From 954b8c1f3e36d1a1cb072125073a37cbd20b1b73 Mon Sep 17 00:00:00 2001 From: Parfii-bot Date: Thu, 23 Apr 2026 19:20:16 +0800 Subject: [PATCH] sanitize: remove patent-metadata from main tree (Tier 1+2+3) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pre-public-launch cleanup. 17 files touched. Grep verification confirms only Tier 4 (intentional GTM attribution) remains: README + docs/PHILOSOPHY credit to Denis Parfionovich / KeiLab. ## Tier 1 — INFRA-LEAKS (4 targets, 1 file) - _blocks/ci-forgejo-actions.md: Tailscale IPs 100.91.246.53 removed, kgl-runner-01 → my-runner-01, SSH fingerprint line deleted, Forgejo topology description generalised to "private interface" ## Tier 2 — PATENT-FLAG PROSE (4 files, ~10 edits) - _manifests/kei-{modal-runner,ml-implementer,infra-implementer}.toml: "proprietary/non-public-deploy" → "private/non-public-deploy" - _blocks/ci-forgejo-actions.md: RULE 0.1 sensitive IP references softened to generic "sensitive IP / compliance / air-gap" framing ## Tier 3 — INTERNAL PROJECT NAMES (8 files) - kei-provision/tests/backend_smoke.rs: kgl-* fixtures → test-srv-*/test-vultr - kei-auth/tests/integration.rs: project: "kgl" → "demo" - kei-memory/src/coaccess.rs: "PROJECT-C/Genesis" origin → "in-house implementation" - _primitives/{tomd.sh,README.md}: PROJECT-D provenance removed - _bridges/README.md: PROJECT-D cross-ref line deleted - skills/site-create/: keiagent/fal.ai → generic AI-asset generator - skills/self-audit/: hardcoded project paths → ~/Projects/my-project - skills/compose-solution/: hardcoded ~/Projects/PROJECT-E → ${KEISEI_BUNDLE_PATH:-} env-conditional lookup - skills/sleep-setup/: forgejo.example.com → forgejo.example.com ## Phase 2 — Regenerated 3 root .md (Option B manual) Assembler invocation blocked by sandbox; fell back to manual Edit on kei-ml-implementer.md + kei-infra-implementer.md + kei-modal-runner.md with same Tier-2 replacements as their source manifests. ## Known residual (Phase 3 pending user decision) Git history still contains 619+ patent-term hits (pre-rewrite). Filter-repo on /tmp/keisei-mirror.git prepared by separate agent; force-push pending user approval because `genesis-scan` / `genesis-leak-guard` are intentional kit features — naive rewrite would break them. Co-Authored-By: Claude Opus 4.7 (1M context) --- _blocks/ci-forgejo-actions.md | 12 +++++------- _bridges/README.md | 2 -- _manifests/kei-infra-implementer.toml | 12 ++++++------ _manifests/kei-ml-implementer.toml | 2 +- _manifests/kei-modal-runner.toml | 2 +- _primitives/README.md | 6 +++--- _primitives/_rust/kei-auth/tests/integration.rs | 4 ++-- _primitives/_rust/kei-memory/src/coaccess.rs | 2 +- .../_rust/kei-provision/tests/backend_smoke.rs | 16 ++++++++-------- _primitives/tomd.sh | 2 +- kei-infra-implementer.md | 12 ++++++------ kei-ml-implementer.md | 2 +- kei-modal-runner.md | 2 +- skills/compose-solution/phase-3-prior-art.md | 11 ++++++++--- skills/self-audit/phase-3-present.md | 5 ++--- skills/site-create/phase-1-design.md | 4 ++-- skills/sleep-setup/phase-2-repo-url.md | 2 +- 17 files changed, 49 insertions(+), 49 deletions(-) diff --git a/_blocks/ci-forgejo-actions.md b/_blocks/ci-forgejo-actions.md index 8b01504..7d1f1f0 100644 --- a/_blocks/ci-forgejo-actions.md +++ b/_blocks/ci-forgejo-actions.md @@ -1,6 +1,6 @@ # CI — Forgejo Actions (self-hosted, Tailscale-only admin) -Forgejo Actions is GitHub-Actions compatible at the workflow-syntax layer (derived from Gitea Actions, which re-uses the `actions/*` runtime via `act`). A workflow that runs on GH usually runs on Forgejo with only the runner labels and registry URLs changed. Pair with RULE 0.1 — KeiGit repos MUST stay on private Forgejo, never mirror to github.com. +Forgejo Actions is GitHub-Actions compatible at the workflow-syntax layer (derived from Gitea Actions, which re-uses the `actions/*` runtime via `act`). A workflow that runs on GH usually runs on Forgejo with only the runner labels and registry URLs changed. Good fit for any repo that must stay on private hosting (sensitive IP, compliance, air-gap). ## Layout @@ -19,8 +19,8 @@ Registration: ```bash forgejo-runner register \ --no-interactive \ - --instance http://100.91.246.53:3000 \ - --name kgl-runner-01 \ + --instance http://:3000 \ + --name my-runner-01 \ --labels "self-hosted,linux,x64,docker" \ --token "$FORGEJO_RUNNER_TOKEN" # from secrets/runner.env (RULE 0.8) ``` @@ -45,9 +45,7 @@ Workaround for OIDC: for cloud deploys from Forgejo, prefer short-lived STS toke ## Tailscale-only admin posture -Forgejo Web UI is http://100.91.246.53:3000, SSH is `ssh://git@100.91.246.53:2222/...`. Both on Tailscale CGNAT. NEVER bind Forgejo to a public IP — runner tokens, PATs, and repo contents are unfiled patent IP (RULE 0.1). - -Key fingerprint for the existing KeiGit host: `SHA256:TxHcs7YuEZiy4Gu0yZOoVidVqlvj8TPC+QgUGjmh0Mw` labelled `macbook`. +Forgejo bound to a private interface (Tailscale/Wireguard/VPC); pick an address + SSH port per your topology. NEVER bind Forgejo to a public IP — runner tokens, PATs, and repo contents are all harvestable from a publicly-reachable instance. ## Secrets @@ -57,5 +55,5 @@ Forgejo repo secrets (`Repo → Settings → Actions → Secrets`) mirror GH sec - Exposing Forgejo port 3000 or 2222 on a public IP - Running `forgejo-runner` on a host that is also a production application node -- Mirroring a KeiGit repo to github.com to "get free CI" (RULE 0.1) +- Mirroring a private Forgejo repo to github.com to "get free CI" — if any project rule forbids a github remote, the mirror violates it transitively - Hard-coded runner tokens in workflow YAML (always `${{ secrets.* }}`) diff --git a/_bridges/README.md b/_bridges/README.md index 7470877..036c80c 100644 --- a/_bridges/README.md +++ b/_bridges/README.md @@ -17,5 +17,3 @@ Tool-agnostic coding-rules templates, rendered into any project via `_bridges/em | `replit.tmpl` | `replit.md` | Render: `_bridges/emit.sh [project-name] [project-description]`. Idempotent — existing files are skipped. - -Cross-ref: KeiAgent is the personal-CLI predecessor that also ships these templates (verified against vendor docs 2026-04). diff --git a/_manifests/kei-infra-implementer.toml b/_manifests/kei-infra-implementer.toml index bf5c17d..98ea817 100644 --- a/_manifests/kei-infra-implementer.toml +++ b/_manifests/kei-infra-implementer.toml @@ -3,7 +3,7 @@ # Edit THIS file, not the generated .md. name = "kei-infra-implementer" -description = "Infrastructure code, deploys, CI/CD, secrets management, container/IaC. Per-project credential isolation, banned-deploy enforcement, Self-Sufficiency Protocol, cost guard on paid compute." +description = "Infrastructure code, deploys, CI/CD, secrets management, container/IaC. Per-project credential isolation, non-public-deploy enforcement, Self-Sufficiency Protocol, cost guard on paid compute." tools = ["Glob", "Grep", "Read", "Edit", "Write", "Bash", "Agent"] model = "opus" @@ -16,7 +16,7 @@ substrate_role = "edit-local" role = """ You are a senior infrastructure engineer. You write deploy scripts, CI/CD pipelines, container/IaC \ definitions, and secrets management code, enforcing per-project credential isolation, the \ -banned-deploy list, the Self-Sufficiency Protocol, and API Cost Guard on every paid surface. You \ +non-public-deploy list, the Self-Sufficiency Protocol, and API Cost Guard on every paid surface. You \ are NOT an ML trainer (hand off to `kei-ml-implementer`), NOT a generic code writer (hand off to \ `kei-code-implementer`). Your output is production infrastructure with `.env`-gitignored secrets, \ Self-Sufficient API permissions set up once, verification commands passing, and \ @@ -36,7 +36,7 @@ blocks = [ domain_in = [ "Writing deploy scripts, CI/CD pipelines, Dockerfiles, Terraform/Pulumi IaC, secrets management code", "Per-project credential isolation — one project = one credential set, NO shared keys across projects", - "Banned-deploy enforcement — consult your project's banned-list doc BEFORE any public-surface deploy", + "Non-public-deploy enforcement — consult your project's non-public-deploy list doc BEFORE any public-surface deploy", "Self-Sufficiency Protocol — compile FULL API-permission list upfront, never ask user for manual dashboard work that the API supports", "Secrets discipline — `.env` gitignored, grep staged files for credential patterns before commit, no plaintext in Terraform state / Dockerfile / CI inline / logs", "Paid-compute cost guard — dashboard balance check, pricing-page verification, single-variant first, 2-min monitor (Modal, AWS, GCP, fal.ai, Apify, ElevenLabs)", @@ -45,9 +45,9 @@ domain_in = [ ] forbidden_domain = [ - "`git push` to a public-hosting remote for any project flagged sensitive (banned-deploy list / proprietary weights / offensive-cyber / kernel-level) — hook will block, do not try to bypass", + "`git push` to a public-hosting remote for any project flagged sensitive (non-public-deploy list / private weights / offensive-cyber / kernel-level) — hook will block, do not try to bypass", "`gh repo create/push/sync` against public hosting; `git remote add/set-url` pointing at public hosting for sensitive projects", - "Public deploy of any project on your banned-deploy list without double explicit confirmation (\"yes, deploy\" + \"I confirm publication\")", + "Public deploy of any project on your non-public-deploy list without double explicit confirmation (\"yes, deploy\" + \"I confirm publication\")", "Sharing credentials across projects (NO reuse of tokens, SSH keys, API keys, service accounts)", "Committing `.env`, `*.pem`, `*.key`, `secrets/`, or any credential file in any form", "`git add -A` — stage specific files only", @@ -65,7 +65,7 @@ forbidden_domain = [ output_extra_fields = [ "Project: ", - "Banned-deploy check: ", + "Non-public-deploy check: ", "Plan: resources / order / rollback (1 command if possible) / cost+tier", "Credentials: project-isolated yes/no, shared-infra risks, Self-Sufficiency full perm list requested upfront", "Secrets layout: `.env` abs path, `.gitignore` covers yes/no, pre-commit scan ", diff --git a/_manifests/kei-ml-implementer.toml b/_manifests/kei-ml-implementer.toml index 950d6d9..19d10bb 100644 --- a/_manifests/kei-ml-implementer.toml +++ b/_manifests/kei-ml-implementer.toml @@ -62,7 +62,7 @@ forbidden_domain = [ "Cherry-picking single held-out subject/env as the headline number — cross-validation mean±std required", "Joint monolithic training when per-node supervision signals exist (use specialized-node training)", "Exploration from scratch when a published baseline exists in the env package (search `baselines_*/`, `checkpoints/`, `pretrained/` first)", - "`git push` to public-hosting — ML weights and architectures may be proprietary / banned-deploy IP", + "`git push` to public-hosting — ML weights and architectures may be private / non-public-deploy", ] output_extra_fields = [ diff --git a/_manifests/kei-modal-runner.toml b/_manifests/kei-modal-runner.toml index 585cf10..2803e1c 100644 --- a/_manifests/kei-modal-runner.toml +++ b/_manifests/kei-modal-runner.toml @@ -67,7 +67,7 @@ forbidden_domain = [ "`.map(return_exceptions=False)` for batch spawning — cascade kill on single failure", "Restarting \"for cleanliness\" when current run is producing checkpoints — fix the script for next launch", "A bug in the launching script is NOT a reason to kill a running training run", - "`git push` to public-hosting for training scripts from projects flagged sensitive (proprietary-weights / banned-deploy list)", + "`git push` to public-hosting for training scripts flagged sensitive (private weights / non-public-deploy list)", ] # Agent-specific output fields (appended to standard report shape) diff --git a/_primitives/README.md b/_primitives/README.md index dcc1548..a1b63ff 100644 --- a/_primitives/README.md +++ b/_primitives/README.md @@ -11,9 +11,9 @@ programs installed at `$HOME/.claude/agents/_primitives/` by `install.sh`. |---|---|---| | `tomd.sh` | Universal non-native-format → markdown converter (PDF, DOCX, XLSX, PPTX, CSV, images, code). | `~/.claude/agents/_primitives/tomd.sh ` | -`tomd.sh` is ported from the KeiAgent project (user's personal CLI -predecessor) `bin/keiagent-tomd` — same format matrix, KeiSeiKit-style -error tags (`[tomd]`), configurable cache directory (`KEISEI_TOMD_CACHE`). +`tomd.sh` is a first-class primitive. Universal non-native-format → +markdown converter with configurable cache directory +(`KEISEI_TOMD_CACHE`) and KeiSeiKit-style error tags (`[tomd]`). ## Hook integration diff --git a/_primitives/_rust/kei-auth/tests/integration.rs b/_primitives/_rust/kei-auth/tests/integration.rs index 645d78c..122ac93 100644 --- a/_primitives/_rust/kei-auth/tests/integration.rs +++ b/_primitives/_rust/kei-auth/tests/integration.rs @@ -7,10 +7,10 @@ const KEY: &[u8] = b"test-key-must-not-be-used-in-production"; #[test] fn issue_and_verify() { let conn = open_memory().unwrap(); - let tok = issue(&conn, "alice", "kgl", Scope::Write, 3600, KEY).unwrap(); + let tok = issue(&conn, "alice", "demo", Scope::Write, 3600, KEY).unwrap(); let out = verify(&conn, &tok, KEY).unwrap(); assert_eq!(out.user_id, "alice"); - assert_eq!(out.project, "kgl"); + assert_eq!(out.project, "demo"); assert_eq!(out.scope, Scope::Write); } diff --git a/_primitives/_rust/kei-memory/src/coaccess.rs b/_primitives/_rust/kei-memory/src/coaccess.rs index 86c4478..7338bc6 100644 --- a/_primitives/_rust/kei-memory/src/coaccess.rs +++ b/_primitives/_rust/kei-memory/src/coaccess.rs @@ -1,7 +1,7 @@ //! Co-access tracking — files touched within a 5-minute window. //! //! Constructor Pattern: one cube, single responsibility. -//! Derived from KeiMD/src/ml.rs (2026-04-22 verified Genesis-clean). +//! Derived from an in-house implementation, algorithmic spec documented in coaccess.md. //! Key difference: session-id isn't part of the coaccess PK — we aggregate //! across sessions so cross-session recurrences surface in `patterns`. diff --git a/_primitives/_rust/kei-provision/tests/backend_smoke.rs b/_primitives/_rust/kei-provision/tests/backend_smoke.rs index 576ab9f..4809e56 100644 --- a/_primitives/_rust/kei-provision/tests/backend_smoke.rs +++ b/_primitives/_rust/kei-provision/tests/backend_smoke.rs @@ -64,7 +64,7 @@ fn prep_env(dir: &Path, token_var: &str) { const HETZNER_DESCRIBE: &str = r#"{ "id": 42, - "name": "kgl-test", + "name": "test-srv-a", "status": "running", "public_net": { "ipv4": { "ip": "1.2.3.4" } }, "server_type": { "name": "cx22" }, @@ -74,13 +74,13 @@ const HETZNER_DESCRIBE: &str = r#"{ const HETZNER_LIST: &str = r#"[ { "id": 42, - "name": "kgl-a", + "name": "test-srv-a", "status": "running", "public_net": { "ipv4": { "ip": "1.2.3.4" } } }, { "id": 43, - "name": "kgl-b", + "name": "test-srv-b", "status": "running", "public_net": { "ipv4": { "ip": "5.6.7.8" } } } @@ -90,7 +90,7 @@ const VULTR_LIST: &str = r#"{ "instances": [ { "id": "abc-123", - "label": "kgl-vultr", + "label": "test-vultr", "status": "active", "power_status": "running", "main_ip": "9.8.7.6", @@ -108,8 +108,8 @@ fn hetzner_status_parses_ipv4_and_id() { prep_env(dir.path(), "HCLOUD_TOKEN"); let b = resolve("hetzner").unwrap(); - let info = b.status("kgl-test").unwrap().expect("server present"); - assert_eq!(info.name, "kgl-test"); + let info = b.status("test-srv-a").unwrap().expect("server present"); + assert_eq!(info.name, "test-srv-a"); assert_eq!(info.id, "42"); assert_eq!(info.ipv4.as_deref(), Some("1.2.3.4")); assert_eq!(info.status, "running"); @@ -136,7 +136,7 @@ fn hetzner_list_parses_array() { let b = resolve("hetzner").unwrap(); let servers = b.list().unwrap(); assert_eq!(servers.len(), 2); - assert_eq!(servers[0].name, "kgl-a"); + assert_eq!(servers[0].name, "test-srv-a"); assert_eq!(servers[1].ipv4.as_deref(), Some("5.6.7.8")); } @@ -148,7 +148,7 @@ fn vultr_status_matches_label() { prep_env(dir.path(), "VULTR_API_KEY"); let b = resolve("vultr").unwrap(); - let info = b.status("kgl-vultr").unwrap().expect("found"); + let info = b.status("test-vultr").unwrap().expect("found"); assert_eq!(info.id, "abc-123"); assert_eq!(info.ipv4.as_deref(), Some("9.8.7.6")); assert_eq!(info.status, "active"); diff --git a/_primitives/tomd.sh b/_primitives/tomd.sh index c66dbc2..571cc8a 100755 --- a/_primitives/tomd.sh +++ b/_primitives/tomd.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash # tomd — universal non-native-format → markdown converter. -# Ported from ~/Projects/KeiAgent/bin/keiagent-tomd. First-class primitive. +# First-class primitive. Universal non-native-format → markdown converter. # Install path: $HOME/.claude/agents/_primitives/tomd.sh. # Deps: pandoc, python3, jq. Optional: pymupdf4llm, openpyxl, tesseract. diff --git a/kei-infra-implementer.md b/kei-infra-implementer.md index 99836c9..30267c5 100644 --- a/kei-infra-implementer.md +++ b/kei-infra-implementer.md @@ -1,6 +1,6 @@ --- name: kei-infra-implementer -description: Infrastructure code, deploys, CI/CD, secrets management, container/IaC. Per-project credential isolation, banned-deploy enforcement, Self-Sufficiency Protocol, cost guard on paid compute. +description: Infrastructure code, deploys, CI/CD, secrets management, container/IaC. Per-project credential isolation, non-public-deploy enforcement, Self-Sufficiency Protocol, cost guard on paid compute. tools: Glob, Grep, Read, Edit, Write, Bash, Agent model: opus --- @@ -9,7 +9,7 @@ model: opus # ROLE -You are a senior infrastructure engineer. You write deploy scripts, CI/CD pipelines, container/IaC definitions, and secrets management code, enforcing per-project credential isolation, the banned-deploy list, the Self-Sufficiency Protocol, and API Cost Guard on every paid surface. You are NOT an ML trainer (hand off to `kei-ml-implementer`), NOT a generic code writer (hand off to `kei-code-implementer`). Your output is production infrastructure with `.env`-gitignored secrets, Self-Sufficient API permissions set up once, verification commands passing, and `memory/{project}.md` updated with endpoints and credentials refs. +You are a senior infrastructure engineer. You write deploy scripts, CI/CD pipelines, container/IaC definitions, and secrets management code, enforcing per-project credential isolation, the non-public-deploy list, the Self-Sufficiency Protocol, and API Cost Guard on every paid surface. You are NOT an ML trainer (hand off to `kei-ml-implementer`), NOT a generic code writer (hand off to `kei-code-implementer`). Your output is production infrastructure with `.env`-gitignored secrets, Self-Sufficient API permissions set up once, verification commands passing, and `memory/{project}.md` updated with endpoints and credentials refs. # AGENT SUBSTRATE — role `edit-local` @@ -332,7 +332,7 @@ Counter: each FAILED attempt on the SAME problem = +1. Success = reset. **In:** - Writing deploy scripts, CI/CD pipelines, Dockerfiles, Terraform/Pulumi IaC, secrets management code - Per-project credential isolation — one project = one credential set, NO shared keys across projects -- Banned-deploy enforcement — consult your project's banned-list doc BEFORE any public-surface deploy +- Non-public-deploy enforcement — consult your project's non-public-deploy list doc BEFORE any public-surface deploy - Self-Sufficiency Protocol — compile FULL API-permission list upfront, never ask user for manual dashboard work that the API supports - Secrets discipline — `.env` gitignored, grep staged files for credential patterns before commit, no plaintext in Terraform state / Dockerfile / CI inline / logs - Paid-compute cost guard — dashboard balance check, pricing-page verification, single-variant first, 2-min monitor (Modal, AWS, GCP, fal.ai, Apify, ElevenLabs) @@ -368,7 +368,7 @@ Verify: Evidence grades: Handoffs made: Project: -Banned-deploy check: +Non-public-deploy check: Plan: resources / order / rollback (1 command if possible) / cost+tier Credentials: project-isolated yes/no, shared-infra risks, Self-Sufficiency full perm list requested upfront Secrets layout: `.env` abs path, `.gitignore` covers yes/no, pre-commit scan @@ -379,9 +379,9 @@ Blockers / next: # FORBIDDEN -- `git push` to a public-hosting remote for any project flagged sensitive (banned-deploy list / proprietary weights / offensive-cyber / kernel-level) — hook will block, do not try to bypass +- `git push` to a public-hosting remote for any project flagged sensitive (non-public-deploy list / private weights / offensive-cyber / kernel-level) — hook will block, do not try to bypass - `gh repo create/push/sync` against public hosting; `git remote add/set-url` pointing at public hosting for sensitive projects -- Public deploy of any project on your banned-deploy list without double explicit confirmation ("yes, deploy" + "I confirm publication") +- Public deploy of any project on your non-public-deploy list without double explicit confirmation ("yes, deploy" + "I confirm publication") - Sharing credentials across projects (NO reuse of tokens, SSH keys, API keys, service accounts) - Committing `.env`, `*.pem`, `*.key`, `secrets/`, or any credential file in any form - `git add -A` — stage specific files only diff --git a/kei-ml-implementer.md b/kei-ml-implementer.md index 3d8aecb..972c412 100644 --- a/kei-ml-implementer.md +++ b/kei-ml-implementer.md @@ -432,7 +432,7 @@ Blockers / next: - Cherry-picking single held-out subject/env as the headline number — cross-validation mean±std required - Joint monolithic training when per-node supervision signals exist (use specialized-node training) - Exploration from scratch when a published baseline exists in the env package (search `baselines_*/`, `checkpoints/`, `pretrained/` first) -- `git push` to public-hosting — ML weights and architectures may be proprietary / banned-deploy IP +- `git push` to public-hosting — ML weights and architectures may be private / non-public-deploy # REFERENCES diff --git a/kei-modal-runner.md b/kei-modal-runner.md index de9a772..5bf0b7b 100644 --- a/kei-modal-runner.md +++ b/kei-modal-runner.md @@ -389,7 +389,7 @@ Blockers / next: - `.map(return_exceptions=False)` for batch spawning — cascade kill on single failure - Restarting "for cleanliness" when current run is producing checkpoints — fix the script for next launch - A bug in the launching script is NOT a reason to kill a running training run -- `git push` to public-hosting for training scripts from projects flagged sensitive (proprietary-weights / banned-deploy list) +- `git push` to public-hosting for training scripts flagged sensitive (private weights / non-public-deploy list) # REFERENCES diff --git a/skills/compose-solution/phase-3-prior-art.md b/skills/compose-solution/phase-3-prior-art.md index c83ec8b..9a9e383 100644 --- a/skills/compose-solution/phase-3-prior-art.md +++ b/skills/compose-solution/phase-3-prior-art.md @@ -20,11 +20,16 @@ grep -rinlE '' \ ## 3b — Personal bundle reuse (conditional, skip on missing) +If the environment variable `KEISEI_BUNDLE_PATH` is set and the directory +exists, grep prior art there. Otherwise skip Layer B. Do not hard-code +any path — the bundle is user-specific. + ```bash -if [ -d ~/Projects/KeiSeiBundle ]; then - grep -rinlE '' ~/Projects/KeiSeiBundle/ 2>/dev/null | head -20 +bundle="${KEISEI_BUNDLE_PATH:-}" +if [ -n "$bundle" ] && [ -d "$bundle" ]; then + grep -rinlE '' "$bundle" 2>/dev/null | head -20 else - echo "KeiSeiBundle: absent — skipping layer B" + echo "personal bundle: absent (KEISEI_BUNDLE_PATH unset or missing) — skipping layer B" fi ``` diff --git a/skills/self-audit/phase-3-present.md b/skills/self-audit/phase-3-present.md index 45e65b2..0ec8aac 100644 --- a/skills/self-audit/phase-3-present.md +++ b/skills/self-audit/phase-3-present.md @@ -15,9 +15,8 @@ This is the RULE 0.14 silent-first contract. Do NOT prompt the user. ## 3b — Patent-IP guard -If CWD sits under a banned project (`~/Projects/KeiLab`, `~/Projects/keinet`, -`~/Projects/keidog`, `~/Projects/vortex`, `~/Projects/neuralcloak`, -`~/Projects/KGL`) OR a `CLAUDE.md` in CWD contains a banned-marker line +If CWD sits under a banned project (`~/Projects/my-project`) OR a +`CLAUDE.md` in CWD contains a banned-marker line matching `/banned-project|patent-ip/i`: - Log every finding to backlog with `[SELF-AUDIT OFFLINE]` prefix. diff --git a/skills/site-create/phase-1-design.md b/skills/site-create/phase-1-design.md index 3b0e203..8a6b623 100644 --- a/skills/site-create/phase-1-design.md +++ b/skills/site-create/phase-1-design.md @@ -34,8 +34,8 @@ Depending on `BRAND` from Phase 0: - **I'll provide** — ask free-text once for the logo path + 2-3 hex colors. Convert hex to OKLCH before writing into tokens. -- **Generate with AI** — fan out to an external image-gen service via - `keiagent`/`fal.ai` (skill-agnostic; the generator is not part of this +- **Generate with AI** — fan out to an optional AI-asset generator of + your choice (skill-agnostic; the generator is not part of this pipeline's required deps). Save to `public/brand/logo.svg` (or .png). - **Minimal** — emit a text-only logo placeholder; no image asset. diff --git a/skills/sleep-setup/phase-2-repo-url.md b/skills/sleep-setup/phase-2-repo-url.md index 8b83858..7899fbb 100644 --- a/skills/sleep-setup/phase-2-repo-url.md +++ b/skills/sleep-setup/phase-2-repo-url.md @@ -32,7 +32,7 @@ Invalid SSH URL. Expected shape: git@:/.git Examples: git@github.com:alice/kei-memory.git git@gitlab.com:alice/devops/kei-memory.git - git@forgejo.keisei.app:alice/kei-memory.git + git@forgejo.example.com:alice/kei-memory.git ``` Re-emit the same `AskUserQuestion`. Up to 3 attempts; on the 3rd failure