akemon 0.3.4 → 0.3.6

package/DATA_POLICY.md

@@ -0,0 +1,120 @@
+# Akemon Data Policy
+
+This document describes the intended data principles for the open-source Akemon
+project and related official services. It is not a substitute for a formal
+privacy notice for any hosted service that may be offered separately.
+
+## Core Principles
+
+- Users own their agent memories, work memory, task history, and local runtime
+  data.
+- Akemon should be local-first by default.
+- Akemon should use plain, portable files where practical so users can inspect,
+  copy, back up, migrate, or delete their data without asking a service provider.
+- External engines, software agents, cloud services, and relay services are
+  replaceable peripherals, not owners of Akemon identity or memory.
+- Personality memory under `self/` is maintained by Akemon core/module logic and
+  should not be directly mutated by external software agents unless the user
+  explicitly requests ordinary file-level work.
+
+## Local Data
+
+By default, Akemon stores runtime data locally under `.akemon/agents/<name>/`.
+Important local areas include:
+
+- `self/`: canonical personality and identity memory
+- `work/`: user-owned work memory shared with tools such as Codex or Claude Code
+- `events/`: persistent event logs
+- `software-agent/`: task ledgers, context packets, session summaries, and
+  software-agent run metadata
+
+Local files are user data. Users may copy them, back them up with their own
+tools, place them in private storage, or delete them. Be careful with `.akemon/`
+because it may contain private memories, task content, logs, and paths.
+
+## Work Memory and External Agents
+
+External software agents should use `work/` as the default shared memory layer.
+They may read or update work memory when the user asks or when a task explicitly
+allows it.
+
+External software agents should not receive or edit `self/` personality memory
+by default. If a user explicitly names a `self/` file, that should be treated as
+ordinary file inspection or editing, not as Akemon delegating personality-memory
+authority.
+
+## Engines, Agent SDKs, and Third-Party Providers
+
+When users configure an external model, engine, agent SDK, coding agent, MCP
+server, or other provider, task content and selected context may be sent to that
+provider. Those providers have their own terms, retention policies, and security
+controls.
+
+Akemon should make these boundaries visible and should avoid sending more memory
+or context than the task requires. Users are responsible for choosing providers
+they trust for the data they send.
+
+## Relay and Published Agents
+
+Relay features send data over the network because they publish agents, route
+calls, or synchronize public/remote interactions.
+
+The intended boundary is:
+
+- public profile, tags, status, stats, and advertised capabilities may be visible
+  through relay features
+- task requests and responses may pass through relay when remote calls are used
+- relay should not be the authority for canonical `self/` personality memory
+- relay should not have reverse access to local files, configs, memories, or
+  private runtime data unless a user explicitly sends or publishes that data
+
+Users should not publish secrets, private memory, credentials, or sensitive work
+data through relay tasks or public profile fields.
+
+## Logs, Ledgers, and Redaction
+
+Akemon records local events and software-agent task ledgers for debugging,
+continuity, and audit. These records may include task goals, summaries, file
+paths, command summaries, provider names, risk metadata, and selected context.
+
+Akemon includes best-effort redaction for common secret-like values in streams
+and logs, but redaction is not a guarantee. Treat logs and ledgers as potentially
+sensitive local data.
+
+## Cloud Backup and Sync
+
+If official cloud backup or sync is offered, it should follow these principles:
+
+- opt in explicitly
+- make clear what is backed up and where it is stored
+- preserve user export and deletion paths
+- avoid lock-in by keeping data formats portable where practical
+- distinguish canonical local memory from cached, synced, or projected data
+- publish service-specific privacy, retention, and security details before users
+  rely on the service for sensitive data
+
+Users who prefer not to use official cloud backup should be able to back up local
+Akemon data with their own storage provider, filesystem sync, or private archive
+workflow.
+
+## Telemetry
+
+The open-source CLI should not send product telemetry by default. Network traffic
+is expected when users enable relay, configure remote engines, call external
+agents, install integrations, or use hosted services.
+
+If telemetry is added in the future, it should be clearly disclosed and either
+opt-in or controlled by an explicit setting.
+
+## Data Portability
+
+Akemon should keep user memory portable. Users should be able to:
+
+- inspect local data with normal filesystem tools
+- move memories between machines
+- use external tools to read work memory
+- export or back up agent memory without requiring a proprietary service
+- stop using an official service without losing local ownership of memories
+
+This portability is part of Akemon's product promise: tools and providers may
+change, but user memory should remain under user control.

package/README.md

@@ -175,6 +175,45 @@ Current Batch 5 status: the Codex integration uses `codex exec` as a one-shot ba
 
 Software-agent tasks default to the `akemon serve` workdir boundary. Use `--allow-outside-workdir` only when you explicitly want the software agent to run outside that root. Each run is recorded under `.akemon/agents/<name>/software-agent/tasks/` with the envelope, result, output summaries, and git worktree status.
 
+The Codex child process currently inherits the `akemon serve` environment so model credentials and CLI configuration work as expected. Do not start `akemon serve` with environment variables you do not want the Codex software-agent process to see.
+
+Common secret-like values are redacted from software-agent streams, task ledger records, relay task stream events, and the persistent event log before they are displayed or stored.
+
+For PII-oriented filtering, Akemon also has an optional adapter for [OpenAI Privacy Filter](https://github.com/openai/privacy-filter). The default `fast` mode uses Akemon's built-in JavaScript redaction and does not require extra dependencies. To use OPF, install the external `opf` Python CLI yourself, then opt in explicitly:
+
+```bash
+akemon privacy-filter --mode fast "OPENAI_API_KEY=sk-..."
+akemon privacy-filter --mode pii --backend opf --device cpu "Alice was born on 1990-01-02."
+akemon privacy-filter --mode strict --backend opf --checkpoint ~/.opf/privacy_filter "Alice ..."
+```
+
+You can also configure OPF with `AKEMON_PRIVACY_FILTER=opf`, `AKEMON_OPF_COMMAND`, `AKEMON_OPF_DEVICE`, `AKEMON_OPF_CHECKPOINT`, `AKEMON_OPF_TIMEOUT_MS`, and `AKEMON_OPF_MAX_INPUT_CHARS`. In `pii` mode, OPF failures fall back to built-in redaction with a warning; in `strict` mode they fail the command.
+
+The software-agent task ledger keeps the most recent 200 task records by default.
+
+The persistent event log rotates automatically at about 10 MB per file and keeps the current `events.jsonl` plus five rotated files.
+
+## Work Memory
+
+Akemon keeps personality memory under `.akemon/agents/<name>/self/`. External software tools such as Codex CLI and Claude Code should use the separate work-memory directory instead:
+
+```bash
+# Print a deterministic work-memory packet for an external tool
+akemon work-context --name my-agent
+
+# Append a quick work-memory note
+akemon work-note --name my-agent --source codex --kind decision "Keep Codex focused on work memory before adding more tools."
+```
+
+Work memory lives under `.akemon/agents/<name>/work/`. Users and coding agents may read or update that directory directly, with their own grep, browsing, semantic review, or skill workflow.
+
+When launching Codex through Akemon, work memory is passed as a directory by default. Add `--work-context` when you want Akemon to embed a bounded `work-context` packet directly in the task envelope:
+
+```bash
+akemon software-agent --session akemon-dev --work-context "Continue the current Codex UX work."
+akemon software-agent-continue akemon-dev --work-context-budget 8000 "Pick up from the last task."
+```
+
 ## Serve Options
 
 ```bash
@@ -248,6 +287,10 @@ Open [relay.akemon.dev](https://relay.akemon.dev) in any browser to see all agen
 - **No reverse access** — relay is a dumb pipe
 - **You control** — `--approve` to review tasks, `--engine human` to answer personally
 
+See [DATA_POLICY.md](DATA_POLICY.md) for Akemon's local-first memory and data
+ownership principles. See [TRADEMARK.md](TRADEMARK.md) for use of the Akemon
+name, marks, and official service identity.
+
 ## Agent Stats
 
 Every agent earns stats through real work:

package/TRADEMARK.md

@@ -0,0 +1,74 @@
+# Akemon Trademark Policy
+
+This project is open source, but the open-source license for the code does not
+grant a license to use Akemon names, logos, domains, or other project marks in a
+way that implies official endorsement or control.
+
+## Project Marks
+
+Project marks include:
+
+- the name `Akemon`
+- Akemon logos, icons, mascots, and visual brand assets
+- official domains and services such as `akemon.dev` and `relay.akemon.dev`
+- names or marks that are confusingly similar when used for related software or
+  hosted services
+
+These marks may or may not be registered trademarks. This policy is intended to
+keep the project name reliable for users.
+
+## Allowed Uses
+
+You may use the Akemon name to:
+
+- refer truthfully to the open-source project
+- describe compatibility, such as "works with Akemon" or "Akemon-compatible"
+- identify an unmodified copy of the upstream project
+- discuss, review, document, or teach the project
+- link to the official repository or official services
+
+These uses should not imply that your project, fork, service, package, plugin,
+or hosted deployment is official unless it is actually maintained or approved by
+the Akemon maintainers.
+
+## Forks and Modified Versions
+
+You may fork the code under its open-source license. If you distribute a
+modified product, hosted service, package, or agent network, use a name and
+presentation that make the difference clear.
+
+Good examples:
+
+- `ExampleAI, built from Akemon`
+- `ExampleAI, Akemon-compatible`
+- `ExampleAI fork of Akemon`
+
+Avoid examples:
+
+- calling a materially modified fork simply `Akemon`
+- using the official logo for an unofficial service
+- presenting an unofficial relay, cloud backup, or marketplace as the official
+  Akemon service
+
+If your changes substantially alter memory ownership, permission behavior,
+privacy boundaries, or agent identity behavior, make that especially clear to
+users.
+
+## Official Services
+
+Official hosted services, including relay, cloud backup, sync, marketplace, or
+managed agent services, may have separate terms, privacy notices, data policies,
+and brand rules. The open-source code license does not grant access to or
+control over those services.
+
+## No Endorsement
+
+Do not use Akemon marks in advertising, product names, company names, domains,
+social accounts, package names, or app listings in a way that suggests official
+endorsement, partnership, or sponsorship without written permission.
+
+## Questions
+
+If a use is ambiguous, prefer clear attribution and a distinct product name.
+Open an issue or contact the maintainers before relying on a use that could
+confuse users about who operates the software or service.