keisei/KeiSeiKit-1.0
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KeiSeiKit-1.0/skills/sleep-on-it/SKILL.md
Parfii-bot 3759fb0f64 fix(audit-batch): CI green + RULE 0.4/0.16/0.18 honesty pass 
12-agent audit (2 waves Opus+Sonnet, 6 slices each) flagged 3 HIGH-tier
issues that BOTH waves agreed on, plus 5 doc-honesty findings. This
batch fixes the lot.

== CI green (was failing on main 94a7d68) ==

- _primitives/_rust/Cargo.toml — workspace tokio gains `io-std` feature
  (needed by kei-mcp/src/main.rs which calls tokio::io::{stdin,stdout})
- _primitives/_rust/kei-mcp/Cargo.toml — dev-deps tokio gains `test-util`
  feature (needed by tests/tools_call_timeout.rs for tokio::time::advance
  and Builder::start_paused). Both verified locally:
  `cargo check -p kei-mcp` ✓
  `cargo test --no-run -p kei-mcp` ✓ (3 test binaries link)
  [REAL: ran 2026-05-03 in this session]

== HIGH-tier audit fixes (consensus across waves) ==

1. SQLi escape in agent-outcome-backfill.sh:110
   - 4 of 12 agents flagged: TOOL_USE_ID was JSON-derived and
     interpolated raw into SQL. Allowlist on $SHIPPED protected today
     but a future case-statement removal opened the surface.
   - Fix: tiny `_sql_esc` helper that doubles single-quotes (SQL-99
     standard escape), applied to SHIPPED + TOOL_USE_ID. STUBS already
     integer-validated.

2. PRAGMA user_version=9 in install/sql/outcome-only-schema.sql
   - W1 outcome-only critic flagged: the SQL fallback installed a
     v9-equivalent flat schema but left user_version=0. A LATER
     `kei-ledger init` (e.g. when user upgrades to full kit) would
     re-run migrations v1-v9 and ALTER TABLE ADD COLUMN duplicate-error
     mid-migration → broken DB.
   - Fix: set PRAGMA user_version=9 before COMMIT so the binary's
     migration runner sees current ≥ target and short-circuits.

3. backup_file mv→cp + uninstall macOS-portable awk
   - W1+W2 outcome-only flagged: lib-backup.sh uses `mv` which DELETES
     the target before _jq_merge_hooks runs; `|| true` swallowed the
     subsequent jq read-error → silent settings.json loss.
   - Fix in lib-profile-outcome-only.sh: `cp -p` aside, drop `|| true`,
     return 1 on merge failure (trap restores).
   - PROFILE-OUTCOME-ONLY.md uninstall used GNU sed `,+1` extension
     which BSD sed (macOS) does not support — uninstall silently
     no-op'd on macOS, leaving orphan CLAUDE.md text.
   - Fix: replace with portable `awk` recipe; also added `rm -f` for
     the agent-toolstats.jsonl sidecar (privacy completeness).

== Doc honesty pass (RULE 0.18 numerics + RULE 0.4 citations) ==

4. README.md count drift — verified all values against filesystem:
   * 102→105 Rust crates (Cargo.toml workspace `members` count)
   * 67→68 skills (`ls skills/ | wc -l`)
   * 35→38 hooks (`grep -c '"command":' settings-snippet.json`)
   * 37→38 agent manifests (`ls _manifests/*.toml | wc -l`)
   * 82→85 substrate blocks (`find _blocks/ -name '*.md' | wc -l`)
   * 18 capability atoms VERIFIED via `find _capabilities/ -name '*.md'`
     (encyclopedia §3 row count of 17 is in a separate file and is a
     known internal display issue, not changed in this commit)
   * 495→565 active DNAs (per docs/DNA-INDEX.md header 2026-05-03)
   Each value now carries a `[REAL: <command>]` style trailer per
   RULE 0.18.

5. README.md DNA "80-char identity" → "≥33-char variable-length"
   - W1+W2 reviewer-pass flagged FALSE: docs/DNA-FORMAT.md SSoT says
     minimum 33 chars; 80 was nowhere in code or spec
   - Fix in README.md:36 + docs/PHILOSOPHY.md:39 + docs/DNA-INDEX.md:1352

6. README.md "Eleven install profiles (... Cursor / Continue / Zed /
   Aider / Docker / Nix)" — Cursor/Continue/Zed/Aider/Docker/Nix were
   never install profiles, they were bridge targets
   - Fix: list 12 actual profiles from _primitives/MANIFEST.toml,
     mention bridges as separate concept

7. .claude-plugin/plugin.json license MIT → Apache-2.0
   - W2-Sonnet reviewer flagged: LICENSE file is Apache-2.0 (since
     2026-04-30 per NOTICE), but plugin.json still declared MIT —
     plugin marketplace would show wrong license

8. docs/ARCHITECTURE.md:318 placeholder URL `https://example.invalid/...`
   - W2-Sonnet reviewer flagged: dead link in published docs
   - Fix: remove the bad href, describe ssl-rule-file as per-user
     install outside the public repo

9. skills/sleep-on-it/SKILL.md Wagner et al. 2004 citation
   - W1+W2 reviewer flagged RULE 0.4 violation: citation without
     verification marker
   - Fix: added [VERIFIED: doi:10.1038/nature02223] + clarification
     that the original paper showed slow-wave-sleep (not strictly REM)
     insight gain — our metaphor is a loose mapping

10. encyclopedia/substrate-overview.md §5 fabricated TS deps
    - W1-Opus doc-consistency flagged RULE 0.4.b violation: 5 of 6
      package rows had INVENTED dependency strings
      (`recall-ai-sdk ^1.0.0`, `nodemailer-mock ^2.0.0`,
       `telegram-typings ^4.10.0`, etc — none exist in the actual
      package.json files)
    - Fix: regenerated table from real `package.json` reads via
      `node -p "require(...).dependencies"` for each of the 6 packages
    - Fix: also corrected version drift (5 packages all 0.14.0 now)

Verification:
- Outcome-only end-to-end install against fake $HOME succeeds:
  hooks installed, ledger schema at user_version=9, settings.json
  created cleanly, all 5 documented files present
  [REAL: ran 2026-05-03 in this session]
- `cargo check -p kei-mcp` + `cargo test --no-run -p kei-mcp` clean

Audit findings NOT yet addressed (deferred to next batch):
- README:65 git clone github URL — repo is private; reviewer flagged
  external strangers cannot clone; will resolve via Quick Start rewrite
- npm.pkg.github.com / @keisei84 leftover sweep — both waves verified
  ZERO refs, no fix needed
- safeEqual timing leak in TS server (W2 sec MEDIUM)
- HTTP server bind 0.0.0.0 (W2 sec MEDIUM)
- Unbounded request body (W2 ci MEDIUM)
- --dry-run silent ignored on non-outcome profiles (W1+W2 MEDIUM)
- Doc-link missing for MEMORY/DNA/LEDGER format specs from README

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 19:09:59 +08:00

121 lines
5.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
name: sleep-on-it
description: Defer a hard question, research task, or design comparison to the nightly remote agent (KeiSeiKit v0.12.0 incubation layer). Runs on top of the v0.11 sleep-sync pipeline — user fills one free-text field plus three clicks, task lands in sync-repo/sleep-queue/ and is processed before REM consolidation. Up to 5 tasks per night, 15 minutes each. Pure-click wizard except the single task-description field.
argument-hint: (no arguments)
---
# Sleep On It — Incubation Wizard (index)
## When to use
- Deferring a hard question, research task, or design comparison to the nightly cloud agent for overnight processing.
- Queuing up to 5 tasks per night (15 min each) to be processed before the REM consolidation pass.
- Requires v0.11 sleep-sync already configured; use `/sleep-setup` first if not.
Biological analog: the "sleep on it" insight effect documented by
Wagner et al. 2004, *Nature* 427:352355
[VERIFIED: doi:10.1038/nature02223] (the original paper showed insight
gain after a sleep period that included slow-wave sleep, not strictly
REM; our metaphor is a loose mapping). During the day the user
submits open questions, research tasks, or design comparisons via this
wizard; the nightly cloud agent processes the queue before its existing
REM consolidation pass and writes results to `sync-repo/sleep-results/`.
This `SKILL.md` is the INDEX. Each phase lives in its own file and is
executed in order. Never skip a phase. Never re-order phases.
---
## Prerequisites (hard fail fast if missing)
- v0.11 sleep-sync must be configured (`~/.claude/secrets/.env` contains
`KEI_MEMORY_REPO_PATH`, `KEI_MEMORY_SSH_KEY`, and the sync-repo exists
under that path with a `.git/` subdir).
- `_primitives/kei-sleep-queue.sh` exists at
`~/.claude/agents/_primitives/kei-sleep-queue.sh` and is executable.
If either is missing, print the single line
```
v0.11 sleep-sync not configured — run `/sleep-setup` first, then retry.
```
and exit the wizard. Do not attempt to queue anything offline.
---
## Pipeline overview (6 phases, 5+ AskUserQuestion)
| Phase | File | Purpose | AskUserQuestion |
|---|---|---|---|
| 1 | [phase-1-intake.md](phase-1-intake.md) | One free-text field: the question / task | 0 (prompt, non-empty validate) |
| 2 | [phase-2-type.md](phase-2-type.md) | Task type: deep / pipeline / pattern / compare / custom | 1 (click) |
| 3 | [phase-3-priority.md](phase-3-priority.md) | Priority: tonight / FIFO / weekly | 1 (click) |
| 4 | [phase-4-format.md](phase-4-format.md) | Output format: markdown / ADR / checklist / table | 1 (click) |
| 5 | [phase-5-submit.md](phase-5-submit.md) | Preview frontmatter + body, submit / edit / abort | 1 (click) |
| 6 | [phase-6-ack.md](phase-6-ack.md) | Acknowledgment with UUID + queue path + run ETA | 1 (click) |
**Minimum AskUserQuestion count: 5.** All clicks except the single
free-text task description in Phase 1.
---
## Variables the pipeline produces
| Name | Set in | Meaning |
|---|---|---|
| `TASK_TEXT` | Phase 1 | Free-text task description (non-empty) |
| `TASK_TYPE` | Phase 2 | `deep` / `pipeline` / `pattern` / `compare` / `custom` |
| `PRIORITY` | Phase 3 | `night` / `fifo` / `weekly` |
| `FORMAT` | Phase 4 | `md` / `adr` / `checklist` / `table` |
| `SUBMIT_ACTION` | Phase 5 | `submit` / `edit` / `abort` |
| `QUEUE_PATH` | Phase 5 | Path of the queue file written by `kei-sleep-queue.sh add` |
| `UUID` | Phase 5 | UUID assigned by the helper |
---
## Final report (emit after Phase 6)
```
=== SLEEP-ON-IT REPORT ===
UUID: <UUID>
Queue file: <QUEUE_PATH>
Task type: <TASK_TYPE>
Priority: <PRIORITY>
Output format: <FORMAT>
Next run ETA: <UTC cron time from .keisei-sync.toml>
Results land: sync-repo/sleep-results/<UUID>.md
```
---
## Rules (apply throughout — enforced at every phase)
- **Pure-click contract.** Only Phase 1 asks for free text; every other
decision is an `AskUserQuestion`. No `freeText` outside Phase 1.
- **Idempotent.** Re-running the wizard while a previous task is still
pending is fine — each submission gets its own UUID and its own queue
file. No "one pending at a time" constraint.
- **NO DOWNGRADE (RULE -1).** If the helper rejects (invalid flag, sync
push fails), surface 2-3 constructive fix paths — never
"cannot submit".
- **NO HALLUCINATION (RULE 0.4).** Never fabricate a UUID, queue path,
or ETA — always echo the real helper output.
- **RULE 0.8 secrets.** Queue files never embed tokens; env refs live in
`~/.claude/secrets/.env` only.
- **Silent failure (RULE 0.15).** If the post-submit sync push fails,
the queue file still lives locally and will be pushed on the next
session-end dump. The wizard must NOT block on push failure.
- **Constructor Pattern (RULE ZERO).** Every phase file < 100 LOC.
---
## References
- `~/.claude/rules/sleep-layer.md` RULE 0.15 full text (Phase A added v0.12.0)
- `_primitives/kei-sleep-queue.sh` the queue CRUD helper
- `_primitives/kei-sleep-sync.sh` the session-end-dump callback (also
invoked by `kei-sleep-queue.sh add` after write)
- `_primitives/templates/sleep-incubation-prompt.md` cloud agent Phase A
- `_primitives/templates/sleep-trigger-prompt.md` cloud agent Phase B
- `skills/sleep-setup/` v0.11 one-time sync-repo wizard (prerequisite)
Reference in a new issue View git blame Copy permalink