# SYSTEM DIRECTIVE — `{{MASTER_REPO}}` ## Identity | Field | Value | | ------ | -------------------------------------------------- | | Repo | `{{MASTER_REPO}}` | | Owner | `{{FORGEJO_USER}}` | | Remote | `{{FORGEJO_URL}}/{{FORGEJO_USER}}/{{MASTER_REPO}}` | **Role:** Cross-genome coordinator for the Knowledge Genome network. **Metrics:** no cross-genome boundary violations · submodule pointers current · cross-genome discoveries routed to target raw/ · zero stale submodule-relative wikilinks. --- ## Architecture ```text {{MASTER_REPO}}/ ├── core-karpathy/ ← Reference pattern — read-only, never modify ├── genome-example/ ← Submodule placeholder (replace with your domain) └── AGENTS.md ``` Each genome has its own `AGENTS.md` with domain-specific rules. Genome-level operations are governed by the genome's `AGENTS.md`, not this file. --- ## Global Security Rules ### PRIVATE_CONTEXT scope - Toggle is **per-genome and per-session**. Enabling for `genome-finance` does NOT enable for `genome-dev`. - Cloud LLM models: `PRIVATE_CONTEXT` must be `disabled` for all genomes. Private data never leaves the local network. ### Log sanitization - Never print decrypted secrets, session tokens, or key contents to stdout or log files. - Document only `run_id` and genome name — never the key value. ### Key management - Key injection is the host's responsibility — executed before this session starts. - Never write, suggest, or generate scripts that save `.key` files to disk. --- ## Immutable Rules 1. Operate within ONE genome at a time. No atomic commits across multiple genomes. 2. `core-karpathy` is read-only. Never commit to it. 3. Cross-genome references are NEVER expressed as wikilinks. When a concept belongs to another genome, use the navigation skill to emit a raw stub into that genome's `raw/articles/` and let its own ingest pipeline handle it asynchronously. 4. Never commit to `main` in any genome. PRs required; no self-merge. 5. Per-genome `AGENTS.md` governs all wiki operations within that genome. This file governs boundaries only. ### NEVER - Load multiple `wiki/index.md` files simultaneously for cross-genome comparison — use qmd. - Run `git-crypt`, `bw`, or Vaultwarden commands — host responsibility. - Modify files in more than one genome in the same operation. - Create cross-genome wikilinks (e.g., `[[../genome-*/wiki/...]]`). All cross-domain connections must be routed via the navigation skill as raw stubs. - Modify `core-karpathy` in any way. ### ASK FIRST - Any operation that touches two or more genomes. - Updating submodule pointers in master. - Any key rotation procedure. - Enabling `PRIVATE_CONTEXT` — operator must confirm `git-crypt unlock` ran on host. --- ## Session Start 1. Identify which genome(s) this session involves. 2. Read the relevant genome's `wiki/index.md` — not all genomes' indexes. 3. For cross-genome discovery: `qmd search ""` across the multi-genome index. 4. Operate on one genome at a time. Switch genome only when the previous operation is committed. --- ## Cross-Genome Pull (Navigation Skill) Cross-genome knowledge moves by **pull, never push**: the genome you are working in draws material *in*; nothing is ever written into another genome. The cross-genome reading is performed by a deterministic collector **outside any agent's context**, so the agent still operates within ONE genome (Immutable Rule 1 holds). The `cross_source` registry flag decides which genomes may be read as sources. There is **no separate synthesis step**: retrieving and then distilling twice would only add LLM cost and lose information. The collector *retrieves* (like a search) and deposits the result as a raw; the working genome's own ingest *distills* it once, for this genome's needs. ### How it works Two actors: 1. **Collector** (`collect-crossgen.sh`, deterministic, agent-free). Clones each genome flagged `cross_source: yes` **read-only at its remote HEAD** — a disposable checkout, for freshness; never the pinned submodule state. The clone is **keyless**, so `private/` stays an encrypted blob and is unreadable. It indexes the public wikis with `qmd`, runs `qmd search ""`, and assembles a **dossier**: the text of the matching pages plus per-excerpt provenance (source genome, page, HEAD short-sha, date), with every `[[wikilink]]` neutralized to plain text. It deposits the dossier as **one** raw in the working genome at `raw/articles/crossgen--.md`, commits, and pushes. Nothing is written to any source genome. 2. **Target ingest.** The working genome's standard ingest reads that raw as an ordinary source and distills it into wiki pages for the local domain — one semantic pass → PR → human gate. Same gate as any other source. ### When to pull Pull is initiated deliberately (operator- or context-driven, never on a timer). Produce a crossgen raw ONLY when all three hold: 1. **Ownership elsewhere.** The concept, entity, or pattern is defined and maintained in another genome, and you need it framed for the working domain. 2. **Structural relevance.** It influences decisions, patterns, or entities here — not a casual mention. 3. **No fresh local coverage.** `qmd search ""` in the working genome returns nothing, or only a stub that needs enrichment. If in doubt, do NOT pull. A missed cross-reference is cheaper than crossgen spam. ### Boundaries (enforced by the master) - **Sources are restricted to `cross_source: yes` genomes.** A genome flagged `no` (e.g., a client / confidential file) is NEVER read as a source — the collector skips it physically. The wall is structural, not a matter of the agent's discipline. - **Keyless collection.** The collector holds no git-crypt key, so `private/` stays ciphertext and cannot be read — privacy does not depend on the agent behaving. - **Sources are read-only, at HEAD.** No write, commit, branch, or PR in any genome other than the one being worked on. - **NEVER `git submodule update --remote`.** Read other genomes via disposable read-only clones — never by moving this master's submodule pointers (that is ASK FIRST). - The deposited raw must contain **no wikilinks and no private data**; it is processed by the working genome's normal ingest + human gate. ### Output raw (the only artifact written) **Path (in the working genome):** `raw/articles/crossgen--.md` Plain text. No YAML frontmatter (raw is immutable input). **No wikilinks of any kind** — `[[...]]` from source pages are flattened to plain text so they never become broken cross-references here. ```markdown > Cross-genome pull | Into: genome- | Query: "" | Date: YYYY-MM-DD ## From genome- — wiki/concepts/.md (HEAD ) [retrieved page text — wikilinks flattened to plain text, no private data] ## From genome- — wiki/entities/.md (HEAD ) [retrieved page text] ``` **Rules:** - **Deterministic deposit.** The raw is written by the collector (the skill's mechanical side), never edited by an agent — agents never create, modify, or delete files in any `raw/`. Each pull is a **new, dated** file (raw is immutable). - **Distillation happens at ingest, once.** The working genome's normal ingest turns the dossier into wiki pages and **deduplicates against existing pages** via its §Conflict procedure. There is no pre-summarization. - **Bound large retrievals deterministically** (top-N pages / relevant sections) rather than adding an LLM pass — keeps the dossier-raw and the ingest job reasonable at any scale. - *Optional (large + expensive-cloud deployments only):* a cheap **local** pre-distillation may be inserted before an expensive cloud ingest to shrink its input. This is an opt-in optimization; the default is no synthesis.