954b8c1f3e
Pre-public-launch cleanup. 17 files touched. Grep verification confirms
only Tier 4 (intentional GTM attribution) remains: README + docs/PHILOSOPHY
credit to Denis Parfionovich / KeiLab.
## Tier 1 — INFRA-LEAKS (4 targets, 1 file)
- _blocks/ci-forgejo-actions.md: Tailscale IPs 100.91.246.53 removed,
kgl-runner-01 → my-runner-01, SSH fingerprint line deleted, Forgejo
topology description generalised to "private interface"
## Tier 2 — PATENT-FLAG PROSE (4 files, ~10 edits)
- _manifests/kei-{modal-runner,ml-implementer,infra-implementer}.toml:
"proprietary/non-public-deploy" → "private/non-public-deploy"
- _blocks/ci-forgejo-actions.md: RULE 0.1 sensitive IP references softened
to generic "sensitive IP / compliance / air-gap" framing
## Tier 3 — INTERNAL PROJECT NAMES (8 files)
- kei-provision/tests/backend_smoke.rs: kgl-* fixtures → test-srv-*/test-vultr
- kei-auth/tests/integration.rs: project: "kgl" → "demo"
- kei-memory/src/coaccess.rs: "PROJECT-C/Genesis" origin → "in-house implementation"
- _primitives/{tomd.sh,README.md}: PROJECT-D provenance removed
- _bridges/README.md: PROJECT-D cross-ref line deleted
- skills/site-create/: keiagent/fal.ai → generic AI-asset generator
- skills/self-audit/: hardcoded project paths → ~/Projects/my-project
- skills/compose-solution/: hardcoded ~/Projects/PROJECT-E →
${KEISEI_BUNDLE_PATH:-} env-conditional lookup
- skills/sleep-setup/: forgejo.example.com → forgejo.example.com
## Phase 2 — Regenerated 3 root .md (Option B manual)
Assembler invocation blocked by sandbox; fell back to manual Edit on
kei-ml-implementer.md + kei-infra-implementer.md + kei-modal-runner.md
with same Tier-2 replacements as their source manifests.
## Known residual (Phase 3 pending user decision)
Git history still contains 619+ patent-term hits (pre-rewrite). Filter-repo
on /tmp/keisei-mirror.git prepared by separate agent; force-push
pending user approval because `genesis-scan` / `genesis-leak-guard` are
intentional kit features — naive rewrite would break them.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1.7 KiB
1.7 KiB
Phase 3 — Present
Show CLASSIFIED to the user as a multi-select click batch. User picks
which findings to address; selection becomes SELECTED.
3a — Silent-first guard
Read ~/.claude/memory/audit-backlog.md. Parse the
<!-- session_count: N --> header. If N < 10:
- Log every finding to the backlog with a
[SELF-AUDIT SILENT]prefix. - Set
SELECTED = []and SKIP to Phase 5.
This is the RULE 0.14 silent-first contract. Do NOT prompt the user.
3b — Patent-IP guard
If CWD sits under a banned project (~/Projects/my-project) OR a
CLAUDE.md in CWD contains a banned-marker line
matching /banned-project|patent-ip/i:
- Log every finding to backlog with
[SELF-AUDIT OFFLINE]prefix. - Set
SELECTED = []and SKIP to Phase 5.
Do NOT render transcript excerpts back to chat.
3c — Multi-select click
Emit ONE AskUserQuestion:
{
"questions": [
{
"question": "Which findings do you want to address this session?",
"header": "Findings",
"multiSelect": true,
"options": [
{"label": "<class-1> ×<count> [severity]", "description": "<scope>"},
{"label": "<class-2> ×<count> [severity]", "description": "<scope>"},
...
{"label": "None — just log to backlog", "description": "Append all to backlog, pick up later"}
]
}
]
}
Cap the option list at 8 findings (highest count first). If more exist,
add a trailing option "Show full list" that dumps all of them to stdout
and re-emits the click batch on the next turn.
Verify-criterion
- Exactly one
AskUserQuestioncall was emitted (unless guard fired). SELECTEDis a list of finding dicts (possibly empty).- "None — just log to backlog" treated as
SELECTED = [].