3759fb0f64
12-agent audit (2 waves Opus+Sonnet, 6 slices each) flagged 3 HIGH-tier
issues that BOTH waves agreed on, plus 5 doc-honesty findings. This
batch fixes the lot.
== CI green (was failing on main 94a7d68) ==
- _primitives/_rust/Cargo.toml — workspace tokio gains `io-std` feature
(needed by kei-mcp/src/main.rs which calls tokio::io::{stdin,stdout})
- _primitives/_rust/kei-mcp/Cargo.toml — dev-deps tokio gains `test-util`
feature (needed by tests/tools_call_timeout.rs for tokio::time::advance
and Builder::start_paused). Both verified locally:
`cargo check -p kei-mcp` ✓
`cargo test --no-run -p kei-mcp` ✓ (3 test binaries link)
[REAL: ran 2026-05-03 in this session]
== HIGH-tier audit fixes (consensus across waves) ==
1. SQLi escape in agent-outcome-backfill.sh:110
- 4 of 12 agents flagged: TOOL_USE_ID was JSON-derived and
interpolated raw into SQL. Allowlist on $SHIPPED protected today
but a future case-statement removal opened the surface.
- Fix: tiny `_sql_esc` helper that doubles single-quotes (SQL-99
standard escape), applied to SHIPPED + TOOL_USE_ID. STUBS already
integer-validated.
2. PRAGMA user_version=9 in install/sql/outcome-only-schema.sql
- W1 outcome-only critic flagged: the SQL fallback installed a
v9-equivalent flat schema but left user_version=0. A LATER
`kei-ledger init` (e.g. when user upgrades to full kit) would
re-run migrations v1-v9 and ALTER TABLE ADD COLUMN duplicate-error
mid-migration → broken DB.
- Fix: set PRAGMA user_version=9 before COMMIT so the binary's
migration runner sees current ≥ target and short-circuits.
3. backup_file mv→cp + uninstall macOS-portable awk
- W1+W2 outcome-only flagged: lib-backup.sh uses `mv` which DELETES
the target before _jq_merge_hooks runs; `|| true` swallowed the
subsequent jq read-error → silent settings.json loss.
- Fix in lib-profile-outcome-only.sh: `cp -p` aside, drop `|| true`,
return 1 on merge failure (trap restores).
- PROFILE-OUTCOME-ONLY.md uninstall used GNU sed `,+1` extension
which BSD sed (macOS) does not support — uninstall silently
no-op'd on macOS, leaving orphan CLAUDE.md text.
- Fix: replace with portable `awk` recipe; also added `rm -f` for
the agent-toolstats.jsonl sidecar (privacy completeness).
== Doc honesty pass (RULE 0.18 numerics + RULE 0.4 citations) ==
4. README.md count drift — verified all values against filesystem:
* 102→105 Rust crates (Cargo.toml workspace `members` count)
* 67→68 skills (`ls skills/ | wc -l`)
* 35→38 hooks (`grep -c '"command":' settings-snippet.json`)
* 37→38 agent manifests (`ls _manifests/*.toml | wc -l`)
* 82→85 substrate blocks (`find _blocks/ -name '*.md' | wc -l`)
* 18 capability atoms VERIFIED via `find _capabilities/ -name '*.md'`
(encyclopedia §3 row count of 17 is in a separate file and is a
known internal display issue, not changed in this commit)
* 495→565 active DNAs (per docs/DNA-INDEX.md header 2026-05-03)
Each value now carries a `[REAL: <command>]` style trailer per
RULE 0.18.
5. README.md DNA "80-char identity" → "≥33-char variable-length"
- W1+W2 reviewer-pass flagged FALSE: docs/DNA-FORMAT.md SSoT says
minimum 33 chars; 80 was nowhere in code or spec
- Fix in README.md:36 + docs/PHILOSOPHY.md:39 + docs/DNA-INDEX.md:1352
6. README.md "Eleven install profiles (... Cursor / Continue / Zed /
Aider / Docker / Nix)" — Cursor/Continue/Zed/Aider/Docker/Nix were
never install profiles, they were bridge targets
- Fix: list 12 actual profiles from _primitives/MANIFEST.toml,
mention bridges as separate concept
7. .claude-plugin/plugin.json license MIT → Apache-2.0
- W2-Sonnet reviewer flagged: LICENSE file is Apache-2.0 (since
2026-04-30 per NOTICE), but plugin.json still declared MIT —
plugin marketplace would show wrong license
8. docs/ARCHITECTURE.md:318 placeholder URL `https://example.invalid/...`
- W2-Sonnet reviewer flagged: dead link in published docs
- Fix: remove the bad href, describe ssl-rule-file as per-user
install outside the public repo
9. skills/sleep-on-it/SKILL.md Wagner et al. 2004 citation
- W1+W2 reviewer flagged RULE 0.4 violation: citation without
verification marker
- Fix: added [VERIFIED: doi:10.1038/nature02223] + clarification
that the original paper showed slow-wave-sleep (not strictly REM)
insight gain — our metaphor is a loose mapping
10. encyclopedia/substrate-overview.md §5 fabricated TS deps
- W1-Opus doc-consistency flagged RULE 0.4.b violation: 5 of 6
package rows had INVENTED dependency strings
(`recall-ai-sdk ^1.0.0`, `nodemailer-mock ^2.0.0`,
`telegram-typings ^4.10.0`, etc — none exist in the actual
package.json files)
- Fix: regenerated table from real `package.json` reads via
`node -p "require(...).dependencies"` for each of the 6 packages
- Fix: also corrected version drift (5 packages all 0.14.0 now)
Verification:
- Outcome-only end-to-end install against fake $HOME succeeds:
hooks installed, ledger schema at user_version=9, settings.json
created cleanly, all 5 documented files present
[REAL: ran 2026-05-03 in this session]
- `cargo check -p kei-mcp` + `cargo test --no-run -p kei-mcp` clean
Audit findings NOT yet addressed (deferred to next batch):
- README:65 git clone github URL — repo is private; reviewer flagged
external strangers cannot clone; will resolve via Quick Start rewrite
- npm.pkg.github.com / @keisei84 leftover sweep — both waves verified
ZERO refs, no fix needed
- safeEqual timing leak in TS server (W2 sec MEDIUM)
- HTTP server bind 0.0.0.0 (W2 sec MEDIUM)
- Unbounded request body (W2 ci MEDIUM)
- --dry-run silent ignored on non-outcome profiles (W1+W2 MEDIUM)
- Doc-link missing for MEMORY/DNA/LEDGER format specs from README
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.2 KiB
5.2 KiB
| name | description | argument-hint |
|---|---|---|
| sleep-on-it | Defer a hard question, research task, or design comparison to the nightly remote agent (KeiSeiKit v0.12.0 incubation layer). Runs on top of the v0.11 sleep-sync pipeline — user fills one free-text field plus three clicks, task lands in sync-repo/sleep-queue/ and is processed before REM consolidation. Up to 5 tasks per night, 15 minutes each. Pure-click wizard except the single task-description field. | (no arguments) |
Sleep On It — Incubation Wizard (index)
When to use
- Deferring a hard question, research task, or design comparison to the nightly cloud agent for overnight processing.
- Queuing up to 5 tasks per night (15 min each) to be processed before the REM consolidation pass.
- Requires v0.11 sleep-sync already configured; use
/sleep-setupfirst if not.
Biological analog: the "sleep on it" insight effect documented by
Wagner et al. 2004, Nature 427:352–355
[VERIFIED: doi:10.1038/nature02223] (the original paper showed insight
gain after a sleep period that included slow-wave sleep, not strictly
REM; our metaphor is a loose mapping). During the day the user
submits open questions, research tasks, or design comparisons via this
wizard; the nightly cloud agent processes the queue before its existing
REM consolidation pass and writes results to sync-repo/sleep-results/.
This SKILL.md is the INDEX. Each phase lives in its own file and is
executed in order. Never skip a phase. Never re-order phases.
Prerequisites (hard fail fast if missing)
- v0.11 sleep-sync must be configured (
~/.claude/secrets/.envcontainsKEI_MEMORY_REPO_PATH,KEI_MEMORY_SSH_KEY, and the sync-repo exists under that path with a.git/subdir). _primitives/kei-sleep-queue.shexists at~/.claude/agents/_primitives/kei-sleep-queue.shand is executable.
If either is missing, print the single line
v0.11 sleep-sync not configured — run `/sleep-setup` first, then retry.
and exit the wizard. Do not attempt to queue anything offline.
Pipeline overview (6 phases, 5+ AskUserQuestion)
| Phase | File | Purpose | AskUserQuestion |
|---|---|---|---|
| 1 | phase-1-intake.md | One free-text field: the question / task | 0 (prompt, non-empty validate) |
| 2 | phase-2-type.md | Task type: deep / pipeline / pattern / compare / custom | 1 (click) |
| 3 | phase-3-priority.md | Priority: tonight / FIFO / weekly | 1 (click) |
| 4 | phase-4-format.md | Output format: markdown / ADR / checklist / table | 1 (click) |
| 5 | phase-5-submit.md | Preview frontmatter + body, submit / edit / abort | 1 (click) |
| 6 | phase-6-ack.md | Acknowledgment with UUID + queue path + run ETA | 1 (click) |
Minimum AskUserQuestion count: 5. All clicks except the single free-text task description in Phase 1.
Variables the pipeline produces
| Name | Set in | Meaning |
|---|---|---|
TASK_TEXT |
Phase 1 | Free-text task description (non-empty) |
TASK_TYPE |
Phase 2 | deep / pipeline / pattern / compare / custom |
PRIORITY |
Phase 3 | night / fifo / weekly |
FORMAT |
Phase 4 | md / adr / checklist / table |
SUBMIT_ACTION |
Phase 5 | submit / edit / abort |
QUEUE_PATH |
Phase 5 | Path of the queue file written by kei-sleep-queue.sh add |
UUID |
Phase 5 | UUID assigned by the helper |
Final report (emit after Phase 6)
=== SLEEP-ON-IT REPORT ===
UUID: <UUID>
Queue file: <QUEUE_PATH>
Task type: <TASK_TYPE>
Priority: <PRIORITY>
Output format: <FORMAT>
Next run ETA: <UTC cron time from .keisei-sync.toml>
Results land: sync-repo/sleep-results/<UUID>.md
Rules (apply throughout — enforced at every phase)
- Pure-click contract. Only Phase 1 asks for free text; every other
decision is an
AskUserQuestion. NofreeTextoutside Phase 1. - Idempotent. Re-running the wizard while a previous task is still pending is fine — each submission gets its own UUID and its own queue file. No "one pending at a time" constraint.
- NO DOWNGRADE (RULE -1). If the helper rejects (invalid flag, sync push fails), surface 2-3 constructive fix paths — never "cannot submit".
- NO HALLUCINATION (RULE 0.4). Never fabricate a UUID, queue path, or ETA — always echo the real helper output.
- RULE 0.8 secrets. Queue files never embed tokens; env refs live in
~/.claude/secrets/.envonly. - Silent failure (RULE 0.15). If the post-submit sync push fails, the queue file still lives locally and will be pushed on the next session-end dump. The wizard must NOT block on push failure.
- Constructor Pattern (RULE ZERO). Every phase file < 100 LOC.
References
~/.claude/rules/sleep-layer.md— RULE 0.15 full text (Phase A added v0.12.0)_primitives/kei-sleep-queue.sh— the queue CRUD helper_primitives/kei-sleep-sync.sh— the session-end-dump callback (also invoked bykei-sleep-queue.sh addafter write)_primitives/templates/sleep-incubation-prompt.md— cloud agent Phase A_primitives/templates/sleep-trigger-prompt.md— cloud agent Phase Bskills/sleep-setup/— v0.11 one-time sync-repo wizard (prerequisite)