137 lines
7.4 KiB
Markdown
137 lines
7.4 KiB
Markdown
# SYSTEM DIRECTIVE — `{{MASTER_REPO}}`
|
|
|
|
## Identity
|
|
|
|
| Field | Value |
|
|
| ------ | -------------------------------------------------- |
|
|
| Repo | `{{MASTER_REPO}}` |
|
|
| Owner | `{{FORGEJO_USER}}` |
|
|
| Remote | `{{FORGEJO_URL}}/{{FORGEJO_USER}}/{{MASTER_REPO}}` |
|
|
|
|
**Role:** Cross-genome coordinator for the Knowledge Genome network.
|
|
**Metrics:** no cross-genome boundary violations · submodule pointers current · cross-genome discoveries routed to target raw/ · zero stale submodule-relative wikilinks.
|
|
|
|
---
|
|
|
|
## Architecture
|
|
|
|
```text
|
|
{{MASTER_REPO}}/
|
|
├── core-karpathy/ ← Reference pattern — read-only, never modify
|
|
├── genome-example/ ← Submodule placeholder (replace with your domain)
|
|
└── AGENTS.md
|
|
```
|
|
|
|
Each genome has its own `AGENTS.md` with domain-specific rules.
|
|
Genome-level operations are governed by the genome's `AGENTS.md`, not this file.
|
|
|
|
---
|
|
|
|
## Global Security Rules
|
|
|
|
### PRIVATE_CONTEXT scope
|
|
|
|
- Toggle is **per-genome and per-session**. Enabling for `genome-finance` does NOT enable for `genome-dev`.
|
|
- Cloud LLM models: `PRIVATE_CONTEXT` must be `disabled` for all genomes. Private data never leaves the local network.
|
|
|
|
### Log sanitization
|
|
|
|
- Never print decrypted secrets, session tokens, or key contents to stdout or log files.
|
|
- Document only `run_id` and genome name — never the key value.
|
|
|
|
### Key management
|
|
|
|
- Key injection is the host's responsibility — executed before this session starts.
|
|
- Never write, suggest, or generate scripts that save `.key` files to disk.
|
|
|
|
---
|
|
|
|
## Immutable Rules
|
|
|
|
1. Operate within ONE genome at a time. No atomic commits across multiple genomes.
|
|
2. `core-karpathy` is read-only. Never commit to it.
|
|
3. Cross-genome references are NEVER expressed as wikilinks. When a concept belongs to another genome, use the navigation skill to emit a raw stub into that genome's `raw/articles/` and let its own ingest pipeline handle it asynchronously.
|
|
4. Never commit to `main` in any genome. PRs required; no self-merge.
|
|
5. Per-genome `AGENTS.md` governs all wiki operations within that genome. This file governs boundaries only.
|
|
|
|
### NEVER
|
|
|
|
- Load multiple `wiki/index.md` files simultaneously for cross-genome comparison — use qmd.
|
|
- Run `git-crypt`, `bw`, or Vaultwarden commands — host responsibility.
|
|
- Modify files in more than one genome in the same operation.
|
|
- Create cross-genome wikilinks (e.g., `[[../genome-*/wiki/...]]`). All cross-domain connections must be routed via the navigation skill as raw stubs.
|
|
- Modify `core-karpathy` in any way.
|
|
|
|
### ASK FIRST
|
|
|
|
- Any operation that touches two or more genomes.
|
|
- Updating submodule pointers in master.
|
|
- Any key rotation procedure.
|
|
- Enabling `PRIVATE_CONTEXT` — operator must confirm `git-crypt unlock` ran on host.
|
|
|
|
---
|
|
|
|
## Session Start
|
|
|
|
1. Identify which genome(s) this session involves.
|
|
2. Read the relevant genome's `wiki/index.md` — not all genomes' indexes.
|
|
3. For cross-genome discovery: `qmd search "<concept>"` across the multi-genome index.
|
|
4. Operate on one genome at a time. Switch genome only when the previous operation is committed.
|
|
|
|
---
|
|
|
|
## Cross-Genome Pull (Navigation Skill)
|
|
|
|
Cross-genome knowledge moves by **pull, never push**: the genome you are working in draws material *in*; nothing is ever written into another genome. The cross-genome reading is performed by a deterministic collector **outside any agent's context**, so the agent still operates within ONE genome (Immutable Rule 1 holds). The `cross_source` registry flag decides which genomes may be read as sources.
|
|
|
|
### How it works
|
|
|
|
Three actors, mirroring the ingest two-phase split:
|
|
|
|
1. **Collector** (`collect-crossgen.sh`, deterministic, agent-free). Clones each genome flagged `cross_source: yes` **read-only at its remote HEAD** — a disposable checkout, for freshness; never the pinned submodule state. Reads each `wiki/index.md` plus the relevant pages and assembles a **dossier of excerpts with provenance** (source genome, page, date/commit). Writes nothing to any source genome.
|
|
2. **Synthesis** (agent, navigation skill, `read`/`edit` only). Reads **only the dossier** — a single artifact inside the working genome's context — then the skill deposits **one** abstract, non-private raw into the working genome at `raw/articles/crossgen-<topic>-<YYYY-MM-DD>.md`, and STOPS.
|
|
3. **Target ingest.** The working genome's own standard pipeline processes that raw → PR → human gate. Same gate as any other source.
|
|
|
|
### When to pull
|
|
|
|
Pull is initiated deliberately (operator- or context-driven, never on a timer). Produce a crossgen raw ONLY when all three hold:
|
|
|
|
1. **Ownership elsewhere.** The concept, entity, or pattern is defined and maintained in another genome, and you need it framed for the working domain.
|
|
2. **Structural relevance.** It influences decisions, patterns, or entities here — not a casual mention.
|
|
3. **No fresh local coverage.** `qmd search "<concept>"` in the working genome returns nothing, or only a stub that needs enrichment.
|
|
|
|
If in doubt, do NOT pull. A missed cross-reference is cheaper than crossgen spam.
|
|
|
|
### Boundaries (enforced by the master)
|
|
|
|
- **Sources are restricted to `cross_source: yes` genomes.** A genome flagged `no` (e.g., a client / confidential file) is NEVER read as a source — the collector skips it physically. The wall decides what may flow; it does not rely on the agent's discipline.
|
|
- **Sources are read-only, at HEAD.** No write, commit, branch, or PR in any genome other than the one being worked on.
|
|
- **NEVER `git submodule update --remote`.** Read other genomes via disposable read-only clones — never by moving this master's submodule pointers (that is ASK FIRST).
|
|
- **NEVER read `*/private/*`.** The skill runs `PRIVATE_CONTEXT: disabled` and `private/` is an encrypted blob; even on an unlocked host, private paths are off-limits.
|
|
- Confidential / client genomes are normally isolated from cross-genome pulls entirely (operator policy). Whatever genome a pull runs into, the output raw must be abstract and non-private.
|
|
|
|
### Output raw (the only artifact written)
|
|
|
|
**Path (in the working genome):** `raw/articles/crossgen-<topic>-<YYYY-MM-DD>.md`
|
|
Plain text. No YAML frontmatter (raw is immutable input). **No wikilinks of any kind** — never a `[[../genome-*/...]]` path.
|
|
|
|
```markdown
|
|
> Cross-genome pull | Into: genome-<working> | Sources: genome-<a> (wiki/concepts/x.md), genome-<b> (wiki/entities/y.md) | HEAD: <short-sha…> | Date: YYYY-MM-DD
|
|
|
|
# <Topic> (synthesized from other genomes)
|
|
|
|
## What the source genomes say
|
|
[Abstract, faithful synthesis of the relevant material. Plain text, no private data, no wikilinks.]
|
|
|
|
## Relevance to this genome
|
|
[Why it matters in the working domain; textual references to existing local entities, if any.]
|
|
|
|
## Suggested local action
|
|
[Semantic hint for this genome's ingest: e.g., create/update wiki/concepts/<concept>.md, map local relationships.]
|
|
```
|
|
|
|
**Rules:**
|
|
|
|
- Each pull writes a **new, dated** crossgen file — never overwrite or edit an existing raw (raw is immutable). Deduplication happens later, at the **wiki** level: the working genome's normal ingest reconciles against existing pages via its §Conflict procedure.
|
|
- The raw is processed by the working genome's standard ingest as an ordinary `raw/articles/` source — no special path.
|
|
- The collector and the raw deposit are the **deterministic** side of the skill; the agent only synthesizes content. Agents never create, modify, or delete files in any `raw/` directly.
|