diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/agent-knowledge-base-spec.org | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/docs/agent-knowledge-base-spec.org b/docs/agent-knowledge-base-spec.org index c59c33b..bdf7852 100644 --- a/docs/agent-knowledge-base-spec.org +++ b/docs/agent-knowledge-base-spec.org @@ -3,7 +3,7 @@ #+DATE: 2026-06-10 * Metadata -| Status | ready with caveats — Codex review incorporated, D7 ratified keep (Craig, 2026-06-10); caveat: confirm work-root denylist contents; implementation awaiting Craig's go | +| Status | ready — Codex review incorporated, D7 ratified keep, work-root denylist confirmed =~/projects/work= only (Craig, 2026-06-10); implementation awaiting Craig's go | | Owner | Craig Jennings | | Reviewer | Craig Jennings; Codex (2026-06-10) | | Related | [[file:../todo.org][todo.org — "Check that memories are sync'd across machines via git"]] | @@ -71,7 +71,7 @@ Filename follows roam's timestamp-prefix convention (=YYYYMMDDHHMMSS-slug.org=). ** Project classification and write routing (v1) -D5's boundary needs an executable answer to "is this project allowed to write?" — inference from cwd names, remotes, or task content is too much discretion for a confidentiality boundary. The v1 source of truth is an explicit *work-root denylist* carried in =knowledge-base.md= (initially =~/projects/work=; contents confirmed with Craig before the rule ships). Classification: +D5's boundary needs an executable answer to "is this project allowed to write?" — inference from cwd names, remotes, or task content is too much discretion for a confidentiality boundary. The v1 source of truth is an explicit *work-root denylist* carried in =knowledge-base.md= (=~/projects/work= — confirmed complete by Craig, 2026-06-10; archangel is not work-scoped). Classification: - *Work* — the project root is, or sits under, a denylisted work root. No KB write, ever. The agent records durable facts per that project's own conventions (work already keeps its knowledge in its project tree); v1 adds no new work-side store. - *Personal* — the project root sits under a known project parent (=~/code/=, =~/projects/=, =~/.emacs.d=) and is not denylisted. KB writes allowed per D6. @@ -152,7 +152,7 @@ A new =claude-rules/knowledge-base.md= rule (auto-installs via the Makefile RULE Not started — Craig has explicitly held implementation pending his go-ahead. ** Phase 1 — Pointer rule -Confirm the work-root denylist contents with Craig, then write =claude-rules/knowledge-base.md=: path, the canonical query commands (conflict-file exclusion included), the D4 schema, the classification + write-routing rules, the refusal contract, and the D5/D6 boundary. =make install= links it machine-wide via the existing RULES glob — no Makefile change. Tree stays working throughout (pure addition). +The work-root denylist is confirmed (=~/projects/work= only, Craig 2026-06-10). Write =claude-rules/knowledge-base.md=: path, the canonical query commands (conflict-file exclusion included), the D4 schema, the classification + write-routing rules, the refusal contract, and the D5/D6 boundary. =make install= links it machine-wide via the existing RULES glob — no Makefile change. Tree stays working throughout (pure addition). ** Phase 2 — Seed node + index verification Craig supplies or approves the durable fact; the implementer writes exactly one node under =~/sync/org/roam/= per the schema (a genuine durable fact, not a test stub). Craig runs =org-roam-db-sync= and confirms it indexes and displays cleanly. Rollback if the schema fails: delete that one timestamped =:agent:= file. This validates the schema end-to-end before agents write at volume. @@ -190,7 +190,7 @@ Wire the promotion prompt into the wrap-up workflow (a "anything worth promoting - Un-reviewed writes propagate instantly (D6 accepted this). Dodge: the =:agent:= inventory keeps cleanup cheap. - Promotion discipline may not stick (D2). Dodge: Phase 3 makes it a mechanical wrap-up step rather than a memory burden. - Syncthing conflict files could confuse queries. Dodge: exclusion is baked into the canonical commands. -- An incomplete work-root denylist would let a work project classify as personal. Dodge: Phase 1 starts by confirming the denylist with Craig, and the classification's safe default (unknown → refuse) covers anything outside the known parents. +- An incomplete work-root denylist would let a work project classify as personal. Dodge: Craig confirmed the denylist (=~/projects/work= only, 2026-06-10), and the classification's safe default (unknown → refuse) covers anything outside the known parents. * Testing / Verification @@ -234,3 +234,8 @@ Modified recommendations from the 2026-06-10 Codex review, with reasons. Everyth - What: processed the Codex review with Craig's D7 ratification ("keep") as a pre-agreed input. Both blockers cleared: D7 accepted (harness memory stays the capture layer, Phase 3 mandatory) and a new "Project classification and write routing" design subsection (work-root denylist as source of truth, unknown → refuse, refusal message contract, no new work-side store). Mediums accepted: canonical =rg= commands with conflict-file exclusion baked in, Phase 2 approval/rollback mechanics, Makefile no-change note, ~490 fact count, Testing/Verification section. Three recommendations modified (see Review dispositions); none rejected. - Why: converge to implementation-ready. Rubric: ready with caveats — the one caveat is confirming the work-root denylist contents with Craig before Phase 1 ships the rule. - Artifacts: this file; implementation-task breakdown under the parent task in todo.org; review file deleted. + +** 2026-06-10 Wed @ 17:29:37 -0500 — Craig Jennings — caveat resolved +- What: confirmed the work-root denylist is complete at =~/projects/work= alone; archangel is not work-scoped. +- Why: this was the single "ready with caveats" caveat. The spec is now ready. Implementation still awaits Craig's explicit go. +- Artifacts: this file (status flipped to ready); the denylist VERIFY in todo.org resolved to a dated entry. |