keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/_blocks/deploy-local-only.md
Parfii-bot 4859e1cdf7 refactor: remove restricted-scope agents and blocks from public kit 
Strip all patent-related tooling from the generic kit so it can ship
publicly under MIT without leaking sensitive IP. restricted-scope agents,
blocks, and skill conditionals live in the private PROJECT-E.

Deleted (5 files):
- _manifests/kei-patent-compliance.toml
- _manifests/kei-patent-researcher.toml
- _blocks/domain-sensitive IP-aware.md
- _assembler/tests/fixtures/_manifests/kei-patent-compliance.toml
- _assembler/tests/snapshots/kei-patent-compliance.snap

Cross-reference cleanup:
- 6 manifests: remove kei-patent-* handoffs and "sensitive IP" forbidden lines
- _blocks/deploy-local-only.md: drop sensitive IP rationale, keep ML weights /
  offensive / kernel / client-confidential banned-public triggers
- skills/research/SKILL.md: drop patent-angle-scanner + "Patent angles" section
- skills/new-agent/SKILL.md: drop Q5 (patent), renumber Q6→Q5 Q7→Q6
- README.md: drop 2 restricted agents rows, renumber wizard questions 5-7→5-6,
  update counts 34→33 blocks / 14→12 agents
- _assembler/tests/golden.rs: remove golden_patent_compliance test
- _assembler/tests/roundtrip.rs: swap kei-patent-compliance fixture to
  kei-cost-guardian for double-assembly determinism test
- _assembler/tests/fixtures/_manifests/kei-researcher.toml + snapshot:
  remove kei-patent-researcher handoff

Tests: 21 → 20 integration tests, all passing. Grep for "patent" in
main tree returns zero hits outside .claude/worktrees.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 19:07:02 +08:00

1.5 KiB
Raw Blame History

DEPLOY — LOCAL ONLY (sensitive / pre-disclosure project)

Use this block for any project that CANNOT be publicly deployed — typical triggers: proprietary ML weights/architectures you don't want in public training corpora, security tooling that burns its own usefulness on exposure, kernel-level code, client-confidential codebases.

Hard forbidden (no matter how small the change):

  • Public-URL share pages / static HTML dumps to public hosting
  • Vercel / Netlify / GitHub Pages / Cloudflare Pages public deploy
  • gh repo create public, gh repo edit --visibility public
  • git push to a public remote (GitHub, public GitLab)
  • Publishing architecture diagrams with node counts, param totals, or training configs
  • Public benchmark tables naming this project

Allowed:

  • Private remotes (self-hosted Forgejo/Gitea over SSH on a private network)
  • Tailscale-only internal services
  • Local-only 127.0.0.1 / LAN dev servers
  • .app / .dmg distribution via private channels

Double-confirmation override (both phrases required, in order, exact wording):

  1. "yes, deploy"
  2. "I confirm publication"

No approximations. Informal variants do NOT count. If either phrase is absent, refuse.

Example categories that typically require local-only: censorship-circumvention tooling (public push burns exit-node IPs), ML ensembles with trained weights, control / guidance algorithms, offensive security research.

Report field: "Public-deploy surface touched: none | — double-confirm obtained yes/no."