diff --git a/.claude/rules/agents.md b/.claude/rules/agents.md new file mode 100644 index 0000000..0e8a5d9 --- /dev/null +++ b/.claude/rules/agents.md @@ -0,0 +1,20 @@ +## Kaizen Agents + +Specialized agent personas available on demand via the state-hub MCP. + +**Discover:** `list_kaizen_agents()` — returns all agents with name, description, category +**Load:** `get_kaizen_agent("tdd-workflow")` — returns full instructions; read and follow them + +Common agents: + +| Agent | Category | When to use | +|-------|----------|-------------| +| `tdd-workflow` | testing | Step-by-step TDD8 workflow for any feature | +| `code-refactoring` | quality | Code quality analysis and safe refactoring | +| `test-maintenance` | testing | Diagnose and fix failing tests | +| `requirements-engineering` | process | Prevent interface/mock mismatches upfront | +| `keepaTodofile` | process | Maintain TODO.md during work | +| `project-management` | process | Track status, determine next steps | +| `datamodel-optimization` | quality | Optimize dataclasses and data structures | + +All 17 agents: call `list_kaizen_agents()` for the full list. diff --git a/.claude/rules/architecture.md b/.claude/rules/architecture.md new file mode 100644 index 0000000..7c2a645 --- /dev/null +++ b/.claude/rules/architecture.md @@ -0,0 +1,8 @@ +## Architecture + + + +## Quick Reference + +`~/state-hub/mcp_server/TOOLS.md` — MCP tool reference diff --git a/.claude/rules/credential-routing.md b/.claude/rules/credential-routing.md new file mode 100644 index 0000000..a992acb --- /dev/null +++ b/.claude/rules/credential-routing.md @@ -0,0 +1,50 @@ +# Credential and access routing + +**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect** +for inference. Run this check **before** requesting secrets, API keys, SSH access, +login tokens, or database passwords — in any repo, not only `ops-warden`. + +ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every +other credential need belongs to another subsystem. **Do not** message +`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key. + +### Lookup (do this first) + +```bash +warden route find "" --json +warden route show --json +``` + +Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`). + +| Agent runtime | How to orient | +| --- | --- | +| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=info-tech-canon` is for coordination, not secret vending | +| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership | +| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` | + +### Quick routing table + +| I need… | Owner | ops-warden executes? | +| --- | --- | --- | +| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` | +| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only | +| Login / OIDC / MFA | key-cape / Keycloak | No — route only | +| Authorization decision | flex-auth | No — route only | +| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` | +| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only | + +### Anti-patterns (do not do these) + +- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc. +- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist +- Pasting secrets into Git, State Hub, workplans, logs, or chat + +### Other capabilities (reuse-surface) + +Non-credential capabilities are usually discovered through **reuse-surface** federation +(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in +every repo's agent instructions because it is high-frequency, high-risk, and easy to +get wrong. + +**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml` \ No newline at end of file diff --git a/.claude/rules/first-session.md b/.claude/rules/first-session.md new file mode 100644 index 0000000..c86e430 --- /dev/null +++ b/.claude/rules/first-session.md @@ -0,0 +1,38 @@ +## First Session Protocol + +Triggered when `get_domain_summary("infotech")` shows **no workstreams**. +The project is registered but work has not yet been structured. + +**Step 1 — Read, don't write** +- `~/the-custodian/canon/projects/infotech/project_charter_v0.1.md` — purpose, scope +- `~/the-custodian/canon/projects/infotech/roadmap_v0.1.md` — planned phases +- Scan repo root: README, directory structure, existing code or docs + +**Step 2 — Survey in-progress work** +Look for TODOs, open branches, half-finished files. Note done vs. started but incomplete. + +**Step 3 — Propose workstreams to Bernd** +Propose 1–3 workstreams — each a coherent strand, weeks to months, anchored to a +roadmap phase. **Wait for approval before creating.** + +**Step 4 — Create workplan file first, then DB record (ADR-001)** +``` +workplans/ITC-WP-NNNN-.md ← write this first +``` +Then register in the hub: +``` +create_workstream(topic_id="fe2aaa78-9c20-4feb-b3d2-4fe0529572a3", title="...", owner="...", description="...") +create_task(workstream_id="", title="...", priority="high|medium|low") +``` + +**Step 5 — Record the setup** +``` +add_progress_event( + summary="First session: structured infotech into N workstreams, M tasks", + event_type="milestone", + topic_id="fe2aaa78-9c20-4feb-b3d2-4fe0529572a3", + detail={"workstreams": [...], "tasks_created": M} +) +``` + + diff --git a/.claude/rules/repo-boundary.md b/.claude/rules/repo-boundary.md new file mode 100644 index 0000000..c03025d --- /dev/null +++ b/.claude/rules/repo-boundary.md @@ -0,0 +1,8 @@ +## Repo boundary + +This repo owns **InfoTechCanon** only. It does not own: + + diff --git a/.claude/rules/repo-identity.md b/.claude/rules/repo-identity.md new file mode 100644 index 0000000..0b10b99 --- /dev/null +++ b/.claude/rules/repo-identity.md @@ -0,0 +1,5 @@ +**Purpose:** Markdown-first semantic canon and standards service for interoperable information-processing systems. + +**Domain:** infotech +**Repo slug:** info-tech-canon +**Topic ID:** fe2aaa78-9c20-4feb-b3d2-4fe0529572a3 diff --git a/.claude/rules/session-protocol.md b/.claude/rules/session-protocol.md new file mode 100644 index 0000000..1946f9b --- /dev/null +++ b/.claude/rules/session-protocol.md @@ -0,0 +1,85 @@ +## Session Protocol + +Dev Hub (State Hub API): http://127.0.0.1:8000 +MCP server name in `~/.claude.json`: `dev-hub` + +**Step 1 — Orient** + +Read the offline-safe brief first — it works without a live hub connection: +```bash +cat .custodian-brief.md +``` +Then call the MCP tool for richer cross-domain context when MCP tools are exposed: +``` +get_domain_summary("infotech") +``` +If MCP tools are unavailable in the current agent session, use the REST API: +```bash +curl -s "http://127.0.0.1:8000/state/summary" | python3 -m json.tool +``` +If the hub is offline: `cd ~/state-hub && make api` + +**Step 2 — Check inbox** +With MCP tools: +``` +get_messages(to_agent="info-tech-canon", unread_only=True) +``` +Mark read with `mark_message_read(message_id)`. Reply or act on coordination +requests before proceeding. + +Without MCP tools: +```bash +curl -s "http://127.0.0.1:8000/messages/?to_agent=info-tech-canon&unread_only=true" \ + | python3 -m json.tool +curl -s -X PATCH "http://127.0.0.1:8000/messages//read" \ + -H "Content-Type: application/json" -d '{}' +``` + +**Step 3 — Scan workplans** +```bash +ls workplans/ +``` +For each file with `status: ready`, `active`, or `blocked`, note pending +`wait`/`todo`/`progress` tasks. + +**Step 4 — Present brief** + +1. **Active workstreams** for `infotech` — title, task counts, blocking decisions +2. **Pending tasks** from `workplans/` + any `[repo:info-tech-canon]` hub tasks +3. **Goal guidance** — if `goal_guidance` in summary: + - `needs_workplan`: surface as top action — *"Repo goal '{title}' has no workplan yet"* + - `alignment_warnings`: flag if active work is not aligned with current goal +4. **Suggested next action** — highest-priority open item +5. **SBOM status** — flag if `last_sbom_at` is unset for this repo + +If no workstreams: follow First Session Protocol (`first-session.md`). + +**During work:** `record_decision()` · `add_progress_event()` · `resolve_decision()` + +> State Hub is a *read model*. Bootstrap tools (`create_workstream`, `create_task`) +> are First Session Protocol only. Work structure belongs in repo files (ADR-001). + +**Session close:** +With MCP tools: +``` +add_progress_event(summary="...", topic_id="fe2aaa78-9c20-4feb-b3d2-4fe0529572a3", workstream_id="") +``` +Without MCP tools: +```bash +curl -s -X POST http://127.0.0.1:8000/progress/ \ + -H "Content-Type: application/json" \ + -d '{"topic_id":"fe2aaa78-9c20-4feb-b3d2-4fe0529572a3","workstream_id":"","event_type":"note","summary":"what changed","author":"codex"}' +``` +If workplan files were modified, ensure the local copy is up to date first: +```bash +git -C pull --ff-only +cd ~/state-hub && make fix-consistency REPO=info-tech-canon +``` +For repos where implementation runs on a remote machine (e.g. CoulombCore), +use the combined target which pulls before fixing: +```bash +cd ~/state-hub && make fix-consistency-remote REPO=info-tech-canon +``` +**C-15** (DB task ahead of file) is normal in multi-machine workflows — writeback +will sync the file to match DB. **C-16** (repo behind remote) blocks all writes +until you pull — intentional to prevent clobbering remote progress. diff --git a/.claude/rules/stack-and-commands.md b/.claude/rules/stack-and-commands.md new file mode 100644 index 0000000..dc53ac6 --- /dev/null +++ b/.claude/rules/stack-and-commands.md @@ -0,0 +1,19 @@ +## Stack + + +- **Language:** +- **Key deps:** + +## Dev Commands + +```bash +# TODO: Fill in the standard commands for this repo + +# Install dependencies + +# Run tests + +# Lint / type check + +# Build / package (if applicable) +``` diff --git a/.claude/rules/workplan-convention.md b/.claude/rules/workplan-convention.md new file mode 100644 index 0000000..89b13bd --- /dev/null +++ b/.claude/rules/workplan-convention.md @@ -0,0 +1,40 @@ +## Workplan Convention (ADR-001) + +File location: `workplans/ITC-WP-NNNN-.md` +ID prefix: `ITC-WP-` + +Work items originate as files in this repo **before** being registered in the hub. + +Canonical workplan/workstream frontmatter statuses are: +`proposed`, `ready`, `active`, `blocked`, `backlog`, `finished`, `archived`. +Use `proposed` for a newly drafted plan, `ready` after review against current +repo state, and `finished` when implementation is complete. `stalled` and +`needs_review` are derived health labels, not stored statuses. + +Closed workplans may be moved to `workplans/archived/` with a completion-date +prefix: `YYMMDD-ITC-WP-NNNN-.md`. The frontmatter id remains +unchanged; the prefix is only for quick visual reference. + +Small opportunistic tasks discovered during another session use **Ad Hoc Tasks**: +`workplans/ADHOC-YYYY-MM-DD.md`, workstream slug `adhoc-YYYY-MM-DD`, and task ids +`ADHOC-YYYY-MM-DD-T01`, `T02`, etc. Use adhocs only for low-risk work completed +directly. Promote anything requiring analysis, design, approval, dependencies, or +multiple planned phases into a normal workplan. + +Ecosystem todos from other agents arrive as `[repo:info-tech-canon]` hub tasks — +visible at session start. Pick one up by creating the workplan file, then registering +the workstream. + +Task blocks use this shape: + +```task +id: ITC-WP-NNNN-T01 +status: wait | todo | progress | done | cancel +priority: high | medium | low +state_hub_task_id: "" # written by fix-consistency — do not edit +``` + +Status progression is `todo` → `progress` → `done`; use `wait` for waiting or +blocked work and `cancel` for stopped work. + + diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..fd8d7bc --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,219 @@ +# InfoTechCanon — Agent Instructions + +## Repo Identity + +**Purpose:** Markdown-first semantic canon and standards service for interoperable information-processing systems. + +**Domain:** infotech +**Repo slug:** info-tech-canon +**Topic ID:** `fe2aaa78-9c20-4feb-b3d2-4fe0529572a3` +**Workplan prefix:** `ITC-WP-` + +--- + +## State Hub Integration + +The Custodian State Hub tracks work across all domains. Interact via HTTP REST — +there is no MCP server for Codex agents. + +| Context | URL | +|---------|-----| +| Local workstation | `http://127.0.0.1:8000` | +| Remote via tunnel | `http://127.0.0.1:18000` | + +### Orient at session start + +```bash +# Offline brief — works without hub connection +cat .custodian-brief.md + +# Active workstreams for this domain +curl -s "http://127.0.0.1:8000/workstreams/?topic_id=fe2aaa78-9c20-4feb-b3d2-4fe0529572a3&status=active" \ + | python3 -m json.tool + +# Check inbox +curl -s "http://127.0.0.1:8000/messages/?to_agent=info-tech-canon&unread_only=true" \ + | python3 -m json.tool +``` + +Mark a message read: +```bash +curl -s -X PATCH "http://127.0.0.1:8000/messages//read" \ + -H "Content-Type: application/json" -d '{}' +``` + +### Log progress (required at session close) + +```bash +curl -s -X POST http://127.0.0.1:8000/progress/ \ + -H "Content-Type: application/json" \ + -d '{ + "summary": "what was done", + "event_type": "note", + "author": "codex", + "workstream_id": "", + "task_id": "" + }' +``` + +Omit `workstream_id` / `task_id` when not applicable. + +### Update task status + +```bash +curl -s -X PATCH "http://127.0.0.1:8000/tasks/" \ + -H "Content-Type: application/json" \ + -d '{"status": "progress"}' +# values: wait | todo | progress | done | cancel +``` + +### Flag a task for human review + +```bash +curl -s -X PATCH "http://127.0.0.1:8000/tasks/" \ + -H "Content-Type: application/json" \ + -d '{"needs_human": true, "intervention_note": "reason"}' +``` + +--- + +## Session Protocol + +**Start:** +1. `cat .custodian-brief.md` — domain goal and open workstreams (offline-safe) +2. Check inbox: `GET /messages/?to_agent=info-tech-canon&unread_only=true`; mark read +3. Scan workplans: `ls workplans/` — note `status: ready`, `active`, or `blocked` files and open tasks +4. Check human-needed tasks: `GET /tasks/?needs_human=true` + +**During work:** +- Update task statuses in workplan files as tasks progress +- Record significant decisions via `POST /decisions/` + +**Close:** +1. Update workplan file task statuses to reflect progress +2. Log: `POST /progress/` with a summary of what changed +3. Note for the custodian operator: after workplan file changes, run from + `~/state-hub`: + ```bash + make fix-consistency REPO=info-tech-canon + ``` + This syncs task status from files into the hub DB. + +--- + +## Credential and access routing + +**Audience:** Codex, Claude Code, Grok, and custodian agents that call **llm-connect** +for inference. Run this check **before** requesting secrets, API keys, SSH access, +login tokens, or database passwords — in any repo, not only `ops-warden`. + +ops-warden **issues SSH certificates only** (`warden sign`, `cert_command`). Every +other credential need belongs to another subsystem. **Do not** message +`ops-warden` on State Hub expecting a secret value; the reply is a pointer, not a key. + +### Lookup (do this first) + +```bash +warden route find "" --json +warden route show --json +``` + +Requires the `warden` CLI from `~/ops-warden` (`uv tool install .` or `uv run warden`). + +| Agent runtime | How to orient | +| --- | --- | +| **Codex / Grok** (shell, HTTP State Hub) | `warden route` commands above; inbox `to_agent=info-tech-canon` is for coordination, not secret vending | +| **Claude Code** (MCP when available) | `get_domain_summary("custodian")` for workstreams; **still** use `warden route` for credential ownership | +| **llm-connect** (inference service) | Never put secret retrieval in prompts; route custody to OpenBao/operator paths surfaced by `warden route` | + +### Quick routing table + +| I need… | Owner | ops-warden executes? | +| --- | --- | --- | +| SSH cert (`adm`/`agt`/`atm`) | ops-warden | **Yes** — `warden sign` | +| API key, DB password, provider token | OpenBao (`railiance-platform`) | No — route only | +| Login / OIDC / MFA | key-cape / Keycloak | No — route only | +| Authorization decision | flex-auth | No — route only | +| activity-core → issue-core emission | activity-core + issue-core | No — `warden route show activity-core-issue-sink` | +| SSH tunnel | ops-bridge (+ `cert_command` from warden) | No — route only | + +### Anti-patterns (do not do these) + +- `POST /messages/` to `ops-warden` asking for `ISSUE_CORE_API_KEY`, `OPENROUTER_API_KEY`, etc. +- Inventing `warden secret`, `warden login`, `warden bao`, `warden tunnel` — they do not exist +- Pasting secrets into Git, State Hub, workplans, logs, or chat + +### Other capabilities (reuse-surface) + +Non-credential capabilities are usually discovered through **reuse-surface** federation +(`reuse-surface` registry / `capability.*` indexes). Credential routing is inlined in +every repo's agent instructions because it is high-frequency, high-risk, and easy to +get wrong. + +**Canon:** `~/ops-warden/wiki/CredentialRouting.md` · catalog `~/ops-warden/registry/routing/catalog.yaml` + + + + +--- + +## Workplan Convention (ADR-001) + +Work items originate as files in this repo — not in the hub. The hub is a +read/cache/index layer that rebuilds from files. + +**File location:** `workplans/INFO-WP-NNNN-.md` + +**Archived location:** finished workplans may move to +`workplans/archived/YYMMDD-INFO-WP-NNNN-.md`. The `YYMMDD` prefix is +the completion/archive date; the frontmatter `id` does not change. + +**Ad Hoc Tasks:** small opportunistic fixes discovered during a session use +`workplans/ADHOC-YYYY-MM-DD.md` with task ids `ADHOC-YYYY-MM-DD-T01`, etc. Use +this only for low-risk work completed directly; create a normal workplan for +anything needing analysis, design, approval, dependencies, or multiple phases. + +**Frontmatter:** + +```yaml +--- +id: INFO-WP-NNNN +type: workplan +title: "..." +domain: infotech +repo: info-tech-canon +status: proposed | ready | active | blocked | backlog | finished | archived +owner: codex +topic_slug: ... +created: "YYYY-MM-DD" +updated: "YYYY-MM-DD" +state_hub_workstream_id: "" # written by fix-consistency — do not edit +--- +``` + +Use `proposed` for a new draft, `ready` after review against current repo +state, and `finished` after implementation. `stalled` and `needs_review` are +derived health labels, not frontmatter statuses. + +**Task block format** (one per `##` section): + +``` +## Task Title + +` ` `task +id: INFO-WP-NNNN-T01 +status: wait | todo | progress | done | cancel +priority: high | medium | low +state_hub_task_id: "" # written by fix-consistency — do not edit +` ` ` + +Task description text. +``` + +Status progression: `todo` → `progress` → `done`; use `wait` for waiting/blocked work and `cancel` for stopped work. + +To create a new workplan: +1. Write the file following the format above +2. Notify the custodian operator to run `make fix-consistency REPO=info-tech-canon` + (or send a message to the hub agent via `POST /messages/`) diff --git a/CLAUDE.md b/CLAUDE.md index 47573fd..7d7672c 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,107 +1,12 @@ -# CLAUDE.md +# InfoTechCanon — Claude Code Instructions -This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. - -## What this repository is - -InfoTechCanon is a markdown-first **canon** — a body of kernel documents, domain -models, and specialized standards for building interoperable information-processing -systems. The repository has two layers: - -- **Repository root** is the *service, governance, and workplan shell*: Python - package (`src/info_tech_canon/`), manifests (`canon.yaml`, `pyproject.toml`), - governance docs (`INTENT.md`, `SCOPE.md`), and `workplans/`. -- **`infospace/`** is the one concrete **infospace** — the actual canon content - (kernel/models/standards/profiles/agent assets/etc.) that the service operates on. - -The canon content is data; the Python package is a thin read-mostly service over it. - -## Commands - -```bash -# Run the CLI from source (no install needed) -PYTHONPATH=src python3 -m info_tech_canon - -# Maintenance targets (wrap the CLI) -make validate # validate canon, write infospace/validation/latest.json -make index # refresh generated indexes and views -make tree # refresh the generated infospace tree -make agent-briefs # refresh generated agent briefs -make test # python3 -m pytest - -# Tests -python3 -m pytest # full suite -python3 -m pytest tests/test_cli.py # one file -python3 -m pytest tests/test_cli.py -k inspect # one test by name - -# Read-only local HTTP API (stdlib only) -PYTHONPATH=src python3 -m info_tech_canon api --host 127.0.0.1 --port 8765 -``` - -Common CLI subcommands: `inspect`, `artifacts [--kind K]`, `models`, `standards`, -`validate [--write PATH]`, `index`, `tree`, `agent-briefs`, `views [name]`, -`graph [--format json|mermaid]`, `review-kit`, `alignment-template`, -`profile inspect|validate|graph `, `api`. After `pip install`, the same -commands are available via the `info-tech-canon` console script. - -## Architecture - -**Service surface (CLI / JSON / API are one contract).** `cli.py`, `api.py`, and -the `info_tech_canon.service` functions are three faces of the *same* operations. -Every operation lives as a function in `service.py` returning a JSON-serializable -dict with an `ok` boolean; `cli.py` prints it and `api.py` serves it. When you add -or change an operation, update all three so the contract stays consistent. Errors -are raised as `CanonServiceError(code, message, details)` and rendered as -`{"ok": false, "error": {...}}` (CLI exit code 2). - -**`bench.py` is the boundary to `infospace-bench`.** Artifact loading, collection -checks, relationship summaries, and mermaid export are *not* implemented here — they -come from the sibling repo `infospace-bench` (a path dependency at -`~/infospace-bench`, declared in `pyproject.toml`). `bench.py` loads that package's -modules by file path under an internal alias and re-exports `Infospace`, -`KnowledgeArtifact`, `load_infospace`, `run_collection_checks`, -`relationship_summary`, `export_mermaid`. Behavior depending on artifact loading or -graph/check logic lives in `infospace-bench`, not here. - -**Manifests.** `canon.yaml` (repo root) is the human/governance manifest of the -canon's kernel/models/standards. `infospace/infospace.yaml` is the machine config -that `load_infospace` consumes — it lists disciplines (paths), schema locations, and -`viability` thresholds. `validate` cross-checks artifact paths/relationships against -the loaded infospace and enforces viability thresholds (e.g. redundancy/coverage/ -coherence/consistency/granularity) plus structural checks from `validation.py`. - -**Profiles** (`profiles.py`) are concrete proofs under `infospace/profiles//` -with a `profile.yaml`. `small-saas` is the first executable profile proof. - -## Generated files — do not edit by hand - -`make index/tree/agent-briefs` and `validate --write` produce files carrying a -`GENERATED ... do not edit` header (under `infospace/views/`, `infospace/indexes/`, -`infospace/agent/briefs/`, `infospace/validation/latest.json`, the tree manifest). -Edit the *source* artifacts and regenerate; never hand-edit generated output. - -## Workplans - -Work is tracked in `workplans/` against `workplans/index.yaml` (statuses like -`finished`/`active`). Consumer-side work belongs in the consumer's own repo, not -here — `repository scope` is producer-only. Use the project's `/ralph-workplan` -skill (not raw `/ralph-loop`) when running a workplan loop. - -## Conventions and guardrails - -- **Boring and inspectable.** stdlib + PyYAML only in this package; no heavy - dependencies. Python for code, YAML for manifests/schemas, Markdown for docs. -- **Do not collapse canonical concepts** when editing canon content. These are kept - deliberately distinct: Organization Role / AccessRole / CARING Canonical Role; - Actor / Subject / Principal; Policy / Control / Evidence; Dataset / DataStore; - Artifact / Release / Deployment / Runtime State; Network Intent / Policy / - Configuration / Observed State; Alert / Incident. Tags are never substitutes for - canonical fields, relationships, policies, or evidence. -- CARING is a *standard* (`standards/caring/`, namespace `itc-caring`), not merely - an access-control profile. - -## State Hub note - -`chore(consistency): sync task status from DB [auto]` commits and `.custodian-brief.md` -come from the external Custodian State Hub, not from code in this repo. They are -auto-generated; don't treat them as manual work to reconcile here. +@SCOPE.md +@.claude/rules/repo-identity.md +@.claude/rules/session-protocol.md +@.claude/rules/first-session.md +@.claude/rules/workplan-convention.md +@.claude/rules/stack-and-commands.md +@.claude/rules/architecture.md +@.claude/rules/repo-boundary.md +@.claude/rules/credential-routing.md +@.claude/rules/agents.md diff --git a/workplans/ITC-WP-0001-infospace-scaffold-and-seed-placement.md b/workplans/ITC-WP-0001-infospace-scaffold-and-seed-placement.md index 89d758f..96bdeeb 100644 --- a/workplans/ITC-WP-0001-infospace-scaffold-and-seed-placement.md +++ b/workplans/ITC-WP-0001-infospace-scaffold-and-seed-placement.md @@ -2,7 +2,8 @@ id: ITC-WP-0001 type: workplan title: "Infospace Scaffold And Seed Placement" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0002-service-surface-cli-json-api.md b/workplans/ITC-WP-0002-service-surface-cli-json-api.md index aacb31b..656d1e7 100644 --- a/workplans/ITC-WP-0002-service-surface-cli-json-api.md +++ b/workplans/ITC-WP-0002-service-surface-cli-json-api.md @@ -2,7 +2,8 @@ id: ITC-WP-0002 type: workplan title: "Service Surface Baseline CLI JSON API" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0003-validation-indexes-and-generated-views.md b/workplans/ITC-WP-0003-validation-indexes-and-generated-views.md index d270eda..aa39e06 100644 --- a/workplans/ITC-WP-0003-validation-indexes-and-generated-views.md +++ b/workplans/ITC-WP-0003-validation-indexes-and-generated-views.md @@ -2,7 +2,8 @@ id: ITC-WP-0003 type: workplan title: "Validation Indexes And Generated Views" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0004-small-saas-profile-proof.md b/workplans/ITC-WP-0004-small-saas-profile-proof.md index cc0fc77..28cd576 100644 --- a/workplans/ITC-WP-0004-small-saas-profile-proof.md +++ b/workplans/ITC-WP-0004-small-saas-profile-proof.md @@ -2,7 +2,8 @@ id: ITC-WP-0004 type: workplan title: "Small SaaS Profile Proof" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0005-retrieval-agent-briefs-and-interface-cards.md b/workplans/ITC-WP-0005-retrieval-agent-briefs-and-interface-cards.md index a925f82..d49e357 100644 --- a/workplans/ITC-WP-0005-retrieval-agent-briefs-and-interface-cards.md +++ b/workplans/ITC-WP-0005-retrieval-agent-briefs-and-interface-cards.md @@ -2,7 +2,8 @@ id: ITC-WP-0005 type: workplan title: "Retrieval Agent Briefs And Interface Cards" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: medium diff --git a/workplans/ITC-WP-0006-purpose-and-demand-model.md b/workplans/ITC-WP-0006-purpose-and-demand-model.md index 5982124..4efa1d6 100644 --- a/workplans/ITC-WP-0006-purpose-and-demand-model.md +++ b/workplans/ITC-WP-0006-purpose-and-demand-model.md @@ -2,7 +2,8 @@ id: ITC-WP-0006 type: workplan title: "Purpose And Demand Model Extension" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0007-user-engine-evaluation-readiness.md b/workplans/ITC-WP-0007-user-engine-evaluation-readiness.md index 1e538fe..2abecf4 100644 --- a/workplans/ITC-WP-0007-user-engine-evaluation-readiness.md +++ b/workplans/ITC-WP-0007-user-engine-evaluation-readiness.md @@ -2,7 +2,8 @@ id: ITC-WP-0007 type: workplan title: "User Engine Evaluation Readiness" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0008-railiance-fabric-conformance-support.md b/workplans/ITC-WP-0008-railiance-fabric-conformance-support.md index aa1d9a4..59d42fa 100644 --- a/workplans/ITC-WP-0008-railiance-fabric-conformance-support.md +++ b/workplans/ITC-WP-0008-railiance-fabric-conformance-support.md @@ -2,7 +2,8 @@ id: ITC-WP-0008 type: workplan title: "Railiance Fabric Conformance Support" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0009-repo-scoping-comparison-and-extension.md b/workplans/ITC-WP-0009-repo-scoping-comparison-and-extension.md index 89f0f0a..912a265 100644 --- a/workplans/ITC-WP-0009-repo-scoping-comparison-and-extension.md +++ b/workplans/ITC-WP-0009-repo-scoping-comparison-and-extension.md @@ -2,7 +2,8 @@ id: ITC-WP-0009 type: workplan title: "Repo Scoping Comparison And Extension" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md b/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md index b36aba3..39991a7 100644 --- a/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md +++ b/workplans/ITC-WP-0010-caring-kubernetes-rbac-benchmark.md @@ -2,7 +2,8 @@ id: ITC-WP-0010 type: workplan title: "CARING Kubernetes RBAC Benchmark" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: medium diff --git a/workplans/ITC-WP-0011-canon-consumer-alignment-review-kit.md b/workplans/ITC-WP-0011-canon-consumer-alignment-review-kit.md index bfad5a3..e379b7c 100644 --- a/workplans/ITC-WP-0011-canon-consumer-alignment-review-kit.md +++ b/workplans/ITC-WP-0011-canon-consumer-alignment-review-kit.md @@ -2,7 +2,8 @@ id: ITC-WP-0011 type: workplan title: "Canon Consumer Alignment Review Kit" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: high diff --git a/workplans/ITC-WP-0012-canonical-repository-layout-standard.md b/workplans/ITC-WP-0012-canonical-repository-layout-standard.md index f97a939..c2cfb7a 100644 --- a/workplans/ITC-WP-0012-canonical-repository-layout-standard.md +++ b/workplans/ITC-WP-0012-canonical-repository-layout-standard.md @@ -2,7 +2,8 @@ id: ITC-WP-0012 type: workplan title: "Canonical Repository Layout Standard Integration" -domain: canon +domain: infotech +topic_slug: canon repo: info-tech-canon status: finished priority: medium