keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(public-prep): scrub author identity + private-IP references
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
Details
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
Details

Browse source 
Pre-public Phase 1. Remove personal/IP traces that should not ship in a
general-purpose kit; keep only intended author attribution.

- no-github-push.sh + hooks-and-blocks.md + ci-scaffold: drop "KeiTech
  unfiled patent IP / trade secrets / priority date" wording; reword as a
  generic opt-in guard for keeping code on a private remote.
- check-error-patterns.sh: remove author-local absolute path from the
  tombstone comment.
- graph-export-watcher.sh: default viz dir to ~/.local/share/kei/graph-viz
  (was a personal project path).
- agent manifests (cost-guardian, modal-runner, infra/ml/code-implementer)
  + ci.yml: strip private memory references and dated personal incidents;
  keep the generic cost/ops lessons. Snapshots regenerated; golden 3/3.

Kept intentionally: author attribution (NOTICE / README / Cargo / plugin).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
KeiSei84 2026-05-25 15:00:07 +08:00
parent 7b453aac1b
commit 2ffb3a8b1e
20 changed files with 39 additions and 40 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/ci.yml vendored
View file

@ -145,7 +145,7 @@ jobs:
continue-on-error: true continue-on-error: true
workflow-lint: workflow-lint:
# v0.20.1: guards against the dtolnay-SHA-class incident (2026-04-22). # v0.20.1: guards against the dtolnay-SHA-class incident.
# actionlint catches workflow syntax; validate-workflow-shas.sh catches # actionlint catches workflow syntax; validate-workflow-shas.sh catches
# fabricated / force-pushed SHA pins. Runs fast (<30s). # fabricated / force-pushed SHA pins. Runs fast (<30s).
runs-on: ubuntu-latest runs-on: ubuntu-latest

2
_assembler/tests/fixtures/_manifests/code-implementer.toml vendored
View file

@ -99,7 +99,7 @@ extra = [
"path:user-rules/dev-workflow.md", "path:user-rules/dev-workflow.md",
"path:user-rules/debugging.md", "path:user-rules/debugging.md",
"path:user-rules/karpathy-behavioral.md", "path:user-rules/karpathy-behavioral.md",
"MEMORY.md → Architecture Overlay Incident (model_brain.py 227→354 LOC from \"fixes\" — never patch, fix root formulas)", "Architecture Overlay Incident (model_brain.py 227→354 LOC from \"fixes\" — never patch, fix root formulas)",
] ]
[taxonomy] [taxonomy]

2
_assembler/tests/fixtures/_manifests/cost-guardian.toml vendored
View file

@ -13,7 +13,7 @@ You are the cost guardian. Your job is to make sure no paid compute launches wit
verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop \ verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop \
runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do \ runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do \
NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident \ NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident \
(2026-02-26)** is the cautionary tale: prices guessed not verified, silent retries \ ** is the cautionary tale: prices guessed not verified, silent retries \
re-billing, file changes never confirmed, dashboard never checked. Every protocol below \ re-billing, file changes never confirmed, dashboard never checked. Every protocol below \
exists because of that day never again. exists because of that day never again.
""" """

2
_assembler/tests/snapshots/code-implementer.snap
View file

@ -419,4 +419,4 @@ Blockers / next: <list>
- `path:user-rules/dev-workflow.md` - `path:user-rules/dev-workflow.md`
- `path:user-rules/debugging.md` - `path:user-rules/debugging.md`
- `path:user-rules/karpathy-behavioral.md` - `path:user-rules/karpathy-behavioral.md`
- `MEMORY.md → Architecture Overlay Incident (model_brain.py 227→354 LOC from "fixes" — never patch, fix root formulas)` - `Architecture Overlay Incident (model_brain.py 227→354 LOC from "fixes" — never patch, fix root formulas)`

2
_assembler/tests/snapshots/cost-guardian.snap
View file

@ -13,7 +13,7 @@ model: opus
# ROLE # ROLE
You are the cost guardian. Your job is to make sure no paid compute launches without a verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident (2026-02-26)** is the cautionary tale: prices guessed not verified, silent retries re-billing, file changes never confirmed, dashboard never checked. Every protocol below exists because of that day — never again. You are the cost guardian. Your job is to make sure no paid compute launches without a verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident ** is the cautionary tale: prices guessed not verified, silent retries re-billing, file changes never confirmed, dashboard never checked. Every protocol below exists because of that day — never again.
# AGENT SUBSTRATE — role `read-only` # AGENT SUBSTRATE — role `read-only`

2
_generated/code-implementer.md
View file

@ -463,4 +463,4 @@ behaviour-verified: yes | no | not-applicable
follow-up-required: follow-up-required:
- <bullet list> - <bullet list>
``` ```
- `MEMORY.md → Architecture Overlay Incident (model_brain.py 227→354 LOC from "fixes" — never patch, fix root formulas)` - `Architecture Overlay Incident (model_brain.py 227→354 LOC from "fixes" — never patch, fix root formulas)`

2
_generated/cost-guardian.md
View file

@ -9,7 +9,7 @@ model: sonnet
# ROLE # ROLE
You are the cost guardian. Your job is to make sure no paid compute launches without a verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident (2026-02-26)** is the cautionary tale: prices guessed not verified, silent retries re-billing, file changes never confirmed, dashboard never checked. Every protocol below exists because of that day — never again. You are the cost guardian. Your job is to make sure no paid compute launches without a verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident** is the cautionary tale: prices guessed not verified, silent retries re-billing, file changes never confirmed, dashboard never checked. Every protocol below exists because of that day — never again.
# AGENT SUBSTRATE — role `read-only` # AGENT SUBSTRATE — role `read-only`

6
_generated/infra-implementer.md
View file

@ -438,9 +438,9 @@ Blockers / next: <list>
- `{path::user-rules}/git-conventions.md` - `{path::user-rules}/git-conventions.md`
- `{path::user-rules}/dev-workflow.md` - `{path::user-rules}/dev-workflow.md`
- `{path::user-memory}/security-restricted-projects.md` - `{path::user-memory}/security-restricted-projects.md`
- `MEMORY.md → Compute Cost Incident (2026-02-26): $98.78 Modal overrun — no dashboard check, unverified prices.` - `Compute Cost Incident: $98.78 Modal overrun — no dashboard check, unverified prices.`
- `MEMORY.md → Recruiter shared-EC2 risk (i-0a8b747023809d451 shared with 3 projects, default SECRET_KEY, no CSRF).` - `Recruiter shared-EC2 risk (i-0a8b747023809d451 shared with 3 projects, default SECRET_KEY, no CSRF).`
- `MEMORY.md → CloudSync 146 GB bloat: two duplicate LaunchAgents both writing logs. Scan for duplicates before adding infra.` - `CloudSync 146 GB bloat: two duplicate LaunchAgents both writing logs. Scan for duplicates before adding infra.`
## Output Footer (RULE 0.16) ## Output Footer (RULE 0.16)

4
_generated/ml-implementer.md
View file

@ -483,8 +483,8 @@ Blockers / next: <list>
- `{path::user-rules}/manifold-tangent-sanity.md` - `{path::user-rules}/manifold-tangent-sanity.md`
- `{path::user-rules}/no-downgrade-constructive.md` - `{path::user-rules}/no-downgrade-constructive.md`
- `{path::user-memory}/wrong-paths-specialized-ml.md` - `{path::user-memory}/wrong-paths-specialized-ml.md`
- `MEMORY.md → Compute Cost Incident (2026-02-26): promised $27, spent $98.78 on Modal. NEVER AGAIN.` - `Compute Cost Incident: promised $27, spent $98.78 on Modal. NEVER AGAIN.`
- `MEMORY.md → Architecture Overlay Incident: model_brain.py 227→354 LOC from audit fixes. No Patching.` - `Architecture Overlay Incident: model_brain.py 227→354 LOC from audit fixes. No Patching.`
## Output Footer (RULE 0.16) ## Output Footer (RULE 0.16)

4
_generated/modal-runner.md
View file

@ -11,9 +11,9 @@ model: sonnet
You are the Modal compute orchestrator. You launch Modal jobs safely, observe them well, and NEVER burn money or kill running work. Two incidents shape every rule below. You are the Modal compute orchestrator. You launch Modal jobs safely, observe them well, and NEVER burn money or kill running work. Two incidents shape every rule below.
$98.78 Modal Incident (2026-02-26): promised $27, spent $98.78 in one session. Prices guessed not verified, failed retries silently re-billed, file changes never confirmed, dashboard never checked. Every cost rule exists because of that day. $98.78 Modal Incident: promised $27, spent $98.78 in one session. Prices guessed not verified, failed retries silently re-billed, file changes never confirmed, dashboard never checked. Every cost rule exists because of that day.
anti-stop guard Incident (2026-03-29): stopped a 1.4-hour training run for a non-critical bug. Cost: 1.4 hours A10G + restart + re-warmup. Every kill rule exists because of that day. anti-stop guard Incident: stopped a 1.4-hour training run for a non-critical bug. Cost: 1.4 hours A10G + restart + re-warmup. Every kill rule exists because of that day.
Cost tiers: <$5 per run → AUTO; $5-$20 → WARN + daily-cap check ($20/day session); >$20 → STOP and ask. Always state estimate in dollars BEFORE launch: "Estimate: $X.XX (= N_gpus × hours × $/hr/gpu)". GPU compat: A10G torch>=2.0 (~$1.10/hr), H100 torch>=2.1 (~$4.50/hr), B200 torch>=2.6 (~$8/hr). Always verify on pricing page — rates change. Cost tiers: <$5 per run → AUTO; $5-$20 → WARN + daily-cap check ($20/day session); >$20 → STOP and ask. Always state estimate in dollars BEFORE launch: "Estimate: $X.XX (= N_gpus × hours × $/hr/gpu)". GPU compat: A10G torch>=2.0 (~$1.10/hr), H100 torch>=2.1 (~$4.50/hr), B200 torch>=2.6 (~$8/hr). Always verify on pricing page — rates change.

2
_manifests/code-implementer.toml
View file

@ -99,7 +99,7 @@ extra = [
"path:user-rules/dev-workflow.md", "path:user-rules/dev-workflow.md",
"path:user-rules/debugging.md", "path:user-rules/debugging.md",
"path:user-rules/karpathy-behavioral.md", "path:user-rules/karpathy-behavioral.md",
"MEMORY.md → Architecture Overlay Incident (model_brain.py 227→354 LOC from \"fixes\" — never patch, fix root formulas)", "Architecture Overlay Incident (model_brain.py 227→354 LOC from \"fixes\" — never patch, fix root formulas)",
] ]
[taxonomy] [taxonomy]

2
_manifests/cost-guardian.toml
View file

@ -13,7 +13,7 @@ You are the cost guardian. Your job is to make sure no paid compute launches wit
verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop \ verified cost estimate, a checked dashboard, and a clean head-room calculation. You stop \
runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do \ runaway spend before it starts. You are READ-ONLY: you emit a GO/NO-GO report card; you do \
NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident \ NOT launch jobs yourself (hand back to user or `ml-implementer`). **The $98.78 Modal incident \
(2026-02-26)** is the cautionary tale: prices guessed not verified, silent retries \ ** is the cautionary tale: prices guessed not verified, silent retries \
re-billing, file changes never confirmed, dashboard never checked. Every protocol below \ re-billing, file changes never confirmed, dashboard never checked. Every protocol below \
exists because of that day never again. exists because of that day never again.
""" """

6
_manifests/infra-implementer.toml
View file

@ -100,9 +100,9 @@ extra = [
"path:user-rules/git-conventions.md", "path:user-rules/git-conventions.md",
"path:user-rules/dev-workflow.md", "path:user-rules/dev-workflow.md",
"path:user-memory/security-restricted-projects.md", "path:user-memory/security-restricted-projects.md",
"MEMORY.md → Compute Cost Incident (2026-02-26): $98.78 Modal overrun — no dashboard check, unverified prices.", "Compute Cost Incident: $98.78 Modal overrun — no dashboard check, unverified prices.",
"MEMORY.md → Recruiter shared-EC2 risk (<ec2-instance-id> shared with 3 projects, default SECRET_KEY, no CSRF).", "Recruiter shared-EC2 risk (<ec2-instance-id> shared with 3 projects, default SECRET_KEY, no CSRF).",
"MEMORY.md → CloudSync 146 GB bloat: two duplicate LaunchAgents both writing logs. Scan for duplicates before adding infra.", "CloudSync 146 GB bloat: two duplicate LaunchAgents both writing logs. Scan for duplicates before adding infra.",
] ]
[taxonomy] [taxonomy]

4
_manifests/ml-implementer.toml
View file

@ -113,8 +113,8 @@ extra = [
"path:user-rules/manifold-tangent-sanity.md", "path:user-rules/manifold-tangent-sanity.md",
"path:user-rules/no-downgrade-constructive.md", "path:user-rules/no-downgrade-constructive.md",
"path:user-memory/wrong-paths-specialized-ml.md", # TODO verify path:user-memory exists in assembler resolver "path:user-memory/wrong-paths-specialized-ml.md", # TODO verify path:user-memory exists in assembler resolver
"MEMORY.md → Compute Cost Incident (2026-02-26): promised $27, spent $98.78 on Modal. NEVER AGAIN.", "Compute Cost Incident: promised $27, spent $98.78 on Modal. NEVER AGAIN.",
"MEMORY.md → Architecture Overlay Incident: model_brain.py 227→354 LOC from audit fixes. No Patching.", "Architecture Overlay Incident: model_brain.py 227→354 LOC from audit fixes. No Patching.",
] ]
[taxonomy] [taxonomy]

4
_manifests/modal-runner.toml
View file

@ -12,11 +12,11 @@ role = """
You are the Modal compute orchestrator. You launch Modal jobs safely, observe them well, and NEVER \ You are the Modal compute orchestrator. You launch Modal jobs safely, observe them well, and NEVER \
burn money or kill running work. Two incidents shape every rule below. burn money or kill running work. Two incidents shape every rule below.
$98.78 Modal Incident (2026-02-26): promised $27, spent $98.78 in one session. Prices guessed not \ $98.78 Modal Incident: promised $27, spent $98.78 in one session. Prices guessed not \
verified, failed retries silently re-billed, file changes never confirmed, dashboard never checked. \ verified, failed retries silently re-billed, file changes never confirmed, dashboard never checked. \
Every cost rule exists because of that day. Every cost rule exists because of that day.
anti-stop guard Incident (2026-03-29): stopped a 1.4-hour training run for a non-critical bug. Cost: \ anti-stop guard Incident: stopped a 1.4-hour training run for a non-critical bug. Cost: \
1.4 hours A10G + restart + re-warmup. Every kill rule exists because of that day. 1.4 hours A10G + restart + re-warmup. Every kill rule exists because of that day.
Cost tiers: <$5 per run AUTO; $5-$20 WARN + daily-cap check ($20/day session); >$20 STOP \ Cost tiers: <$5 per run AUTO; $5-$20 WARN + daily-cap check ($20/day session); >$20 STOP \

4
docs/encyclopedia/hooks-and-blocks.md
View file

@ -32,8 +32,8 @@ All hooks live under `hooks/` directory. Format: `| Hook Name | Event | Severity
| Hook | Event | Severity | Purpose | Bypass Env | | Hook | Event | Severity | Purpose | Bypass Env |
|------|-------|----------|---------|-----------| |------|-------|----------|---------|-----------|
| no-github-push.sh | PreToolUse:Bash | block | Prevent pushing KeiTech patent IP to github.com — destroys priority date | KEI_NO_GITHUB_PUSH_BYPASS | | no-github-push.sh | PreToolUse:Bash | block | Block accidental push / repo-create to github.com (opt-in; for code kept on a private remote) | KEI_NO_GITHUB_PUSH_BYPASS |
| no-python-without-approval.sh | PreToolUse:Bash | block | Enforce RULE 0.2 (Rust first) — Python requires exception justification | none | | no-python-without-approval.sh | PreToolUse:Bash | block | Optional Rust-first policy — Python requires explicit justification (opt-in, stack-gated) | none |
| rust-first.sh | UserPromptSubmit | remind | Remind about Rust-first default for new work | none | | rust-first.sh | UserPromptSubmit | remind | Remind about Rust-first default for new work | none |
| secrets-pre-guard.sh | PreToolUse:Edit\|Write | block | Detect hardcoded API keys, tokens, private keys before commit | KEI_SECRETS_GUARD_BYPASS | | secrets-pre-guard.sh | PreToolUse:Edit\|Write | block | Detect hardcoded API keys, tokens, private keys before commit | KEI_SECRETS_GUARD_BYPASS |
| destructive-guard.sh | PreToolUse:Bash | block | Block dangerous commands (rm -rf /, git reset --hard main, truncate) | none | | destructive-guard.sh | PreToolUse:Bash | block | Block dangerous commands (rm -rf /, git reset --hard main, truncate) | none |

6
hooks/check-error-patterns.sh
View file

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# DELETED — 2026-05-02 # DELETED — 2026-05-02
# Reasons: # Reasons:
# 1. Hardcoded path leak: /Users/denis/projects/ai machine learning/error-patterns.json # 1. Hardcoded absolute path leak (machine-specific, author-local)
# 2. RULE 0.2 violation: used python3 for JSON parsing # 2. Language-policy violation: used python3 for JSON parsing
# 3. No-op on every machine except original author's # 3. No-op on every machine except the original author's
# Removed from settings-snippet.json PostToolUse matcher "*" block. # Removed from settings-snippet.json PostToolUse matcher "*" block.
exit 0 exit 0

2
hooks/graph-export-watcher.sh
View file

@ -3,7 +3,7 @@
# Bypass: GRAPH_EXPORT_BYPASS=1 # Bypass: GRAPH_EXPORT_BYPASS=1
INTERVAL="${KEI_GRAPH_EXPORT_INTERVAL_S:-5}" INTERVAL="${KEI_GRAPH_EXPORT_INTERVAL_S:-5}"
OUT="${KEI_GRAPH_VIZ_DIR:-$HOME/Projects/lbm-graph-viz}/data-runtime.js" OUT="${KEI_GRAPH_VIZ_DIR:-$HOME/.local/share/kei/graph-viz}/data-runtime.js"
BIN="$(command -v kei-graph-export 2>/dev/null || echo "$HOME/.cargo/bin/kei-graph-export")" BIN="$(command -v kei-graph-export 2>/dev/null || echo "$HOME/.cargo/bin/kei-graph-export")"
[ -x "$BIN" ] || exit 0 [ -x "$BIN" ] || exit 0

19
hooks/no-github-push.sh
View file

@ -1,9 +1,10 @@
#!/bin/sh #!/bin/sh
# no-github-push.sh — PreToolUse:Bash hard deny (RULE 0.1 NO GITHUB PUSH) # no-github-push.sh — PreToolUse:Bash hard deny.
# #
# Blocks any Bash command that would push code to github.com. # Blocks any Bash command that would push code or create a repo on github.com.
# KeiTech portfolio contains unfiled patent IP — a public push destroys # Opt-in guard for teams that keep proprietary code on a private remote
# priority date and trade secrets. Irrecoverable. # (Forgejo / Gitea / self-hosted) and want a hard stop against an accidental
# public push. Off by default in the public kit — enable it in onboarding.
# #
# Exit codes: # Exit codes:
# 0 = pass (command is safe) # 0 = pass (command is safe)
@ -69,18 +70,16 @@ fi
# --- Block ------------------------------------------------------------------ # --- Block ------------------------------------------------------------------
cat >&2 <<'EOF' cat >&2 <<'EOF'
[no-github-push] BLOCK — RULE 0.1 NO GITHUB PUSH [no-github-push] BLOCK — push to github.com is disabled by this guard.
KeiTech portfolio contains unfiled patent IP. Public push destroys This checkout is configured to stay on a private remote; a public push
priority date + trade secrets. Irrecoverable. could expose code you intend to keep private.
Use a private remote instead (Forgejo, Gitea, self-hosted): Use your private remote instead (Forgejo, Gitea, self-hosted):
git remote set-url origin ssh://git@<private-host>/<user>/<repo>.git git remote set-url origin ssh://git@<private-host>/<user>/<repo>.git
git push origin <branch> git push origin <branch>
Bypass (visible, per-call): Bypass (visible, per-call):
Set env KEI_NO_GITHUB_PUSH_BYPASS=1 before the command. Set env KEI_NO_GITHUB_PUSH_BYPASS=1 before the command.
You must also add confirmation phrase: "yes, push patent code to github"
+ "confirm publication" in the session turn.
EOF EOF
exit 2 exit 2

2
skills/ci-scaffold/phase-1-intake.md
View file

@ -27,7 +27,7 @@ Store the reply verbatim as `REPO`.
} }
``` ```
Store as `PLATFORM`. If `Both` is selected, emit a one-line confirm: "You understand — only non-patent code ever pushes to GitHub?" and wait for a `y` typed reply before proceeding. Store as `PLATFORM`. If `Both` is selected, emit a one-line confirm: "You understand — only public-safe code ever pushes to GitHub?" and wait for a `y` typed reply before proceeding.
## 1c — Languages click (AskUserQuestion, multi-select) ## 1c — Languages click (AskUserQuestion, multi-select)