Denis Parfionovich
1d958b3587
Some checks are pending
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / preflight (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / vps-smoke (push) Waiting to run
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:frustration-matrix,kei-frustration-loop,kei-skill-importer,kei-projects-index,kei-projects-watcher,kei-gdrive-import,kei-leak-matrix,kei-skills,kei-gateway,kei-cron-scheduler,kei-export-trajectories,kei-backend-daytona,kei-d… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-compute-baremetal,kei-compute-vultr,kei-compute-linode,kei-compute-digitalocean,kei-svc-systemd,kei-llm-bridge-mlx name:hosted-sleep-compute]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-diff,kei-scheduler,kei-watch,kei-prune,kei-discover,kei-brain-view,kei-hibernate,kei-ledger-sign,kei-fork name:wave13-15]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-git-gitea,kei-git-forgejo,kei-git-gitlab,kei-git-bitbucket,kei-memory-sled,kei-memory-redis,kei-memory-postgres,kei-memory-sqlite,kei-auth-google,kei-auth-apple,kei-auth-magiclink,kei-auth-webauthn,kei-notify-slack,kei-n… (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-ledger,kei-migrate,kei-changelog,kei-memory,kei-store,kei-conflict-scan,kei-refactor-engine,kei-graph-check,kei-shared,kei-dna-index,kei-pet name:core]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-machine-probe,kei-llm-ollama,kei-llm-llamacpp,kei-llm-mlx,kei-llm-router,kei-model name:llm-stack]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:kei-router,kei-sage,kei-task,kei-chat-store,kei-crossdomain,kei-search-core,kei-content-store,kei-social-store,kei-curator,kei-auth,kei-artifact name:mcp-lbm]) (push) Blocked by required conditions
CI (Forgejo Actions — self-hosted runner on Mac, host mode) / rust-primitives (map[crates:keisei,kei-forge,kei-runtime,kei-runtime-core,kei-atom-discovery,kei-agent-runtime,kei-capability,kei-provision,kei-entity-store,kei-pipe,kei-cache,kei-spawn,kei-replay name:atom-substrate]) (push) Blocked by required conditions
PATENT-LEAK (HIGH):
- hooks/no-python-without-approval.sh: genesis-verify пример → my-project
- docs/encyclopedia/rust-crates-H-N.md: убран термин «Genesis IP, ITAR»
PATENT-LEAK (MEDIUM):
- CHANGELOG: project-vortex → reduced scope
- _blocks/registries (submodule bump): убраны имена приватных
project-specialists из комментария agent-profiles.toml
- docs/encyclopedia/skills-and-agents.md: ML/RL/CfC → ML/RL
CLASSICAL-SAFETY (MEDIUM):
- install/lib-preflight.sh: eval "$version_cmd" → bash -c "..."
(защита от инъекции если providers.toml расширят)
- _primitives/provision-{vultr,hetzner}.sh: /tmp/$$ → mktemp
(устраняет symlink TOCTOU race)
- web-install.sh: chmod 600 + umask 077 на ~/.keisei-install.log
(Forgejo admin creds + токены в логе)
- scripts/regen-counts.sh: eval "$1" → bash -c
NOT FIXED (требуют действий юзера):
- HIGH: @keisei scope не зарегистрирован на npmjs.org — typosquat
возможен пока не задан NPM_TOKEN и не сделан publish
- HIGH: install.keisei.app DNS не настроен — DNS-hijack возможен
- LOW: parfionovich@keilab.io в SECURITY.md, plugin.json, ~40 Cargo
файлах — intentional contact, оставлен
Локальный git author установлен на parfionovich@keilab.io вместо
parfionovichd@icloud.com (только для будущих коммитов в этом репо).
|
||
|---|---|---|
| .. | ||
| registries@c5590658ee | ||
| api-anthropic.md | ||
| api-apify.md | ||
| api-elevenlabs.md | ||
| api-fal-ai.md | ||
| api-graphql.md | ||
| api-openapi-first.md | ||
| api-rest-conventions.md | ||
| api-versioning-pagination-ratelimit.md | ||
| auth-authorization.md | ||
| auth-oauth2-oidc.md | ||
| auth-passkeys.md | ||
| auth-sessions.md | ||
| baseline.md | ||
| build-index.sh | ||
| ci-forgejo-actions.md | ||
| ci-github-actions.md | ||
| ci-release-automation.md | ||
| ci-security-gate.md | ||
| db-drizzle.md | ||
| db-migration-hygiene.md | ||
| db-postgres.md | ||
| db-sqlite.md | ||
| db-sqlx.md | ||
| deploy-aws-ec2.md | ||
| deploy-cloudflare.md | ||
| deploy-docker.md | ||
| deploy-hetzner-cloud.md | ||
| deploy-local-only.md | ||
| deploy-modal.md | ||
| deploy-vps-generic.md | ||
| docs-architecture-diagrams.md | ||
| docs-claude-md.md | ||
| docs-decisions-adr.md | ||
| docs-readme-template.md | ||
| docs-runbook.md | ||
| domain-has-secrets.md | ||
| domain-ml-training.md | ||
| domain-paid-apis.md | ||
| evidence-grading.md | ||
| INDEX.md | ||
| memory-protocol.md | ||
| mode-devils-advocate.md | ||
| mode-first-principles.md | ||
| mode-matrix.md | ||
| mode-maximalist.md | ||
| mode-minimalist.md | ||
| mode-skeptic.md | ||
| obs-metrics.md | ||
| obs-structured-logs.md | ||
| obs-traces.md | ||
| path-user-hooks.md | ||
| path-user-memory.md | ||
| path-user-rules.md | ||
| pipeline-5phase-template.md | ||
| README.md | ||
| rule-double-audit.md | ||
| rule-error-budget.md | ||
| rule-math-first.md | ||
| rule-pre-dev-gate.md | ||
| rule-pure-click-contract.md | ||
| rule-test-first.md | ||
| scraper-free-tier.md | ||
| scraper-paid-tier.md | ||
| scraper-unified-output.md | ||
| security-audit-logging.md | ||
| security-firewall-ufw.md | ||
| security-patching.md | ||
| security-ssh-hardening.md | ||
| security-tls-caddy.md | ||
| stack-astro.md | ||
| stack-embedded-stm32.md | ||
| stack-fastapi-postgres.md | ||
| stack-flutter.md | ||
| stack-go-server.md | ||
| stack-nextjs.md | ||
| stack-python-ml.md | ||
| stack-react-vite.md | ||
| stack-rust-axum.md | ||
| stack-rust-cli.md | ||
| stack-sveltekit.md | ||
| stack-swift-ios.md | ||
| stack-swift-spm.md | ||
| stack-tailwind.md | ||
| test-e2e.md | ||
| test-fuzz.md | ||
| test-load.md | ||
| test-property.md | ||
_blocks/ — Composable Agent Content
Each .md file in this directory is a block: a single-concern, standalone-readable snippet that any agent manifest can include via its blocks = [...] list. The _assembler concatenates selected blocks + manifest metadata into the final agent .md that Claude Code loads.
Blocks are grouped by prefix:
| Prefix | Purpose |
|---|---|
baseline, evidence-grading, memory-protocol |
Obligatory base — every manifest must include these |
rule-* |
Discipline rules (pre-dev-gate, test-first, error-budget, double-audit, math-first) |
mode-* |
Cognitive mode blocks (see below) |
stack-* |
Language / framework constraints (Rust Axum, React Vite, Swift SPM, …) |
deploy-* |
Deployment target rules (Modal, AWS EC2, Cloudflare, Hetzner, …) |
api-* |
External API conventions (Apify, fal.ai, ElevenLabs, Anthropic, …) |
db-* |
Database rules (Postgres, SQLite, Drizzle, sqlx, migrations) |
auth-*, security-*, obs-*, ci-*, test-*, scraper-*, domain-*, docs-* |
Domain-specific rules |
Cognitive mode blocks
Composable behavioural skews. Add any combination to a manifest's blocks list to stack the mode. Modes compose — e.g. mode-skeptic + mode-minimalist yields an adversarial pruner.
| Block | Purpose |
|---|---|
mode-skeptic.md |
Doubt the conclusion until proved; flag claims without E1/E2 grade |
mode-devils-advocate.md |
Steel-man the opposite; name the strongest objection before agreeing |
mode-minimalist.md |
Prefer deleting over adding; justify every addition against existing code |
mode-maximalist.md |
Explore 10× scope; return both maximum and minimum bounds; only when user invokes exploration |
mode-first-principles.md |
Derive from invariants; cite the physical / mathematical constraint, not "best practice" |
See mode-matrix.md for the agent-role × recommended-modes table used by the skills/new-agent wizard (Phase 3.6). It is the suggested starting set per role — modes remain a free pick per manifest.
Adding a new block
- Pick a stable prefix (existing category or a new one documented here).
- One concern per file. 20–50 LOC target,
<200 LOChard cap (Constructor Pattern). - Imperative voice (
"Do X"not"the agent should do X") — these land verbatim in agent prompts. - Standalone-readable — do not assume sibling blocks are present. Cross-references OK, hard dependencies not.
- Reference from a manifest's
blocks = [...]list; the assembler validates existence.
Ownership
Blocks are kit-owned — install.sh overwrites _blocks/ on re-run, backing up local edits to _blocks.bak-TIMESTAMP/. User-owned content belongs in _manifests/*.toml (which are never overwritten).