@etiquekit/etq 0.0.1 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +28 -0
- package/QuickStart.md +94 -0
- package/README.md +77 -9
- package/bin/etiquette +1149 -0
- package/bin/etiquette-core +313 -0
- package/docs/ARCHITECTURE.md +100 -0
- package/docs/CODEX_CLIENT_COMPATIBILITY.md +83 -0
- package/docs/CONCEPTS.md +128 -0
- package/docs/CONCEPT_STATUS.md +67 -0
- package/docs/CORE_PROFILE.md +70 -0
- package/docs/LANE_PROVISIONING.md +157 -0
- package/docs/README.md +29 -0
- package/docs/RELEASE_SURFACE_AUDIT.md +156 -0
- package/docs/SEAT_DISCIPLINE.md +68 -0
- package/docs/SEAT_PROVISIONING.md +100 -0
- package/docs/TEAM_HANDOFF.md +190 -0
- package/docs/WORKTREE_QOL.md +92 -0
- package/docs/contracts/ledger-entry/README.md +83 -0
- package/docs/contracts/ledger-entry/ledger-entry.v0.1.md +116 -0
- package/docs/contracts/ledger-entry/ledger-entry.v0.2.md +90 -0
- package/docs/contracts/ledger-entry/ledger-entry.v0.md +123 -0
- package/docs/contracts/ledger-entry/ledger-query-cli.v0.1.md +64 -0
- package/package.json +42 -11
- package/scripts/install.sh +144 -0
- package/scripts/uninstall.sh +58 -0
- package/templates/etiquette-vanilla-v0/README.md +69 -0
- package/templates/etiquette-vanilla-v0/bin/stamp-vanilla +33 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/.llm-substrate/HANDOFF.md +22 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/README.md +16 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/_lib/http.sh +121 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/_lib/sanitize.sh +191 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/_lib/state.sh +67 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/access-assurance-check +55 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/compact-local-events +71 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/hooks/post-tool-use +64 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/hooks/session-end +64 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/hooks/session-start +64 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/hooks/stop +64 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/hooks/user-prompt-submit +64 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/local-event +53 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/post-receipt +143 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/post-telemetry +112 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-consume-pass +115 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-doctor +20 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-init +86 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/seat-post-readiness +171 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/bin/session-init +132 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/ACCESS-ASSURANCE.md +39 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/access/workspace-secure-profile.v0.json +53 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/ledger/LEDGER.md +7 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/playbacks/PLAYBACK_TEMPLATE.md +31 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/receipts/.gitkeep +1 -0
- package/templates/etiquette-vanilla-v0/source/control-seat/docs/work/tasks/CONTROL-001.yaml +13 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/README.md +6 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/bin/kernel-doctor +11 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/contracts/playback.v0.md +37 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/contracts/receipt.v0.md +25 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/contracts/seat-readiness.v0.md +22 -0
- package/templates/etiquette-vanilla-v0/source/etiquette-kernel/contracts/task.v0.md +18 -0
- package/templates/etiquette-vanilla-v0/validate-vanilla.sh +43 -0
- package/templates/github-actions/README.md +30 -0
- package/templates/github-actions/w1-webhook-wake-canary.yml +111 -0
- package/templates/hosted-receiver/README.md +41 -0
- package/templates/hosted-receiver/w1-github-webhook-receiver.mjs +129 -0
- package/templates/seat-packs-v0/README.md +72 -0
- package/templates/seat-packs-v0/bin/provision-seat +70 -0
- package/templates/seat-packs-v0/source/claude-code-seat/.llm-substrate/HANDOFF.md +24 -0
- package/templates/seat-packs-v0/source/claude-code-seat/README.md +19 -0
- package/templates/seat-packs-v0/source/claude-code-seat/bin/seat-doctor +8 -0
- package/templates/seat-packs-v0/source/codex-seat/.llm-substrate/HANDOFF.md +25 -0
- package/templates/seat-packs-v0/source/codex-seat/README.md +22 -0
- package/templates/seat-packs-v0/source/codex-seat/bin/seat-doctor +8 -0
- package/templates/seat-packs-v0/source/gemini-seat/.llm-substrate/HANDOFF.md +23 -0
- package/templates/seat-packs-v0/source/gemini-seat/README.md +19 -0
- package/templates/seat-packs-v0/source/gemini-seat/bin/seat-doctor +8 -0
- package/templates/seat-packs-v0/source/ollama-seat/.llm-substrate/HANDOFF.md +24 -0
- package/templates/seat-packs-v0/source/ollama-seat/README.md +19 -0
- package/templates/seat-packs-v0/source/ollama-seat/bin/seat-doctor +8 -0
- package/templates/seat-packs-v0/source/openrouter-seat/.llm-substrate/HANDOFF.md +24 -0
- package/templates/seat-packs-v0/source/openrouter-seat/README.md +19 -0
- package/templates/seat-packs-v0/source/openrouter-seat/bin/seat-doctor +8 -0
- package/templates/seat-packs-v0/validate-seat-packs.sh +27 -0
- package/bin/etq +0 -4
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
# Architecture Boundary
|
|
2
|
+
|
|
3
|
+
Etiquette is the governance substrate for agentic engineering work.
|
|
4
|
+
|
|
5
|
+
It should not become a single runner, hosted dashboard, chat product, or model
|
|
6
|
+
vendor wrapper. Those can all consume Etiquette, but they do not own its truth.
|
|
7
|
+
|
|
8
|
+
## Layers
|
|
9
|
+
|
|
10
|
+
```text
|
|
11
|
+
Core contracts, schemas, validators, ledgers, receipts, audit
|
|
12
|
+
Local runtime repo-local CLI, event log, task packets, memory search
|
|
13
|
+
Harness teammate UX, context presets, skills, dashboards, canvases
|
|
14
|
+
Adapters Codex, Claude Code, Gemini, managed runners, GitHub, MCP
|
|
15
|
+
Reactors optional tighten-only listeners for revocation and sync
|
|
16
|
+
```
|
|
17
|
+
|
|
18
|
+
```text
|
|
19
|
+
Core records, validates, gates, and dispatches.
|
|
20
|
+
Full remembers, consolidates, marinates, and projects.
|
|
21
|
+
Execution returns evidence; it never mints authority.
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
Execution is a substrate, not an authority layer. In Core it is the local shell,
|
|
25
|
+
worktree, or runner. In Full it may be a runtime cell, EKS/kind sandbox, or
|
|
26
|
+
managed runner. In every profile, execution remains authority-false until the
|
|
27
|
+
promotion gate accepts evidence.
|
|
28
|
+
|
|
29
|
+
## Authority
|
|
30
|
+
|
|
31
|
+
Authority lives in repo-local records and explicit grants.
|
|
32
|
+
|
|
33
|
+
- A seat can propose or execute only inside its envelope.
|
|
34
|
+
- A runner session is not a lane.
|
|
35
|
+
- A permission prompt is not a grant lease.
|
|
36
|
+
- A memory object is not truth.
|
|
37
|
+
- A dashboard is not the board.
|
|
38
|
+
- A reactor may tighten access, never loosen it.
|
|
39
|
+
|
|
40
|
+
Consequential mutations need receipt context:
|
|
41
|
+
|
|
42
|
+
```text
|
|
43
|
+
actor -> seat -> grant/ref -> allowed writes -> validation -> receipt
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Authentication gives standing to occupy a seat. Authorization is checked at the
|
|
47
|
+
protected action and is conditional on current standing.
|
|
48
|
+
|
|
49
|
+
For managed or remote surfaces, requests should resolve through an authority
|
|
50
|
+
policy, not a hardcoded person, model, or runtime. The resolver maps actions to
|
|
51
|
+
role occupants or composite gates and fails closed.
|
|
52
|
+
|
|
53
|
+
## Consumers
|
|
54
|
+
|
|
55
|
+
Consumers may read, render, route bounded work, spawn bounded runners, and return
|
|
56
|
+
receipts. They must not grant, close, merge, rewrite ledgers, or become the bus.
|
|
57
|
+
|
|
58
|
+
Good first consumers are verification-first managed runners, local coding seats,
|
|
59
|
+
context workbenches, dashboards, and MCP readers. Start remote as witness-only.
|
|
60
|
+
|
|
61
|
+
## Package Boundary
|
|
62
|
+
|
|
63
|
+
```text
|
|
64
|
+
packages/protocol kernel contracts; no runtime or adapter imports
|
|
65
|
+
packages/control local runtime and public CLI; may use protocol only
|
|
66
|
+
legacy bridges dbt-core and adapter-* stay source-only until a consumer
|
|
67
|
+
apps/* UX surfaces; consume core through public commands or APIs
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Known bridge exceptions must stay named in conformance tests until removed.
|
|
71
|
+
Adding a reverse import is an architectural change. The public 0.2.x package ships only
|
|
72
|
+
`control`, `protocol`, docs, templates, and scripts; legacy DBT and old slice
|
|
73
|
+
adapters stay source-only until a consumer exists.
|
|
74
|
+
|
|
75
|
+
For 0.2.x, only two product boundaries are hard enforcement surfaces:
|
|
76
|
+
|
|
77
|
+
- Core excludes Full command families and optional runtime, hosted, memory,
|
|
78
|
+
console, sync, adapter, MCP, release, and remote provisioning surfaces.
|
|
79
|
+
- Exec remains authority-false: it may run, observe, verify, and return
|
|
80
|
+
evidence, but it cannot grant, close, merge, promote, mutate canonical truth,
|
|
81
|
+
or mint access outside Core grants and envelopes.
|
|
82
|
+
|
|
83
|
+
Exec evidence is boundary evidence, not process surveillance. Runners return scope, write
|
|
84
|
+
boundaries, candidates, validation, failures, refusals, and stop conditions; internal retries need
|
|
85
|
+
trace-mode only when requested. Managed or
|
|
86
|
+
opaque providers must return audit-self-sufficient evidence reconstructable without provider session
|
|
87
|
+
logs, while avoiding raw event-log mirrors.
|
|
88
|
+
|
|
89
|
+
The richer Core/Exec/Full module map is documentation-only until a named trigger
|
|
90
|
+
appears. Split packages or repos only for license divergence, release cadence,
|
|
91
|
+
security blast radius, maturity/churn mismatch, or dependency growth.
|
|
92
|
+
|
|
93
|
+
Never split the authority gate from the evidence ledger, and never move the
|
|
94
|
+
authority gate out of Core.
|
|
95
|
+
|
|
96
|
+
## Distribution Profiles
|
|
97
|
+
|
|
98
|
+
The same core supports `open`, `secure`, and `hosted` distribution profiles.
|
|
99
|
+
|
|
100
|
+
Do not fork doctrine by profile. Profiles change admission and packaging, not truth.
|
|
@@ -0,0 +1,83 @@
|
|
|
1
|
+
# Codex Client Compatibility
|
|
2
|
+
|
|
3
|
+
Etiquette Core does not require Codex to install, run local ledger commands, or
|
|
4
|
+
cut a package release. Codex is a consumer/runner surface: useful, first-class,
|
|
5
|
+
and replaceable.
|
|
6
|
+
|
|
7
|
+
As of 2026-06-18, operators should use Codex CLI `0.141.0` or newer for
|
|
8
|
+
Etiquette lanes that exercise remote execution, plugin-scoped MCP, or hook
|
|
9
|
+
resume behavior. That floor comes from the official Codex changelog for
|
|
10
|
+
`0.140.0` and `0.141.0`, which added or fixed surfaces we actively consume:
|
|
11
|
+
remote executor relay hardening, app-server/exec-server path preservation,
|
|
12
|
+
plugin/MCP routing, hook trust/resume behavior, SQLite recovery, and large
|
|
13
|
+
tool-session performance.
|
|
14
|
+
|
|
15
|
+
Source: https://developers.openai.com/codex/changelog
|
|
16
|
+
|
|
17
|
+
## Compatibility Matrix
|
|
18
|
+
|
|
19
|
+
| Etiquette surface | Codex floor | Gate posture |
|
|
20
|
+
| --- | --- | --- |
|
|
21
|
+
| Core CLI, package tarball, ledger, receipts | none | Core must remain usable without Codex. |
|
|
22
|
+
| Local Codex coding seat | `0.141.0` recommended | Warn if older; do not block Core. |
|
|
23
|
+
| Remote-runtime app-server/exec-server canaries | `0.141.0` required | Block that canary until upgraded. |
|
|
24
|
+
| Plugin-scoped MCP adapter canaries | `0.141.0` required | Block that canary until upgraded. |
|
|
25
|
+
| Hook/action-auth resume canaries | `0.141.0` required | Block that canary until upgraded. |
|
|
26
|
+
| Usage-budget hygiene before long swarms | `0.140.0` minimum for `/usage` | Advisory only. |
|
|
27
|
+
|
|
28
|
+
## Operator Check
|
|
29
|
+
|
|
30
|
+
Before a remote-runtime, plugin-MCP, or hook/action-auth canary:
|
|
31
|
+
|
|
32
|
+
```sh
|
|
33
|
+
codex --version
|
|
34
|
+
codex mcp list
|
|
35
|
+
codex features list
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
If the CLI is older than `0.141.0`, update it before the canary:
|
|
39
|
+
|
|
40
|
+
```sh
|
|
41
|
+
codex update
|
|
42
|
+
codex --version
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
The update command is an operator action, not an Etiquette release action.
|
|
46
|
+
Running `etiquette release readiness` must never update Codex, publish a package,
|
|
47
|
+
or create a distribution channel.
|
|
48
|
+
|
|
49
|
+
## Post-Update Smoke
|
|
50
|
+
|
|
51
|
+
After updating Codex, run one low-risk local smoke before routing remote or MCP
|
|
52
|
+
work:
|
|
53
|
+
|
|
54
|
+
```sh
|
|
55
|
+
codex --version
|
|
56
|
+
codex mcp list
|
|
57
|
+
codex exec "Report the current working directory and do not edit files."
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
For plugin-scoped MCP work, prefer activating the needed plugin or MCP server in
|
|
61
|
+
the thread/adapter that needs it. Avoid turning every MCP server into a global
|
|
62
|
+
startup dependency.
|
|
63
|
+
|
|
64
|
+
## Runner Glitches
|
|
65
|
+
|
|
66
|
+
If Codex reports a client/rendering error such as `Unsupported content type`
|
|
67
|
+
while a shell command or edit actually completed, treat it as runner evidence,
|
|
68
|
+
not Etiquette truth. Re-run the underlying `etiquette ...` command directly in
|
|
69
|
+
the terminal, record the result in the repo-local session runbook, and continue
|
|
70
|
+
only if `doctor`, `typecheck`, tests, or the requested validation pass.
|
|
71
|
+
|
|
72
|
+
```sh
|
|
73
|
+
etiquette diagnostics runner-glitch --runner codex --symptom '{"detail":"Unsupported content type"}' --session <session-id>
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## Authority Boundary
|
|
77
|
+
|
|
78
|
+
Codex permissions, plugin installs, MCP approvals, and `/usage` reports are
|
|
79
|
+
runtime signals. They are not Etiquette grants.
|
|
80
|
+
|
|
81
|
+
Codex memories can help an operator recall preferences. They are not workflow
|
|
82
|
+
truth. Etiquette truth remains the ledger, task envelopes, explicit grants,
|
|
83
|
+
receipts, and release artifacts.
|
package/docs/CONCEPTS.md
ADDED
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
# Core Concepts
|
|
2
|
+
|
|
3
|
+
Etiquette is a governance and evidence layer for agent-assisted engineering
|
|
4
|
+
work. It does not try to be the agent, the IDE, the chat room, or the cloud
|
|
5
|
+
runtime.
|
|
6
|
+
|
|
7
|
+
## The Loop
|
|
8
|
+
|
|
9
|
+
```text
|
|
10
|
+
seat -> task envelope -> session -> execution -> receipt -> promotion gate
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
Core records, validates, gates, and dispatches. Exec runs and returns evidence.
|
|
14
|
+
Full remembers, consolidates, marinates, and projects.
|
|
15
|
+
|
|
16
|
+
## Seat
|
|
17
|
+
|
|
18
|
+
A seat is a durable work identity. A human, agent, or runtime can occupy it, but
|
|
19
|
+
the seat is the thing the workflow routes to.
|
|
20
|
+
|
|
21
|
+
Do not confuse:
|
|
22
|
+
|
|
23
|
+
| Concept | Answers |
|
|
24
|
+
| --- | --- |
|
|
25
|
+
| Operator principal | Who is accountable for intent or approval? |
|
|
26
|
+
| Seat | What durable work role or capability is acting? |
|
|
27
|
+
| Runtime | Which tool or model executed? |
|
|
28
|
+
| Session | Which bounded run produced evidence? |
|
|
29
|
+
|
|
30
|
+
## Task Envelope
|
|
31
|
+
|
|
32
|
+
A task envelope says what work is allowed: owner, mode, allowed writes,
|
|
33
|
+
forbidden writes, validation, stop conditions, expected receipt, and next owner.
|
|
34
|
+
|
|
35
|
+
If a task does not name the write boundary and validation, it is not ready for
|
|
36
|
+
autonomous execution.
|
|
37
|
+
|
|
38
|
+
## Session
|
|
39
|
+
|
|
40
|
+
A session is a bounded run inside one repo. Use one for a bug fix, feature
|
|
41
|
+
slice, review, release canary, or short swarm; not for a product, quarter, or
|
|
42
|
+
org.
|
|
43
|
+
|
|
44
|
+
## Receipt
|
|
45
|
+
|
|
46
|
+
A receipt proves what happened: changed files, validation, runbook refs,
|
|
47
|
+
blockers, risks, and next owner. It is evidence; it does not approve itself.
|
|
48
|
+
|
|
49
|
+
## Ledger
|
|
50
|
+
|
|
51
|
+
A ledger is the durable work record for a repo or workspace: decisions,
|
|
52
|
+
receipts, state changes, and refs. Raw execution chatter belongs in session
|
|
53
|
+
runbooks and scratch space.
|
|
54
|
+
|
|
55
|
+
## Promotion Gate
|
|
56
|
+
|
|
57
|
+
The promotion gate is where candidate work becomes accepted truth.
|
|
58
|
+
|
|
59
|
+
The gate is resolved by policy: owner, role, quorum, risk class, changed
|
|
60
|
+
surface, and current standing. It should not be hardcoded to one person unless
|
|
61
|
+
policy says that person owns the action class.
|
|
62
|
+
|
|
63
|
+
## Authority Lease
|
|
64
|
+
|
|
65
|
+
An authority lease is a narrow, expiring permission to spend an existing grant.
|
|
66
|
+
Spend can nest, bounded. Mint never nests.
|
|
67
|
+
|
|
68
|
+
V0 leases cover reversible work, tool use, validation, candidate return, and
|
|
69
|
+
local orchestration. They never cover auto-merge, signing, release, protected
|
|
70
|
+
branch push, secret rotation, cloud activation, or policy mutation.
|
|
71
|
+
|
|
72
|
+
Every lease check happens at the canonical point of effect, not from a stale
|
|
73
|
+
local cache. Telemetry can observe the action. It is not the audit log.
|
|
74
|
+
`can_auto_merge_in_v0: false` is required in V0.
|
|
75
|
+
|
|
76
|
+
## Node Delegation
|
|
77
|
+
|
|
78
|
+
Node delegation is topology, not authority.
|
|
79
|
+
|
|
80
|
+
A parent seat, runner, or orchestrator may delegate bounded work to a child
|
|
81
|
+
runner only through an explicit lease.
|
|
82
|
+
|
|
83
|
+
A child lease must be a strict subset of the parent lease. The subset covers
|
|
84
|
+
shorter or equal TTL, narrower or equal authority scope, subset write paths,
|
|
85
|
+
subset tools, inherited prohibitions, reduced spawn budget, and reduced depth.
|
|
86
|
+
|
|
87
|
+
Children return to their immediate parent. The parent synthesizes one upstream
|
|
88
|
+
receipt and remains accountable for child cleanup. A child or headless node is
|
|
89
|
+
not a durable seat unless it is separately enrolled and passes readiness.
|
|
90
|
+
|
|
91
|
+
## Exec
|
|
92
|
+
|
|
93
|
+
Exec is any runtime that does work: a local shell, Codex, Claude Code, Gemini,
|
|
94
|
+
Ollama, a script, a container, or a remote runtime cell.
|
|
95
|
+
|
|
96
|
+
Exec may run, observe, retry safe work, and return evidence. Exec must not
|
|
97
|
+
grant, merge, close, promote, or mutate canonical truth.
|
|
98
|
+
|
|
99
|
+
## Memory
|
|
100
|
+
|
|
101
|
+
Memory is cited context. It helps a seat find prior decisions, receipts, risks,
|
|
102
|
+
and patterns.
|
|
103
|
+
|
|
104
|
+
Memory proposes. Ledgers authorize. Receipts prove. Audit logs account.
|
|
105
|
+
|
|
106
|
+
Evidence consolidation creates compact rollups from recorded evidence.
|
|
107
|
+
Marination is a separate reflective practice over doctrine, drift, and repeated
|
|
108
|
+
failure patterns. Both produce proposals, not silent truth changes.
|
|
109
|
+
|
|
110
|
+
## Integrations
|
|
111
|
+
|
|
112
|
+
External tools keep their native jobs: chat is conversation, planning tools are
|
|
113
|
+
planning, code hosts are review, observability is incident evidence, and
|
|
114
|
+
identity systems are identity.
|
|
115
|
+
|
|
116
|
+
Etiquette is the accountability spine. External "Done" is not acceptance.
|
|
117
|
+
Authentication is not authorization.
|
|
118
|
+
|
|
119
|
+
## Short Rules
|
|
120
|
+
|
|
121
|
+
```text
|
|
122
|
+
Receipts prove work.
|
|
123
|
+
Grants authorize consequential action.
|
|
124
|
+
Sessions bound execution noise.
|
|
125
|
+
Portals display and coordinate.
|
|
126
|
+
Integrations project refs.
|
|
127
|
+
Execution returns evidence; it never mints authority.
|
|
128
|
+
```
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# Concept Status Matrix
|
|
2
|
+
|
|
3
|
+
Etiquette uses a few strong workflow concepts. Some are core behavior today,
|
|
4
|
+
some belong to the optional secure plane, and some are still operating patterns
|
|
5
|
+
that need a concrete consumer before they become default workflow.
|
|
6
|
+
|
|
7
|
+
Use this page when writing portal copy, onboarding material, release notes, or
|
|
8
|
+
manager runbooks. Do not promote a concept beyond the status shown here.
|
|
9
|
+
|
|
10
|
+
## Edition Boundary
|
|
11
|
+
|
|
12
|
+
| Surface | Purpose | Authority Posture |
|
|
13
|
+
| --- | --- | --- |
|
|
14
|
+
| Etiquette Core | Repo-local coordination, task envelopes, receipts, allowed writes, read models, manuals, and canaries. | Transparent by default; authority comes from tracked task/grant records and receipts. |
|
|
15
|
+
| Etiquette Secure | Restricted-seat admission, external assurance claims, revocation, policy state, and optional tightening reactor. | Tightens standing and eligibility; it must not grant workflow authority by itself. |
|
|
16
|
+
| Hosted/portal plane | Setup passes, workspace visibility, onboarding, board/read-model display, and operational observability. | Portal RBAC authorizes portal operations only. Workflow authority stays local and grant-backed. |
|
|
17
|
+
|
|
18
|
+
## Concept Matrix
|
|
19
|
+
|
|
20
|
+
| Concept | Core Status | Secure Status | Portal Surface | Caveat |
|
|
21
|
+
| --- | --- | --- | --- | --- |
|
|
22
|
+
| Ledger | Shipped. Repo-local task records, events, and receipts carry durable workflow truth. | May receive signed or protected replication later. | Board and console render ledger-derived read models. | Git-backed truth is durable and auditable; call it cryptographic only when signing/protected append-only is actually configured. |
|
|
23
|
+
| Receipts | Shipped. Work returns must cite changed files, validation, blockers, and next owner. | May include action authorization stamps and external verifier receipts. | Evidence drawers and manager views point to receipts. | A receipt proves evidence; it does not grant, merge, close, or promote by itself. |
|
|
24
|
+
| Seats and agents | Shipped. A seat is a stable responsibility; an occupant/runtime can change. Owner cards derive accountability, diet, boundaries, review cadence, and failure modes from source contracts plus live readiness. | Restricted seats may require assurance claims before admission. | Roster and owner cards show lifecycle, readiness, ownership, and posture. | Model cards, owner cards, and roster posture help routing but do not authorize work or transfer ownership. |
|
|
25
|
+
| Task envelopes | Shipped. Tasks declare owner, mode, allowed writes, forbidden writes, validation, stop conditions, and receipt expectations. | Secure admission can refuse restricted seats before task execution. | Manager manuals and pickup surfaces show the envelope. | Allowed writes are a cooperative boundary unless paired with OS/container enforcement or audit gates. |
|
|
26
|
+
| Rubrics and validation | Shipped as acceptance criteria and conformance gates. | Can be bound to restricted workflows and verifier receipts. | Manager/operator docs list required validation and stop conditions. | Do not claim every runtime is hard-blocked from returning unless the specific flow enforces that gate. |
|
|
27
|
+
| Authorization | Shipped as grant-backed workflow discipline: authentication seats an actor; authorization gates consequential action. | Access assurance, grant leases, kill-switch state, and action stamps compose at admission time. | Hosted pass docs and workspace authority contracts describe the boundary. | A verified occupant has standing, not blanket authority. Grants are effective only while standing is current. |
|
|
28
|
+
| Access screening | Not required for open Core. | Optional Secure surface using derived claims from providers such as Persona, Scandit, and Supabase. | Restricted-seat policy docs and secure onboarding should expose pass/fail status, not raw identity data. | Raw documents, scans, full document numbers, ethnicity, and provider secrets do not belong in Git. |
|
|
29
|
+
| Portal / management console | Core read model, docs site, screenshots, and read-only `console serve` are shipped. | Secure portal may manage policy state and revocation signals. | Console and board are read-only by default. | Portal RBAC is not workflow authority. Browser actions remain out of scope in Core. |
|
|
30
|
+
| Distribution and plugins | Core CLI, docs, templates, MCP resources/prompts, and outbox-backed proposal staging are portable. | Secure can ship as an optional add-on. | Codex and Claude Code plugins may launch workflows and portal views. | Plugins are convenience packaging, not authority. MCP proposal tools must not mutate the ledger directly. |
|
|
31
|
+
| Remote execution | Supported as evidence-first design. | Secure runtimes may require admission, revocation, and verifier identity before execution. Org-remote workspaces use session outboxes, sharded drains, candidate imports, and authority promotion gates. | Manager docs should treat remote receipts as evidence. | Start remote as witness, not worker. Remote receipts and drain imports do not authorize promotion. |
|
|
32
|
+
| Managed-agent parity | Parity map exists for agents, environments, sessions, events, tools, MCP, memory, outcomes, and scheduling. | Secure can add restricted runtime admission and revocation. | Docs site and portal docs may expose the map. | Compatibility is not dependency. The runner executes; Etiquette governs and records. |
|
|
33
|
+
| Architecture boundary | Core, runtime, harness, adapter, and reactor roles are documented and import-boundary tested. | Secure adds admission policy without forking doctrine. | Hosted consumes projected views without becoming authority. | New reverse imports are architectural changes, not convenience edits. |
|
|
34
|
+
| Memory | Shipped as cited context, filesystem-shaped candidate stores, SQLite FTS recall, and `memory status` capability reporting. Evidence consolidation/rollup is the memory compaction lifecycle; it is not doctrine marination. | Secure deployments may restrict what crosses org/workspace boundaries. | Docs may surface references, summaries, archive pointers, and shipped/reserved memory status. | Memory proposes; ledger authorizes. Do not claim full semantic/vector memory parity until the adapter ships. Do not rewrite shared truth through background consolidation. |
|
|
35
|
+
| Marination | Operating pattern. Use for doctrine sabbaticals: scheduled fresh-attention review of rules, errata, and proposed revisions. | Can be run under Secure as an advisory process with cited evidence. | Not yet a default portal workflow. | Deltas only. It produces proposals, not silent lane mutations. |
|
|
36
|
+
| Sabbaticals / parking | Partially reflected as `park`, `held`, and deferred dispositions. | Secure deployments may freeze standing or grants while work is parked. | Manager cadence can show parked/held work. | Do not promise automatic stash/cleanup unless the workspace implements that runbook. |
|
|
37
|
+
| Tightening reactor | Not part of default Core. | Optional off-by-default listener that writes only fail-closed signals such as revocation or kill-switch state. | Secure operations may show reactor health. | It may tighten, never loosen. If it stops, local admission still fails or proceeds from last known policy according to the configured gate. |
|
|
38
|
+
|
|
39
|
+
## Primitive Loop
|
|
40
|
+
|
|
41
|
+
Core records, validates, gates, and dispatches. Full remembers, consolidates,
|
|
42
|
+
marinates, and projects. Execution is not the gate: Core execution is the local
|
|
43
|
+
shell/worktree, Full execution is a runtime cell or managed runner, and both
|
|
44
|
+
remain authority-false until the promotion gate accepts evidence.
|
|
45
|
+
|
|
46
|
+
| Layer | Core | Full |
|
|
47
|
+
| --- | --- | --- |
|
|
48
|
+
| Record | identity, seats, task envelopes, session runbooks, ledger, receipts | memory stores, recall capsules, org/workspace projections |
|
|
49
|
+
| Reflect | rubrics, local validation, reconciliation by review | consolidation rollups, marination, drift and failure trend review |
|
|
50
|
+
| Gate | human/Git promotion gate over receipts and grants | same gate, enriched by secure admission and policy checks |
|
|
51
|
+
| Execute | local shell, local worktree, local runner | runtime cells, EKS/kind sandboxes, managed runners |
|
|
52
|
+
| Act | dispatch, receipt return, next-owner routing | hosted portal views, observability, adapter projections |
|
|
53
|
+
|
|
54
|
+
## Writing Rule
|
|
55
|
+
|
|
56
|
+
Use shipped language for shipped behavior, design language for parked behavior,
|
|
57
|
+
and edition language for Secure behavior:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
Core records, validates, gates, and dispatches.
|
|
61
|
+
Full remembers, consolidates, marinates, and projects.
|
|
62
|
+
Secure admits and revokes restricted standing.
|
|
63
|
+
Portals display and coordinate.
|
|
64
|
+
Grants authorize consequential actions.
|
|
65
|
+
Receipts prove what happened.
|
|
66
|
+
Execution returns evidence; it never mints authority.
|
|
67
|
+
```
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# Etiquette Core Profile
|
|
2
|
+
|
|
3
|
+
Etiquette Core is the bare-bones governance flavor for senior engineers who
|
|
4
|
+
want the original promise without the managed runtime surface.
|
|
5
|
+
|
|
6
|
+
Core includes:
|
|
7
|
+
|
|
8
|
+
- seat readiness and heartbeat;
|
|
9
|
+
- workflow mode validation and checks;
|
|
10
|
+
- rubric validation, local sandbox receipts, and promotion checks;
|
|
11
|
+
- operational dispatch check and record;
|
|
12
|
+
- local ledger indexing, search, and show;
|
|
13
|
+
- vanilla kernel docs, task cards, receipts, and the local ledger.
|
|
14
|
+
|
|
15
|
+
Core excludes by default:
|
|
16
|
+
|
|
17
|
+
- hosted runtime and EKS provisioning;
|
|
18
|
+
- MCP server;
|
|
19
|
+
- Linear adapter;
|
|
20
|
+
- memory-store lifecycle and drains;
|
|
21
|
+
- agent-plane profiles;
|
|
22
|
+
- console/site;
|
|
23
|
+
- remote sync joins and merge-driver setup;
|
|
24
|
+
- auth screening and enterprise rollout surfaces.
|
|
25
|
+
|
|
26
|
+
## Primitive Map
|
|
27
|
+
|
|
28
|
+
Core records, validates, gates, and dispatches:
|
|
29
|
+
|
|
30
|
+
| Layer | Core primitive |
|
|
31
|
+
| --- | --- |
|
|
32
|
+
| Record | seats, owner/readiness, task envelopes, ledger, receipts |
|
|
33
|
+
| Reflect | rubrics, local validation, reconciliation by review |
|
|
34
|
+
| Gate | human/Git promotion over grants, receipts, and validation |
|
|
35
|
+
| Execute | local shell, local worktree, local runner; authority-false |
|
|
36
|
+
| Act | dispatch advice, receipt return, next-owner routing |
|
|
37
|
+
|
|
38
|
+
Full remembers, consolidates, marinates, and projects. Memory stores,
|
|
39
|
+
consolidation rollups, marination modules, hosted portals, secure screening,
|
|
40
|
+
remote runtime cells, and sharded drains belong there unless explicitly enabled.
|
|
41
|
+
|
|
42
|
+
Use:
|
|
43
|
+
|
|
44
|
+
```sh
|
|
45
|
+
./bin/etiquette-core help
|
|
46
|
+
./bin/etiquette-core workflow explain mixed --json
|
|
47
|
+
./bin/etiquette-core seat status --project .
|
|
48
|
+
```
|
|
49
|
+
|
|
50
|
+
The full `./bin/etiquette` CLI still exposes optional runtime, hosted,
|
|
51
|
+
adapter, memory, console, sync, and release surfaces.
|
|
52
|
+
|
|
53
|
+
## Authority Gate
|
|
54
|
+
|
|
55
|
+
Core keeps authority explicit without adding a daemon or remote plane.
|
|
56
|
+
|
|
57
|
+
The Core promotion path is:
|
|
58
|
+
|
|
59
|
+
1. An agent or developer writes candidate work under the task boundary.
|
|
60
|
+
2. The candidate includes receipts and validation evidence.
|
|
61
|
+
3. A human reviews the diff and receipts.
|
|
62
|
+
4. Git merge is the canonical promotion gate.
|
|
63
|
+
5. The ledger records the promoted result.
|
|
64
|
+
|
|
65
|
+
At Core scale, Git is the promotion mechanism. Drains, sharded import, hosted
|
|
66
|
+
planes, and runtime cells belong to the Full profile unless explicitly enabled.
|
|
67
|
+
|
|
68
|
+
Core commands may advise, check, and record evidence. They do not authorize
|
|
69
|
+
work, attach grants, merge, close lanes, or promote candidates without the
|
|
70
|
+
human review and Git gate.
|
|
@@ -0,0 +1,157 @@
|
|
|
1
|
+
# Lane Provisioning Cookbook
|
|
2
|
+
|
|
3
|
+
Use this when a manager, lead seat, or returning agent needs to open work
|
|
4
|
+
without relying on chat memory.
|
|
5
|
+
|
|
6
|
+
A lane is a bounded work container. It can describe active work, review work,
|
|
7
|
+
or parked future work. It is not authority by itself.
|
|
8
|
+
|
|
9
|
+
## Manager Bulletin
|
|
10
|
+
|
|
11
|
+
Every routed lane should start with a bulletin that a new agent can act on
|
|
12
|
+
without reading private chat history.
|
|
13
|
+
|
|
14
|
+
```yaml
|
|
15
|
+
lane: APP-001-domain-foundation
|
|
16
|
+
task_id: APP-001
|
|
17
|
+
repo: github.com/org/app
|
|
18
|
+
project_ref: .
|
|
19
|
+
current_owner: codex-seat
|
|
20
|
+
review_owner: cc-seat
|
|
21
|
+
mode: product-implementation | read-only-audit | docs-only
|
|
22
|
+
startup_docs:
|
|
23
|
+
- AGENTS.md
|
|
24
|
+
- docs/work/runbooks/SESSION_PICKUP.md
|
|
25
|
+
- docs/work/manuals/SEAT_OPERATING_MANUAL.md
|
|
26
|
+
- docs/work/tasks/APP-001.yaml
|
|
27
|
+
allowed_writes:
|
|
28
|
+
- src/domain/**
|
|
29
|
+
forbidden_writes:
|
|
30
|
+
- secrets
|
|
31
|
+
- release keys
|
|
32
|
+
- deployment credentials
|
|
33
|
+
validation:
|
|
34
|
+
- npm test
|
|
35
|
+
stop_conditions:
|
|
36
|
+
- validation cannot run
|
|
37
|
+
- task needs writes outside allowed_writes
|
|
38
|
+
- authority, secrets, or release posture is unclear
|
|
39
|
+
expected_return:
|
|
40
|
+
- changed files
|
|
41
|
+
- validation evidence
|
|
42
|
+
- receipt path
|
|
43
|
+
- next owner
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Do not route a lane that lacks owner, mode, allowed writes, validation, stop
|
|
47
|
+
conditions, and expected return.
|
|
48
|
+
|
|
49
|
+
## Lane Classes
|
|
50
|
+
|
|
51
|
+
Use the smallest lane class that fits the work.
|
|
52
|
+
|
|
53
|
+
| Class | Use For | Required Return |
|
|
54
|
+
| --- | --- | --- |
|
|
55
|
+
| `active` | Current implementation, docs, review, or validation | receipt or counter |
|
|
56
|
+
| `review` | Pressure-test a claim, branch, packet, or release posture | review-return |
|
|
57
|
+
| `parked` | Known future work with no grant today | trigger conditions |
|
|
58
|
+
| `blocked` | Work cannot proceed without a decision or external state | blocker and next owner |
|
|
59
|
+
| `closed` | Work has been accepted or deliberately abandoned | close receipt |
|
|
60
|
+
|
|
61
|
+
Parked lanes are useful for items like CI signing. They must name the exact
|
|
62
|
+
prerequisites that make the lane admissible later.
|
|
63
|
+
|
|
64
|
+
Example:
|
|
65
|
+
|
|
66
|
+
```yaml
|
|
67
|
+
lane: release-ci-signing-v1
|
|
68
|
+
status: parked
|
|
69
|
+
trigger_conditions:
|
|
70
|
+
- protected release-signing environment exists with required reviewers
|
|
71
|
+
- explicit decision allows GitHub Secret custody for the signing key
|
|
72
|
+
forbidden_until_triggered:
|
|
73
|
+
- set release signing secret
|
|
74
|
+
- sign in CI
|
|
75
|
+
- publish release assets
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
## Agent Join Routine
|
|
79
|
+
|
|
80
|
+
When a new seat joins a repo, start from the repo-local truth:
|
|
81
|
+
|
|
82
|
+
```sh
|
|
83
|
+
etiquette whereami --project . --seat <seat> --task <task>
|
|
84
|
+
etiquette doctor --project .
|
|
85
|
+
etiquette status --project .
|
|
86
|
+
etiquette join --project . --seat <seat>
|
|
87
|
+
etiquette pickup --project . --seat <seat> --task <task> --text
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
Then read only the startup docs named by the bulletin. Do not scrape old chat
|
|
91
|
+
or a global bus to infer project state.
|
|
92
|
+
|
|
93
|
+
Inside a session, the agent should confirm:
|
|
94
|
+
|
|
95
|
+
- seat id and operator principal;
|
|
96
|
+
- task envelope;
|
|
97
|
+
- allowed and forbidden writes;
|
|
98
|
+
- validation commands;
|
|
99
|
+
- runbook path;
|
|
100
|
+
- expected receipt;
|
|
101
|
+
- stop conditions.
|
|
102
|
+
|
|
103
|
+
If any item is missing, return a narrow ask before editing product files.
|
|
104
|
+
|
|
105
|
+
## During Work
|
|
106
|
+
|
|
107
|
+
Keep detailed execution in the repo-local session runbook:
|
|
108
|
+
|
|
109
|
+
```sh
|
|
110
|
+
etiquette session note --project . --session <session> --section plan --message "..."
|
|
111
|
+
etiquette session note --project . --session <session> --section evidence --message "..."
|
|
112
|
+
```
|
|
113
|
+
|
|
114
|
+
Use receipts for compact shared evidence. A receipt should cite validation,
|
|
115
|
+
changed files, blockers, and next owner. It should not paste raw transcripts or
|
|
116
|
+
private scratch logs.
|
|
117
|
+
|
|
118
|
+
## Reviewers
|
|
119
|
+
|
|
120
|
+
Review seats are evidence producers. They may confirm, counter, or propose
|
|
121
|
+
amendments. They must not merge, promote, close, widen allowed writes, or grant
|
|
122
|
+
authority unless policy explicitly grants that action.
|
|
123
|
+
|
|
124
|
+
Reviewers should check:
|
|
125
|
+
|
|
126
|
+
- hidden authority changes;
|
|
127
|
+
- missing validation;
|
|
128
|
+
- oversized write sets;
|
|
129
|
+
- stale or ambiguous task context;
|
|
130
|
+
- evidence that cannot be reproduced;
|
|
131
|
+
- claims that should be receipts.
|
|
132
|
+
|
|
133
|
+
## Worktrees And Sessions
|
|
134
|
+
|
|
135
|
+
Use a separate worktree for implementation lanes when more than one seat may
|
|
136
|
+
touch the repo:
|
|
137
|
+
|
|
138
|
+
```text
|
|
139
|
+
lane/APP-001-domain-foundation
|
|
140
|
+
lane/APP-002-checkout
|
|
141
|
+
lane/APP-003-driver-dispatch
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
The worktree isolates changes. The session runbook records execution. The
|
|
145
|
+
receipt connects both back to the lane.
|
|
146
|
+
|
|
147
|
+
Do not use one session for the whole product, whole quarter, or unrelated repos.
|
|
148
|
+
Use one session for one task or a tight cluster of related tasks.
|
|
149
|
+
|
|
150
|
+
## Forbidden Shortcuts
|
|
151
|
+
|
|
152
|
+
- Do not treat chat as source of truth.
|
|
153
|
+
- Do not treat `whereami`, `join`, `pickup`, or readiness as authority.
|
|
154
|
+
- Do not use a global handshake bus for routine repo-local execution.
|
|
155
|
+
- Do not sign, publish, merge, close, or promote from a lane bulletin.
|
|
156
|
+
- Do not set secrets or release keys from a parked lane.
|
|
157
|
+
- Do not keep working after a stop condition fires.
|
package/docs/README.md
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Etiquette Docs
|
|
2
|
+
|
|
3
|
+
Start with [CONCEPTS.md](CONCEPTS.md), [CORE_PROFILE.md](CORE_PROFILE.md),
|
|
4
|
+
[SEAT_PROVISIONING.md](SEAT_PROVISIONING.md), [SEAT_DISCIPLINE.md](SEAT_DISCIPLINE.md),
|
|
5
|
+
[LANE_PROVISIONING.md](LANE_PROVISIONING.md), [WORKTREE_QOL.md](WORKTREE_QOL.md),
|
|
6
|
+
and [ARCHITECTURE.md](ARCHITECTURE.md).
|
|
7
|
+
For private manager-to-developer rollout, use
|
|
8
|
+
[TEAM_HANDOFF.md](TEAM_HANDOFF.md).
|
|
9
|
+
|
|
10
|
+
References:
|
|
11
|
+
|
|
12
|
+
- [CONCEPT_STATUS.md](CONCEPT_STATUS.md)
|
|
13
|
+
- [CODEX_CLIENT_COMPATIBILITY.md](CODEX_CLIENT_COMPATIBILITY.md)
|
|
14
|
+
- [RELEASE_SURFACE_AUDIT.md](RELEASE_SURFACE_AUDIT.md)
|
|
15
|
+
|
|
16
|
+
Source checkouts also keep hosted parity, portal, managed-runtime parity, and root kernel notes for
|
|
17
|
+
maintainers. They are not part of the local devkit tarball.
|
|
18
|
+
|
|
19
|
+
Integration profile:
|
|
20
|
+
Slack/Teams are conversation, Jira/Linear are planning, GitHub/GitLab are code
|
|
21
|
+
review, Sentry/Datadog/OpenTelemetry are incident evidence, and SSO/SCIM/OIDC
|
|
22
|
+
are identity. Etiquette is the accountability spine: chat is not source of
|
|
23
|
+
truth, external Done is not acceptance, and authentication is not authorization.
|
|
24
|
+
|
|
25
|
+
Current release posture: Core is the default local-first product, Exec is
|
|
26
|
+
authority-false and swappable, Full/hosted surfaces are optional scale layers,
|
|
27
|
+
and public hosted distribution is parked until organizational approval.
|
|
28
|
+
|
|
29
|
+
Maintainer history and prior workflow notes are not part of new-seat onboarding.
|