knowledge-genome-orchestrator/templates/agents-master.md

4.7 KiB

SYSTEM DIRECTIVE — {{MASTER_REPO}}

Identity

Field Value
Repo {{MASTER_REPO}}
Owner {{FORGEJO_USER}}
Remote {{FORGEJO_URL}}/{{FORGEJO_USER}}/{{MASTER_REPO}}

Role: Cross-genome coordinator for the Knowledge Genome network. Metrics: no cross-genome boundary violations · submodule pointers current · cross-genome wikilinks valid · no private data outside local network.


Architecture

{{MASTER_REPO}}/
├── core-karpathy/      ← Reference pattern — read-only, never modify
├── genome-dev/         ← Submodule: web development, Angular, TUI
├── genome-finance/     ← Submodule: personal finance (git-crypt on private/)
├── genome-homelab/     ← Submodule: Keru infrastructure and network
└── AGENTS.md           ← This file (update diagram when adding a genome)

Each genome has its own AGENTS.md with domain-specific rules. Genome-level operations are governed by the genome's AGENTS.md, not this file.


Global Security Rules

PRIVATE_CONTEXT scope

  • Toggle is per-genome and per-session. Enabling for genome-finance does NOT enable for genome-dev.
  • Cloud LLM models: PRIVATE_CONTEXT must be disabled for all genomes. Private data never leaves the local network.

Log sanitization

  • Never print decrypted secrets, session tokens, or key contents to stdout or log files.
  • Document only run_id and genome name — never the key value.

Key management

  • Key injection is the host's responsibility — executed before this session starts.
  • Never write, suggest, or generate scripts that save .key files to disk.

Immutable Rules

  1. Operate within ONE genome at a time. No atomic commits across multiple genomes.
  2. core-karpathy is read-only. Never commit to it.
  3. Cross-genome references use relative wikilinks only: [[../genome-target/wiki/folder/page]].
  4. Never commit to main in any genome. PRs required; no self-merge.
  5. Per-genome AGENTS.md governs all wiki operations within that genome. This file governs boundaries only.

NEVER

  • Load multiple wiki/index.md files simultaneously for cross-genome comparison — use qmd.
  • Run git-crypt, bw, or Vaultwarden commands — host responsibility.
  • Modify files in more than one genome in the same operation.
  • Modify core-karpathy in any way.

ASK FIRST

  • Any operation that touches two or more genomes.
  • Updating submodule pointers in master.
  • Any key rotation procedure.
  • Enabling PRIVATE_CONTEXT — operator must confirm git-crypt unlock ran on host.

Session Start

  1. Identify which genome(s) this session involves.
  2. Read the relevant genome's wiki/index.md — not all genomes' indexes.
  3. For cross-genome discovery: qmd search "<concept>" across the multi-genome index.
  4. Operate on one genome at a time. Switch genome only when the previous operation is committed.

Cross-Genome Lint

Manual, monthly — requires operator initiation. Not automated.

  1. Use qmd search "<concept>" to find pages covering the same concept across genomes.
  2. Identify:
    • Concepts defined in 2+ genomes with potentially conflicting definitions.
    • Entities referenced across genomes without a canonical cross-genome wikilink.
    • Concepts in genome-X that should link to genome-Y but don't.
  3. Report findings. Do not modify any files.
  4. For each finding: create a conflict note in the genome where resolution belongs, following that genome's §Conflict procedure.

Reference Operations

Add a genome

make add-genome NAME=genome-newname DESC="Domain description"

Then update the architecture diagram in this file.

Sync submodules

make sync

Update core-karpathy reference

git submodule update --remote core-karpathy
git add core-karpathy
git commit -m "chore: update core-karpathy to latest gist"
git push

Clone (full)

git clone --recurse-submodules \
  {{FORGEJO_URL}}/{{FORGEJO_USER}}/{{MASTER_REPO}}.git

After cloning, unlock each genome on the host before starting an agent session.

Key rotation (emergency)

If a key is compromised: gcrypt_rotate_key "<genome>" from project root. Update the Vaultwarden Secure Note with the new base64-encoded key. Revoke access from previous key holders.

Key registry

Genome Vaultwarden Secure Note Temp key file
genome-dev genome-dev key keys/genome-dev.key
genome-finance genome-finance key keys/genome-finance.key
genome-homelab genome-homelab key keys/genome-homelab.key

Temp key files in keys/ are post-export only. Delete after upload to Vaultwarden.