM context window without attention degradation
|
||||
and keep the wiki atomically navigable.
|
||||
|
||||
### Linking conventions
|
||||
|
||||
| Type | Format |
|
||||
|------|--------|
|
||||
| Type | Format |
|
||||
| ---------------------- | ------------------------------------------- |
|
||||
| Internal (same genome) | `[[folder/slug]]` — Obsidian wikilinks only |
|
||||
| Cross-genome | `[[../genome-target/wiki/folder/slug]]` |
|
||||
| External | `[text](https://url)` — standard Markdown |
|
||||
| Cross-genome | `[[../genome-target/wiki/folder/slug]]` |
|
||||
| External | `[text](https://url)` — standard Markdown |
|
||||
|
||||
Never use `[text](relative/path)` for internal references. Obsidian wikilinks are
|
||||
bidirectional and appear in the graph view.
|
||||
|
|
@ -878,6 +901,7 @@ Every operation appends one entry to `wiki/log.md`:
|
|||
Valid TYPEs: `INGEST` `LINT` `QUERY` `CONFLICT` `CONFIG` `SECURITY`
|
||||
|
||||
Parse examples:
|
||||
|
||||
```bash
|
||||
grep "^## \[" wiki/log.md | tail -5 # Last 5 entries
|
||||
grep "^## \[" wiki/log.md | grep "CONFLICT" # All conflicts
|
||||
|
|
@ -891,12 +915,12 @@ The LLM never loads the full log.
|
|||
|
||||
## Collaboration Model
|
||||
|
||||
| Role | Key access | Permitted operations |
|
||||
|------|-----------|----------------------|
|
||||
| Owner | Full — key holder | Read/write everywhere |
|
||||
| Collaborator | None | Push to `raw/articles/`, `raw/transcripts/`, `raw/code-packs/`, `raw/assets/` |
|
||||
| Local AI agent | Conditional | `private/` only when `PRIVATE_CONTEXT: enabled` |
|
||||
| Cloud AI model | Never | `PRIVATE_CONTEXT` must be `disabled`; private data stays on local network |
|
||||
| Role | Key access | Permitted operations |
|
||||
| -------------- | ----------------- | ----------------------------------------------------------------------------- |
|
||||
| Owner | Full — key holder | Read/write everywhere |
|
||||
| Collaborator | None | Push to `raw/articles/`, `raw/transcripts/`, `raw/code-packs/`, `raw/assets/` |
|
||||
| Local AI agent | Conditional | `private/` only when `PRIVATE_CONTEXT: enabled` |
|
||||
| Cloud AI model | Never | `PRIVATE_CONTEXT` must be `disabled`; private data stays on local network |
|
||||
|
||||
Grant collaborator access: add as Forgejo contributor with Write role.
|
||||
Never share the git-crypt key — collaborators operate exclusively in public directories.
|
||||
|
|
@ -930,6 +954,7 @@ qmd serve --port 3333
|
|||
Obsidian is the recommended wiki browser. Open any genome directory as an Obsidian vault.
|
||||
|
||||
Recommended setup:
|
||||
|
||||
- **Graph view** — visualise page connections; spot orphans and hubs instantly
|
||||
- **Obsidian Web Clipper** — browser extension to clip articles directly to `raw/articles/`
|
||||
as Markdown
|
||||
|
|
@ -991,6 +1016,7 @@ sudo apt install git git-crypt curl jq
|
|||
The staged file is in a path matching `**/private/**` but is not encrypted.
|
||||
|
||||
Fix options:
|
||||
|
||||
1. Verify `.gitattributes` contains `**/private/** filter=git-crypt diff=git-crypt -text`
|
||||
2. Run `git-crypt init` if git-crypt is not initialised in this repo
|
||||
3. Run `git-crypt status` to check the encryption state of all files
|
||||
|
|
@ -1011,6 +1037,7 @@ git commit -m "fix: re-stage private files for encryption"
|
|||
### Agent returns stale or missing cross-references
|
||||
|
||||
Likely causes:
|
||||
|
||||
1. Session was too long — KV cache degraded. Use one source per session.
|
||||
2. `wiki/index.md` was not read at session start — agent lacked the page catalog.
|
||||
3. qmd index is stale — re-index: `qmd index <genome>/wiki/`
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
|
||||
## Identity
|
||||
|
||||
| Field | Value |
|
||||
|--------|-------|
|
||||
| Repo | `{{MASTER_REPO}}` |
|
||||
| Owner | `{{FORGEJO_USER}}` |
|
||||
| Field | Value |
|
||||
| ------ | -------------------------------------------------- |
|
||||
| Repo | `{{MASTER_REPO}}` |
|
||||
| Owner | `{{FORGEJO_USER}}` |
|
||||
| Remote | `{{FORGEJO_URL}}/{{FORGEJO_USER}}/{{MASTER_REPO}}` |
|
||||
|
||||
**Role:** Cross-genome coordinator for the Knowledge Genome network.
|
||||
|
|
@ -32,14 +32,17 @@ Genome-level operations are governed by the genome's `AGENTS.md`, not this file.
|
|||
## Global Security Rules
|
||||
|
||||
### PRIVATE_CONTEXT scope
|
||||
|
||||
- Toggle is **per-genome and per-session**. Enabling for `genome-finance` does NOT enable for `genome-dev`.
|
||||
- Cloud LLM models: `PRIVATE_CONTEXT` must be `disabled` for all genomes. Private data never leaves the local network.
|
||||
|
||||
### Log sanitization
|
||||
|
||||
- Never print decrypted secrets, session tokens, or key contents to stdout or log files.
|
||||
- Document only `run_id` and genome name — never the key value.
|
||||
|
||||
### Key management
|
||||
|
||||
- Key injection is the host's responsibility — executed before this session starts.
|
||||
- Never write, suggest, or generate scripts that save `.key` files to disk.
|
||||
|
||||
|
|
@ -54,12 +57,14 @@ Genome-level operations are governed by the genome's `AGENTS.md`, not this file.
|
|||
5. Per-genome `AGENTS.md` governs all wiki operations within that genome. This file governs boundaries only.
|
||||
|
||||
### NEVER
|
||||
|
||||
- Load multiple `wiki/index.md` files simultaneously for cross-genome comparison — use qmd.
|
||||
- Run `git-crypt`, `bw`, or Vaultwarden commands — host responsibility.
|
||||
- Modify files in more than one genome in the same operation.
|
||||
- Modify `core-karpathy` in any way.
|
||||
|
||||
### ASK FIRST
|
||||
|
||||
- Any operation that touches two or more genomes.
|
||||
- Updating submodule pointers in master.
|
||||
- Any key rotation procedure.
|
||||
|
|
@ -77,7 +82,8 @@ Genome-level operations are governed by the genome's `AGENTS.md`, not this file.
|
|||
---
|
||||
|
||||
## Cross-Genome Lint
|
||||
*Manual, monthly — requires operator initiation. Not automated.*
|
||||
|
||||
_Manual, monthly — requires operator initiation. Not automated._
|
||||
|
||||
1. Use `qmd search "<concept>"` to find pages covering the same concept across genomes.
|
||||
2. Identify:
|
||||
|
|
|
|||
|
|
@ -1,25 +1,31 @@
|
|||
## Summary
|
||||
|
||||
<!-- One sentence: goal of this session and source processed. -->
|
||||
|
||||
## Pages Created
|
||||
| Path | Type | Maturity |
|
||||
|------|------|----------|
|
||||
| `[[folder/slug]]` | entity / concept / source / query | draft |
|
||||
|
||||
| Path | Type | Maturity |
|
||||
| ----------------- | --------------------------------- | -------- |
|
||||
| `[[folder/slug]]` | entity / concept / source / query | draft |
|
||||
|
||||
## Pages Modified
|
||||
| Path | Change |
|
||||
|------|--------|
|
||||
|
||||
| Path | Change |
|
||||
| ----------------- | ----------------------------------------- |
|
||||
| `[[folder/slug]]` | Added cross-reference to `[[other/page]]` |
|
||||
|
||||
## Contradictions Found
|
||||
|
||||
- [ ] None
|
||||
- [ ] `n` conflict file(s) created — listed below
|
||||
|
||||
## Private Data Accessed
|
||||
|
||||
- [ ] No — `PRIVATE_CONTEXT: disabled`
|
||||
- [ ] Yes — `PRIVATE_CONTEXT: enabled` · outputs in `wiki/private/` only
|
||||
|
||||
## Scoped Lint (post-ingest)
|
||||
|
||||
- [ ] Frontmatter valid on all touched pages
|
||||
- [ ] No broken wikilinks on touched pages
|
||||
- [ ] No issues found
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
title: "Index — {{GENOME_NAME}}"
|
||||
type: index
|
||||
domain: {{GENOME_NAME}}
|
||||
domain: { { GENOME_NAME } }
|
||||
maturity: stable
|
||||
last_updated: {{DATE}}
|
||||
last_updated: { { DATE } }
|
||||
private: false
|
||||
---
|
||||
|
||||
|
|
@ -19,27 +19,28 @@ Entry format: `- [[folder/slug]] — One-line summary. \`maturity: <value>\``
|
|||
---
|
||||
|
||||
## Sources (`wiki/sources/`)
|
||||
*Ingested raw materials. One entry per processed source.*
|
||||
|
||||
_Ingested raw materials. One entry per processed source._
|
||||
|
||||
## Entities (`wiki/entities/`)
|
||||
*People, organisations, tools, projects.*
|
||||
|
||||
_People, organisations, tools, projects._
|
||||
|
||||
## Concepts (`wiki/concepts/`)
|
||||
*Theories, methodologies, patterns, architectural decisions.*
|
||||
|
||||
_Theories, methodologies, patterns, architectural decisions._
|
||||
|
||||
## Queries (`wiki/queries/`)
|
||||
*Synthesised answers worth preserving. Archived explorations and analyses.*
|
||||
|
||||
_Synthesised answers worth preserving. Archived explorations and analyses._
|
||||
|
||||
## Conflicts Pending Review (`wiki/queries/conflict-*.md`)
|
||||
*Created automatically when the agent detects contradictions between sources.*
|
||||
*Do not summarise entries here — list slugs only to avoid surfacing unresolved claims.*
|
||||
*Remove entry once the operator has resolved and closed the corresponding PR.*
|
||||
|
||||
_Created automatically when the agent detects contradictions between sources._
|
||||
_Do not summarise entries here — list slugs only to avoid surfacing unresolved claims._
|
||||
_Remove entry once the operator has resolved and closed the corresponding PR._
|
||||
|
||||
## Private Synthesis (`wiki/private/`)
|
||||
*Restricted access. Requires `PRIVATE_CONTEXT: enabled` and unlocked repo.*
|
||||
*List slug names ONLY. Do not append summaries — prevents metadata leakage.*
|
||||
|
||||
_Restricted access. Requires `PRIVATE_CONTEXT: enabled` and unlocked repo._
|
||||
_List slug names ONLY. Do not append summaries — prevents metadata leakage._
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
title: "Operations Log — {{GENOME_NAME}}"
|
||||
type: log
|
||||
domain: {{GENOME_NAME}}
|
||||
domain: { { GENOME_NAME } }
|
||||
maturity: stable
|
||||
last_updated: {{DATE}}
|
||||
last_updated: { { DATE } }
|
||||
private: false
|
||||
---
|
||||
|
||||
|
|
@ -22,11 +22,13 @@ Append new entries at the bottom using the format defined below.
|
|||
## Entry Format
|
||||
|
||||
### Required header (enables shell parsing):
|
||||
|
||||
```text
|
||||
## [YYYY-MM-DD] TYPE | Subject or title
|
||||
```
|
||||
|
||||
### Required metadata block for all agent-generated entries:
|
||||
|
||||
```markdown
|
||||
- run_id: `<short-uuid or session-identifier>`
|
||||
- model: `<model-name-and-version>`
|
||||
|
|
@ -38,6 +40,7 @@ Append new entries at the bottom using the format defined below.
|
|||
**Valid TYPEs:** `INGEST` | `LINT` | `QUERY` | `CONFLICT` | `CONFIG` | `SECURITY`
|
||||
|
||||
**Parse examples:**
|
||||
|
||||
```bash
|
||||
# Last 5 entries
|
||||
grep "^## \[" wiki/log.md | tail -5
|
||||
|
|
@ -55,6 +58,6 @@ grep "^## \[2026-05" wiki/log.md
|
|||
|
||||
- run_id: `system-init`
|
||||
- model: `setup-knowledge-genome.sh`
|
||||
- context_read: *(none — initial scaffold)*
|
||||
- context_read: _(none — initial scaffold)_
|
||||
- output_written: `[[wiki/index.md]]`, `[[wiki/log.md]]`, `[[AGENTS.md]]`
|
||||
- reasoning: Initial directory structure and encryption layer initialized by setup script.
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue