mishkan-harness 0.2.4 → 0.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/docs/usage/01-installation.md +1 -1
- package/package.json +1 -1
- package/payload/mishkan/observability/watch/pyproject.toml +2 -2
- package/payload/mishkan/observability/watch/src/mishkan_watch/__init__.py +1 -1
- package/payload/mishkan/observability/watchd/pyproject.toml +1 -1
- package/payload/mishkan/observability/watchd/src/mishkan_watchd/__init__.py +1 -1
- package/docs/engineer/profile-readable.md +0 -201
- package/docs/engineer/profile.md +0 -754
package/README.md
CHANGED
|
@@ -14,7 +14,7 @@ MISHKAN turns Claude Code into a standing engineering organisation. Quality and
|
|
|
14
14
|
|
|
15
15
|
It's personal, opinionated infrastructure built around one engineer's standards. To make it yours, replace `docs/engineer/profile.md` and re-sync — nothing else hardcodes the author.
|
|
16
16
|
|
|
17
|
-
> **v0.2.
|
|
17
|
+
> **v0.2.5** — agent fleet, rules, hooks, installer are stable. Cognee knowledge stack ready to bring up locally. Observability stack (watchd + TUI) available as two `uv tool`-installable packages.
|
|
18
18
|
|
|
19
19
|
---
|
|
20
20
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "mishkan-harness",
|
|
3
|
-
"version": "0.2.
|
|
3
|
+
"version": "0.2.5",
|
|
4
4
|
"description": "MISHKAN — a personal advanced SWE R&D harness for Claude Code: 45 biblically-named agents across six teams, deterministic rules + hooks, a shared research pipeline, dependency/supply-chain vetting, and a Cognee-backed knowledge graph. Installs into ~/.claude.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "mishkan-watch"
|
|
3
|
-
version = "0.
|
|
4
|
-
description = "MISHKAN observability TUI — Textual client that reads the mishkan-watchd UNIX socket and renders the
|
|
3
|
+
version = "0.2.5"
|
|
4
|
+
description = "MISHKAN observability TUI — Textual client that reads the mishkan-watchd UNIX socket and renders the 8-tab dashboard."
|
|
5
5
|
readme = "../README.md"
|
|
6
6
|
requires-python = ">=3.11"
|
|
7
7
|
license = {text = "MIT"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "mishkan-watchd"
|
|
3
|
-
version = "0.
|
|
3
|
+
version = "0.2.5"
|
|
4
4
|
description = "MISHKAN observability daemon — aggregates event bus + filesystem polls into a UNIX-socket snapshot+delta stream for mishkan-watch."
|
|
5
5
|
readme = "../README.md"
|
|
6
6
|
requires-python = ">=3.11"
|
|
@@ -1,201 +0,0 @@
|
|
|
1
|
-
# Y4NN — Developer Profile
|
|
2
|
-
*Human-readable companion to `profile.md` (this directory). Narrative form. Present-state only.*
|
|
3
|
-
|
|
4
|
-
---
|
|
5
|
-
|
|
6
|
-
## I. Who You Are
|
|
7
|
-
|
|
8
|
-
You are Ragnang-Newende Yanis Axel Dabo, known online as Y4NN and on GitHub as `Y4NN777`. Your day-job title is Junior Software Engineer, but the title and the role do not describe the same thing. Inside the company you are documented as *Mainteneur Staging & Production @ OGUN* — the engineer who owns the operational delivery pipeline for the entire Aïobi product suite. You report into an unnamed CTO / Direction Technique and collaborate with a small structured team built around clear divisions of labour. You are not solo, but on the deploy-and-operate axis you are the single point through which every Aïobi service reaches production.
|
|
9
|
-
|
|
10
|
-
You are based on the France–Africa axis, working inside a company building sovereign tech infrastructure for the African market. You read, write, and code-switch between French and English with deliberate intent: French for internal meta-work, corrections, and narrative; English for technical artifacts, architecture documents, and command-line work. The brand mark *Aïobi* always carries the tréma — never *Aiobi* — and this typographic precision is treated as engineering correctness, enforced in commits, scripts, and design docs alike.
|
|
11
|
-
|
|
12
|
-
---
|
|
13
|
-
|
|
14
|
-
## II. Where You Sit in the Team
|
|
15
|
-
|
|
16
|
-
The Aïobi engineering org is small and structured around capability, not seniority. Above you sits the CTO / Direction Technique, unnamed in commits but referenced as the governance and review layer (you produce DOCX reports for them at sprint cadence). Beside you sit the feature engineers and the infra team. The feature engineers are Youssouf Kouanda (`OGUN-kal`), who leads Forms development and gates every merge request; Cephas Congo (`LEGBA-8I`), who co-develops the eshu AI assistant backend with you as an equal partner; and historically Antoine Lebaud, who built the original AïobiMeet codebase before you took over its ops and deploy layer. The infra team is HERMES, who provision hardware, with Cheick Oumar Tarnagueda (`OGUN-TCO`) providing ongoing ops support.
|
|
17
|
-
|
|
18
|
-
Your seat is the bridge between feature development and infrastructure. Features land in repos, you take them through staging, harden them, deploy them, monitor them, and respond when they break. On one project — Aïobi-IAM — you are both the feature engineer and the operations engineer; you built it from scratch alone and you keep it running. On another project — AïobiOS-Guidance — you operate outside the team entirely, as a sole author of a thesis-grade Linux distribution that sits one layer below the entire Aïobi software stack.
|
|
19
|
-
|
|
20
|
-
The team has clear boundaries but no platform or SRE specialist. You are already partially filling that gap by default. The aspiration of growing into a Platform / SRE role is therefore not a career pivot — it is a promotion within the seat you already occupy.
|
|
21
|
-
|
|
22
|
-
---
|
|
23
|
-
|
|
24
|
-
## III. The Surface You Own
|
|
25
|
-
|
|
26
|
-
Across the last three months you have produced 626 commits, 66,115 insertions, 11,265 deletions, and touched 1,501 files. That volume is spread across five active production-or-near-production repositories plus one personal thesis project and one harness-research project. The shape of that surface matters more than the totals.
|
|
27
|
-
|
|
28
|
-
**Aïobi-IAM** is your strongest piece of work in the suite. You are its sole author, with 115 commits accounting for 100% of the codebase. Stack is Keycloak 20 with a custom Java SPI (`aiobi-user-provider`), realm configuration as YAML, theme bind-mounts for upgrade-survivable customisation, and a docker-compose hardening overlay always re-applied on recreate. The project follows the SWE-BASICS-BEFORE-CODE framework verbatim: a locked sequence of PRD, SRS, CONTRACT, ARCHITECTURE, and MODELING documents, with implementation deferred until those five are stable. The rollback runbook captures baseline state (user count, IdP count, OIDC status) before any deploy and treats rollback as an idempotent rerun of the deploy with destructive teardown in front. This is the project where the most discipline shows because nobody else's hands are on it.
|
|
29
|
-
|
|
30
|
-
**AïobiMeet** is the most visible service in the suite. You did not write it originally — Antoine Lebaud authored 1,388 historical commits before your involvement — but since early 2026 you have owned its operations, deployment, and infrastructure. Your 320 commits concentrate in `docker/production`, `docker/staging`, `gitlab-ci.yml`, Keycloak realm configuration, Prometheus and Grafana monitoring, and Whisper ASR tuning. You have handled more than thirty staging incidents and eleven production incidents on this service alone, each documented in dated incident reports with timeline, root cause, and resolution. When you say you built Meet, the more precise statement is: you rebuilt and continue to own everything below the application layer, and you ship every release.
|
|
31
|
-
|
|
32
|
-
**aiobi-form (Forms)** is co-owned. The feature work belongs to Youssouf Kouanda, who has merged more than twenty-five MRs in the last eight weeks. Your fifty-five commits concentrate in the production deployment infrastructure: `deploy-remote.sh`, the nginx production configuration, Traefik ingress hardening, IAM integration, staging bootstrap, and emergency hotfixes. You authored the manual security audit that catalogued forty-six findings across critical, high, and medium severity.
|
|
33
|
-
|
|
34
|
-
**aiobi-docs** is the collaborative editor service forked from Impress. You contribute fifty commits in deployment and IAM integration. The most notable artifacts here are ADR-0001, which evaluates four CRDT libraries and three OT frameworks in a full trade-off matrix before locking the Yjs decision, and the staging recovery postmortem from 12 May 2026 that identifies *two* independent root causes (one applicative, one network) and explicitly refuses single-cause oversimplification.
|
|
35
|
-
|
|
36
|
-
**eshu** is the AI assistant platform. You and Cephas Congo work as equal partners with thirty-seven and thirty-six commits respectively. He develops the backend features; you handle integration, OAuth flows, and production release. The stack is FastAPI with Vue 3, Capacitor for mobile, and a production AI integration layer using LangChain, CrewAI, ChromaDB, sentence-transformers, and several model providers (Groq, OpenAI, Google).
|
|
37
|
-
|
|
38
|
-
**AïobiOS-Guidance** is the project that does not appear in your team repository at all. It lives at `/home/ogu/Projects/AïobiOS-Guidance/` and consists of 942 lines of shell across ten scripts and 2,549 lines of doctoral-level engineering logs across seven markdown files. It is a custom Ubuntu 24.04 LTS distribution built via Cubic chroot, hardened, debloated, branded, and persisted across upgrades using `dpkg-divert` on every vendor-controlled file. The methodology is academic in rigor: nineteen distinct issues are numbered continuously across the logs, each traced to the correct abstraction layer (one issue took six hours to trace from a CSS symptom through the Yaru gresource layer down to the AccountsService D-Bus root cause). Abandoned approaches are archived in an `_abandoned/` folder for thesis traceability. This is the work that proves you can operate at OS and systems level, not just application and infrastructure level.
|
|
39
|
-
|
|
40
|
-
**MISHKAN** is the harness research project. The design document is 815 lines specifying a forty-five-agent virtual SWE organisation built natively on Claude Code, with six teams, a shared research pipeline, a five-layer architecture, a knowledge-promotion model, and a token-optimisation layer. The naming, structure, and sequence are locked; the implementation is unwritten. This is the work that signals AI-engineering research depth.
|
|
41
|
-
|
|
42
|
-
---
|
|
43
|
-
|
|
44
|
-
## IV. The Work in Numbers
|
|
45
|
-
|
|
46
|
-
The window I can see covers roughly the last three months of active development. In that window:
|
|
47
|
-
|
|
48
|
-
- 626 commits across 5 active repositories
|
|
49
|
-
- 66,115 insertions, 11,265 deletions
|
|
50
|
-
- 1,501 distinct files touched
|
|
51
|
-
- 5 distinct stacks shipping in parallel: Python, PHP, JavaScript/TypeScript, Java SPI, Bash
|
|
52
|
-
- 4 environments per service: dev, staging, prod, and a secure hardened variant
|
|
53
|
-
- Two daily peak windows (10:00–14:00 CET, 16:00–23:00 CET) with occasional late-night hotfix bursts between 00:00 and 04:00
|
|
54
|
-
- One sustained hotfix burst of 4 production commits in 22 minutes on 12 May 2026
|
|
55
|
-
- 268 `.gitlab-ci.yml` touches across repos — CI is not an afterthought, it is treated as primary infrastructure
|
|
56
|
-
|
|
57
|
-
The volume is mid-level engineer output, sustained from a junior seat, across a surface area that would normally be split between two or three people.
|
|
58
|
-
|
|
59
|
-
---
|
|
60
|
-
|
|
61
|
-
## V. How You Work
|
|
62
|
-
|
|
63
|
-
### Methodology
|
|
64
|
-
|
|
65
|
-
You do not ship before deciding. The clearest evidence is Aïobi-IAM, where five design documents are locked sequentially before implementation begins: a Product Requirements Document defines the problem and users, a Software Requirements Specification translates that into use cases and constraints, a Contract document fixes the invariants and guarantees the service must hold, an Architecture document chooses the structure, and a Modeling document defines the entities and protocols. Only then does code follow. The same pattern repeats in MISHKAN, where 815 lines of architecture specification precede the writing of any agent.
|
|
66
|
-
|
|
67
|
-
This is paired with a verification-first debugging discipline that is explicit in your memory files. Guess-based reasoning is rejected by name — *soupçon* is the word you flag — and every fix must be anchored in an exact stacktrace, HTTP status code, or log line before it is attempted. When you identify the cause of an incident, you look for two: the staging recovery postmortem of 12 May identifies one applicative cause (environment placeholder substitution failure) and one network cause (residual Docker iptables on a dead bridge), both necessary for the incident, neither sufficient alone, and refuses to collapse them into a single tidy story.
|
|
68
|
-
|
|
69
|
-
You operate under a durable-solutions rule. Workarounds — `sed` substitutions in CI, manual patches on production, temporary hacks intended to be cleaned up later — are rejected at the design stage. Any solution must work in production from the moment it lands, or it does not land.
|
|
70
|
-
|
|
71
|
-
You enforce scope discipline. The pattern that appears most often in your AI corrections is the refusal of "au passage" expansion: when you specify a fix to two slider issues, you reject the introduction of a constant extraction and a ternary cleanup alongside it. The fix is the fix. Refactor decisions happen separately, with their own scoping.
|
|
72
|
-
|
|
73
|
-
### Cadence
|
|
74
|
-
|
|
75
|
-
Your weekly rhythm is steady but bursty. Two daily peak windows handle the majority of code work: a morning block from roughly 10:00 to 14:00 CET, and an afternoon-into-evening block from 16:00 to 23:00. Late-night activity from midnight to 04:00 correlates almost perfectly with production incident response. The 12 May overnight sprint — four prod commits in twenty-two minutes — is the signature of a single engineer working a cascading Traefik, nginx, and IPv6 health-check failure under time pressure. Weekend activity is absent in the sample window.
|
|
76
|
-
|
|
77
|
-
### Commit and deployment hygiene
|
|
78
|
-
|
|
79
|
-
Your commit format is strict and personal. Every commit takes the shape `type(scope) short description`, with body text spanning five to fifteen lines and including environment details, error logs, root cause, and alternatives considered. No emojis. No `Co-Authored-By` trailers. Lowercase subjects, no terminating period. The shared server protocol you follow requires `GIT_COMMITTER_NAME="TheY4NN777"` and an explicit `--author` flag on every commit, with strict prohibition on modifying the local git config. The body language flows freely between French and English depending on the audience for the message.
|
|
80
|
-
|
|
81
|
-
The deployment flow is continuous and solo-managed: staging first, then validation, then a merge request from `develop` into `main`, then production. There is no semver tagging and no formal changelog except in Forms. The narrative history lives in three places — the git log, the structured DEPLOYMENT-LOG files per service per environment, and the integration journals under `docs/ops/`. CI runners live on `ops-serv` (10.13.13.14) and deploy via SSH-direct to the production runtime on `Aïobi Master` (207.180.255.229, internally 10.13.13.1), which is treated as a pure runtime with no CI presence. Health polling, hash-based config drift detection, and idempotent restart patterns are baked into every deploy script.
|
|
82
|
-
|
|
83
|
-
### Documentation as habit
|
|
84
|
-
|
|
85
|
-
You write extensively, almost compulsively, but always for builders rather than for end users. Your READMEs are terse — fifty to one hundred and fifty lines — because the audience already knows the system. Your design documents are heavy — three hundred to eight hundred lines — because the audience is the future engineer who has to maintain it. Runbooks are written for copy-paste safety under stress: each command is one possible failure mode, no thinking required, no parsing required. Integration journals run chronologically through gotchas and decisions, sometimes spanning eight hundred lines for a single integration phase. Postmortems are blameless and rigorous; the 12 May staging recovery doc opens with the line "not a récit pour bien paraître" — not a story written to look good.
|
|
86
|
-
|
|
87
|
-
The corpus across all your projects totals roughly 654,000 tokens spread over 325 documentation files. Ninety percent of those files are written in French. They cluster into thirteen distinct document types: design specs, incident reports, postmortems, runbooks, integration journals, handover notes, architecture documents, audit reports, READMEs, deployment logs, session memory files, ADRs, feature specs, and TODO trackers. The corpus is dated, templated, and strongly interlinked. It is ready for RAG ingestion with minimal preprocessing.
|
|
88
|
-
|
|
89
|
-
---
|
|
90
|
-
|
|
91
|
-
## VI. How You Work With AI
|
|
92
|
-
|
|
93
|
-
You are an exclusive Claude Code user. There is no Cursor, no Windsurf, no Aider, no Continue, no Copilot in your stack. This is a deliberate choice, not a default — you have invested heavily in customising one tool well rather than spreading effort across many.
|
|
94
|
-
|
|
95
|
-
Your customisation lives in `~/.claude/`. Five user-level agents are installed, the most developed being `aiobi-ops` — a forty-kilobyte specialist agent that distills the operational knowledge of running the Aïobi suite: more than twenty documented gotchas, more than fifteen incidents with resolution patterns, full topology awareness across Meet, Forms, IAM, Docs, and eshu. Eight slash commands handle recurring workflows like EPCT, explore, run-tasks, and watch-ci. Two bash aliases — `cc` and `ccc` — wire Claude in with skip-permissions for trusted flows. A pre-tool-use hook implemented in bun TypeScript validates every Bash invocation. The MEMORY.md system is maintained religiously: ninety-three memory files across all projects, totalling roughly forty-eight thousand tokens, distilled from session transcripts into permanent knowledge that survives session boundaries.
|
|
96
|
-
|
|
97
|
-
Your delegation pattern is asymmetric and precise. Generative work — UI, CSS, SVG, animations, config templates, YAML, Keycloak SPI boilerplate — you delegate freely and accept one-shot. Stateful operations — `git push`, SSH to production, `docker exec` on production, sudo commands, schema migration execution, log forensics execution — you delegate to zero degree. Claude analyses log output; you run the command that produced it. This rule is explicit in your memory files and consistent across hundreds of session lines. You have already solved, intuitively and durably, the AI-safety question that most engineering teams are still working out.
|
|
98
|
-
|
|
99
|
-
Your prompting style has evolved across sessions. Early in a project, your prompts are highly structured: explicit JSON-like blocks with `tâche`, `entrée`, `format_de_sortie`, and `exigences` keys, averaging just over a thousand characters. Late in a session, the format shifts to conversational and terse, often French command-style, with long messages dominated by terminal log dumps rather than instruction. Under pressure, the structure returns — you scale prompt rigor with task difficulty, which is the right direction. Your language code-switches deliberately: French dominates when you express frustration, narrate progress, or correct sharply, while English dominates when you issue terminal commands, reference framework names, or quote error messages.
|
|
100
|
-
|
|
101
|
-
There is a measurable friction tax in your sessions, on the order of three to five percent of session time. The friction is process-shaped, not skill-shaped. The same corrections recur: commit format compliance has been corrected one hundred and twenty-nine times across sessions, Keycloak session persistence one hundred and twenty-five times, `git push` coordination fifty-three times, database schema synchronisation twenty-nine times. These are not problems you do not understand; they are problems your AI tooling has not yet been engineered to remove. They are the natural target for harness-level fixes.
|
|
102
|
-
|
|
103
|
-
A separate signal worth noting: your typo density triples after 23:00 UTC, and your prompts shift in shape from structured to raw terminal dumps. Late-night sessions correlate with production incidents and produce higher error rates from Claude. This is a fatigue pattern visible in the data.
|
|
104
|
-
|
|
105
|
-
---
|
|
106
|
-
|
|
107
|
-
## VII. The Body of Documentation You Have Built
|
|
108
|
-
|
|
109
|
-
The 654,000 tokens of documentation you have produced is unusual at your tenure. It is not journal entries or scratch notes — it is structured, dated, interlinked, audience-aware engineering documentation. Twenty documents stand out as particularly high-value: the IAM design suite (PRD through MODELING), the integration journals for Forms and Docs onto IAM, the staging bootstrap journal for aiobi-docs, the cross-suite handover notes, the 12 May staging recovery postmortem, the IAM refactoring plan for aiobi-docs, the 10 April production deployment incident on Meet, the ecosystem topology snapshot from 21 April, the production deployment runbook for Keycloak, and several others.
|
|
110
|
-
|
|
111
|
-
The entity density inside this corpus is high. More than twenty distinct services are named (Keycloak, PostgreSQL, Redis, Celery, Whisper, MinIO, LiveKit, Nginx, Traefik, Grafana, Sentry, GlitchTip, Loki, and others). More than thirty distinct configuration keys appear repeatedly across documents. Fifteen ports, three Keycloak realms, three IP subnets, four named hosts, multiple deployment phases, security artifacts including CVE references, and dependency versions are all consistently spelled and consistently linked. This is the property that makes a knowledge graph viable: the docs already speak in graph nodes, you just have not yet extracted them.
|
|
112
|
-
|
|
113
|
-
There are quality flags. Forty-two TODO and FIXME markers exist across runbooks and incident logs. Thirty-three documents are explicitly marked as superseded or live in archive folders. Two factual contradictions exist between documents (most notably the infrastructure host name OVH versus Contabo, resolved in memory but not yet in the docs themselves). Seven documents mix French and English within a single body. No status frontmatter convention has been adopted, so the distinction between draft, live, and superseded lives only in the directory structure and in your head. These are addressable, not severe, but they shape what a RAG layer would have to handle.
|
|
114
|
-
|
|
115
|
-
---
|
|
116
|
-
|
|
117
|
-
## VIII. Where You Are Strong
|
|
118
|
-
|
|
119
|
-
You have unusual operational mastery for someone with a junior title. You run five production services across five stacks single-handed on the deploy and operate axis, you have sustained mid-level engineer commit velocity for at least three months, and the production system has not broken in any way that the documentation does not record and explain. The discipline that holds this together is real: idempotent rollback runbooks with pre-flight state capture, hash-based config drift detection in CI, dual root-cause identification in postmortems, copy-paste-safe runbooks under incident pressure.
|
|
120
|
-
|
|
121
|
-
You have deep Keycloak expertise. The custom Java SPI you wrote, the realm YAML hardening, the bind-mount theme persistence pattern, the Infinispan JDBC session persistence configuration, the SSO federation across four applications, and the UTF-8 byte-level reconstruction (`printf '\xc3\xaf'`) in your shell scripts together represent a domain depth that is rare outside specialist identity teams.
|
|
122
|
-
|
|
123
|
-
You have doctoral-level engineering methodology when you choose to apply it. The IAM design suite is one example; the AïobiOS engineering logs are the stronger one. Nineteen issues numbered continuously, each traced through the correct abstraction layer, with abandoned approaches archived rather than deleted, is a documentation practice most engineers never adopt at any career stage.
|
|
124
|
-
|
|
125
|
-
You have unusual AI-tooling intentionality. The 40 KB `aiobi-ops` specialist agent is not how most engineers use Claude; it is how a few harness-builders use it. The MEMORY.md discipline is sustained, not aspirational. The asymmetric delegation rule is internally consistent. The MISHKAN spec is original research-grade work in a discourse most engineers do not engage with. The bash command validator hook, written in bun TypeScript, is the kind of detail that signals harness-first thinking.
|
|
126
|
-
|
|
127
|
-
You have a rigorous debugging discipline. Verification-first, no soupçon, dual root cause when warranted, exact-stacktrace-before-fix. This is a senior-shaped habit applied at junior tenure.
|
|
128
|
-
|
|
129
|
-
You have brand-and-precision discipline that crosses from typography into engineering. The Aïobi tréma enforced in every file is the cosmetic version; the UTF-8 byte-level work in shell scripts and the strict commit format are the engineering version. They are the same instinct.
|
|
130
|
-
|
|
131
|
-
You have a security practice that, while not yet automated, is consistently applied: a SECURITY.md file per repo with a disclosure email, CVE references inline in dependency files (`# CVE-2024-33663 fix`), SOPS for secret management, Keycloak SSO as the single identity source for the suite, rate-limiting on FastAPI endpoints, and hardening overlays always re-applied on container recreate.
|
|
132
|
-
|
|
133
|
-
---
|
|
134
|
-
|
|
135
|
-
## IX. Where the Work Is Not Done
|
|
136
|
-
|
|
137
|
-
There are three categories of gap. They are not equivalent and they do not have the same fix paths.
|
|
138
|
-
|
|
139
|
-
### Skills you have not yet acquired
|
|
140
|
-
|
|
141
|
-
You have no Kubernetes. Your container orchestration ceiling is Docker Compose with multi-environment overlays, hand-rolled and excellent at that scale, but Kubernetes is the lingua franca above that scale and you do not yet speak it. You have no Terraform, Pulumi, or Helm — your infrastructure-as-code practice is imperative bash, not declarative state. You have no Go and no Rust — both languages matter for the platform and systems work your stated trajectory points toward. You have no formal SLO practice — Prometheus and Grafana are deployed, but no SLI definitions, no error budgets, no burn-rate alerts, no published SLO documents. You have no distributed-systems primitives in production — no service mesh, no mTLS between services, no circuit breakers, no formal RPC framework. You have no threat model as an artifact — security thinking is pervasive in your code but no STRIDE document, no attack tree, no formal per-system or per-service threat model exists.
|
|
142
|
-
|
|
143
|
-
### Practices you have not yet automated
|
|
144
|
-
|
|
145
|
-
You audit dependencies and reference CVE IDs in comments, but you do not gate your CI pipelines on SAST. No semgrep, no bandit, no trivy, no gitleaks, no OSV-Scanner blocks any merge. The practice is in your hands; it is not in the pipeline.
|
|
146
|
-
|
|
147
|
-
Your documents do not close. Many integration journals and handover notes are marked "à valider avec le mainteneur" indefinitely, sitting at 836 lines without a closing version. There is no status frontmatter convention distinguishing draft, live, and superseded states. The closure ritual is missing.
|
|
148
|
-
|
|
149
|
-
Your changelogs are not automated. Only Forms has a CHANGELOG.md; the rest of the suite uses the git log as an implicit changelog. The commits are conventional enough that `git-cliff` or a similar tool would auto-generate clean changelogs in under an hour of work per repo.
|
|
150
|
-
|
|
151
|
-
Your test coverage varies. The aiobi-form and aiobi-docs repos have working test suites (phpunit and vitest respectively); IAM and eshu have weaker coverage. The pattern is shippable code without locked behaviour.
|
|
152
|
-
|
|
153
|
-
Your AI friction is reactive. The 129 commit-format corrections and 125 session-persistence corrections in your transcript history are process problems, not knowledge problems. They recur because the rules live in memory files but are not yet baked into project initialisation, pre-commit hooks, or harness-level constraints.
|
|
154
|
-
|
|
155
|
-
You have no late-night deploy rule. The data shows your prompt quality degrades after 23:00 UTC and your incidents cluster in that window. The rule does not yet exist in your `~/.claude/CLAUDE.md`.
|
|
156
|
-
|
|
157
|
-
### Tooling you have designed but not built
|
|
158
|
-
|
|
159
|
-
Cognee — the shared knowledge graph that MISHKAN's design depends on — is specified but not deployed. No instance is running.
|
|
160
|
-
|
|
161
|
-
No MCP servers are configured in any of your projects. There are zero `.mcp.json` files across the suite. The Cognee integration, the filesystem integration, the git integration, and the security-scanner integration MISHKAN envisions all remain unbuilt.
|
|
162
|
-
|
|
163
|
-
MISHKAN itself is 815 lines of design and zero lines of code. The decisions about Cognee deployment mode, local model runtime, and per-project versus user-level installation scope are still open. The agent system prompts, CLAUDE.md templates, rules content, hook implementations, skill content, curated library content, graph schema, observability pipeline, and model routing configuration are all listed in the design document as explicitly not-yet-designed.
|
|
164
|
-
|
|
165
|
-
The RAG-CLI you described — the internal knowledge graph plus retrieval system over your engineering corpus — exists only in conversation. The corpus is ready; the system is not.
|
|
166
|
-
|
|
167
|
-
Your MEMORY.md flat-file pattern has reached its ceiling. Ninety-three files spanning forty-eight thousand tokens, manually cross-referenced, is the largest you can carry in this format. Migration to a graph store is the natural next step.
|
|
168
|
-
|
|
169
|
-
You have not yet built any Go binary for internal tooling. That language gap and the tool gap point at each other and resolve together.
|
|
170
|
-
|
|
171
|
-
---
|
|
172
|
-
|
|
173
|
-
## X. What Is Currently Open
|
|
174
|
-
|
|
175
|
-
The active work in flight is concentrated. On Aïobi-IAM, version 1.0.x is in production while 1.1.x continues; the SPI bind-mount priority escalation is open in the backlog, the Docker boltdb cleanup is acknowledged as technical debt, and the full federation across Meet and eshu is pending. The 06_IMPLEMENTATION design document is the next sequenced artifact.
|
|
176
|
-
|
|
177
|
-
On Aïobi Forms, Phase 1 IAM hardening has shipped to production and Phase 2 pre-prod finition is in flight, including silent SSO deployment and JWT hardening. The forty-six audit findings are partially remediated.
|
|
178
|
-
|
|
179
|
-
On aiobi-docs, staging is active and production is pending. The IAM theme migration to prod, the logout flow finalisation, the postmortem follow-ups from 12 May, and the realm_events_listener bug from 11 May are all open.
|
|
180
|
-
|
|
181
|
-
On eshu, the OAuth and prod setup phase is the current focus, including the Google and Apple OAuth flows and the registry migration from 10.13.13.1 to 10.13.13.14.
|
|
182
|
-
|
|
183
|
-
On AïobiMeet, the recurring open items are session persistence across Keycloak restarts, the unresolved Whisper ASR performance divergence between staging and production (suspected but unconfirmed AVX-512 CPU instruction set difference), SSO session timeout tuning, and ongoing cAdvisor memory limit adjustments.
|
|
184
|
-
|
|
185
|
-
On AïobiOS-Guidance, the locked work covers user stories US-1.1 through US-1.4 (debloat, security hardening, persistent branding, GDM customisation). The next phases are AppArmor or SELinux policy authoring, LUKS encryption integration, Secure Boot signing, and ISO build automation. No CI exists yet for this project. Public release preparation is pending.
|
|
186
|
-
|
|
187
|
-
On MISHKAN, the design is locked, the build has not started. The decisions blocking Phase 0 are: which deployment mode for Cognee, which local model runtime to use for the local-model agents, and whether to install at user level or per-project. Beyond those three decisions, agent system prompts, CLAUDE.md templates, rules content, hooks, skills, curated library content, the graph schema, the observability pipeline, and model routing all remain to be designed before implementation.
|
|
188
|
-
|
|
189
|
-
On the RAG-CLI vision, the corpus is ready and the architecture has been discussed in conversation, but no code exists.
|
|
190
|
-
|
|
191
|
-
---
|
|
192
|
-
|
|
193
|
-
## XI. Closing Note
|
|
194
|
-
|
|
195
|
-
This document describes the present state without comparison to seniority levels, without aspirational framing, and without prescription. The work you have done is what it is. The work that remains is what it is. The strengths are evidence-anchored to specific repositories, files, and commit patterns. The gaps are factual — the named tools, named practices, and named systems that are absent from your stack today.
|
|
196
|
-
|
|
197
|
-
The shape of the next quarter is determined by which of the open items you pursue, in what order, and at what depth. The shape of this document is what an agent — yours, mine, or one built into MISHKAN — should be able to load as context to operate alongside you with full awareness of who you are, how you work, what you own, and where the work is going.
|
|
198
|
-
|
|
199
|
-
---
|
|
200
|
-
|
|
201
|
-
*Present-state profile. Updated on milestone events, role changes, or material scope shifts. Paired with `profile.md` (agent-loadable structured form, this directory).*
|
package/docs/engineer/profile.md
DELETED
|
@@ -1,754 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: y4nn-profile
|
|
3
|
-
description: Canonical developer profile of Y4NN. Loaded as cached context by MISHKAN agents.
|
|
4
|
-
type: developer_profile
|
|
5
|
-
version: 1.0
|
|
6
|
-
last_updated: 2026-05-27
|
|
7
|
-
scope: agent-loadable
|
|
8
|
-
language: en
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
# Y4NN — Developer Profile
|
|
12
|
-
|
|
13
|
-
## 0. Identity
|
|
14
|
-
|
|
15
|
-
```yaml
|
|
16
|
-
legal_name: Ragnang-Newende Yanis Axel DABO
|
|
17
|
-
handle: >_TheY4NN
|
|
18
|
-
github: Y4NN777
|
|
19
|
-
emails:
|
|
20
|
-
- yanisaxel.dabo@aiobi.world # primary work
|
|
21
|
-
|
|
22
|
-
- nage-remorqueur8o@icloud.com # claude.ai account
|
|
23
|
-
git_authors:
|
|
24
|
-
- TheY4NN777 <yanisaxel.dabo@aiobi.world>
|
|
25
|
-
- Yanis Axel Dabo <yanisaxel.dabo@aiobi.world>
|
|
26
|
-
machine_identities:
|
|
27
|
-
- ogu # current
|
|
28
|
-
- aiobi6 # prior
|
|
29
|
-
title: Junior Software Engineer
|
|
30
|
-
internal_role: Mainteneur Staging & Production @ OGUN
|
|
31
|
-
employer: Aïobi
|
|
32
|
-
languages:
|
|
33
|
-
- fr # primary, all internal/meta work
|
|
34
|
-
- en # secondary, technical artifacts and code
|
|
35
|
-
location: France/Africa axis (Aïobi = sovereign African tech ecosystem)
|
|
36
|
-
brand_rule: "Aïobi" with tréma — never "Aiobi"
|
|
37
|
-
```
|
|
38
|
-
|
|
39
|
-
## 1. Operating Role
|
|
40
|
-
|
|
41
|
-
Build-and-deploy engineer for the Aïobi product suite. Bridge between feature development and infrastructure operations. Owns the operational delivery pipeline end-to-end across five production services. Sole owner of one (IAM). Builder of one independent thesis-grade project (AïobiOS).
|
|
42
|
-
|
|
43
|
-
```yaml
|
|
44
|
-
role_components:
|
|
45
|
-
- feature_engineering # full-stack, multi-stack
|
|
46
|
-
- deployment_engineering # staging + prod for entire suite
|
|
47
|
-
- devsecops_practice # hardening, secret management, audits
|
|
48
|
-
- incident_response # primary on-call
|
|
49
|
-
- documentation_authoring # design specs, runbooks, postmortems
|
|
50
|
-
- ai_tooling_engineering # custom agents, harness design
|
|
51
|
-
reports_to:
|
|
52
|
-
- cto: unnamed (Direction Technique Aïobi)
|
|
53
|
-
collaborates_with:
|
|
54
|
-
- youssouf_kouanda: Forms feature lead + MR gate (OGUN-kal)
|
|
55
|
-
- cephas_congo: eshu backend co-developer (LEGBA-8I)
|
|
56
|
-
- cheick_oumar_tarnagueda: ops support (OGUN-TCO)
|
|
57
|
-
- hermes_team: hardware/server provisioning
|
|
58
|
-
- antoine_lebaud: original AïobiMeet author (less active)
|
|
59
|
-
```
|
|
60
|
-
|
|
61
|
-
## 2. Surface Owned
|
|
62
|
-
|
|
63
|
-
### 2.1 Aïobi-IAM (sole owner)
|
|
64
|
-
```yaml
|
|
65
|
-
status: production
|
|
66
|
-
stack: Keycloak 20 + custom Java SPI + realm YAML + theme bind-mounts
|
|
67
|
-
ownership: 100%
|
|
68
|
-
commits_in_window: 115
|
|
69
|
-
artifacts:
|
|
70
|
-
- SWE-BASICS-BEFORE-CODE design suite: 01_PRD → 05_MODELING (locked)
|
|
71
|
-
- Custom SPI: aiobi-user-provider (Java, compiled in-pipeline)
|
|
72
|
-
- Hardening overlay (docker-compose.hardening.yml)
|
|
73
|
-
- Rollback runbook with pre-flight state capture
|
|
74
|
-
- Integration journals for Forms / Docs / Meet onboarding
|
|
75
|
-
boundary: builds, integrates, hardens, deploys, operates
|
|
76
|
-
```
|
|
77
|
-
|
|
78
|
-
### 2.2 AïobiMeet
|
|
79
|
-
```yaml
|
|
80
|
-
status: production
|
|
81
|
-
stack: Django + React + LiveKit + FastAPI + Keycloak SSO
|
|
82
|
-
ownership: ops/infra/deploy (not original author)
|
|
83
|
-
original_author: Antoine Lebaud (1388 historical commits)
|
|
84
|
-
commits_in_window: 320
|
|
85
|
-
boundary:
|
|
86
|
-
owns: docker/production, docker/staging, gitlab-ci.yml, Keycloak realm config,
|
|
87
|
-
Prometheus/Grafana setup, Whisper ASR tuning, hotfixes, deploys
|
|
88
|
-
does_not_own: original feature architecture, core conferencing logic
|
|
89
|
-
incidents_handled: 30+ staging errors, 11 prod errors documented
|
|
90
|
-
```
|
|
91
|
-
|
|
92
|
-
### 2.3 aiobi-form (Forms)
|
|
93
|
-
```yaml
|
|
94
|
-
status: production
|
|
95
|
-
stack: Laravel 11 + Nuxt 3 (dual-licensed AGPLv3 + proprietary)
|
|
96
|
-
ownership: deploy + IAM integration + ops + production hotfixes
|
|
97
|
-
feature_lead: Youssouf Kouanda
|
|
98
|
-
mr_gate: Youssouf Kouanda (25+ merges in 8 weeks)
|
|
99
|
-
commits_in_window: 55
|
|
100
|
-
boundary:
|
|
101
|
-
owns: deploy-remote.sh, nginx-prod.conf, Traefik ingress, IAM integration,
|
|
102
|
-
staging bootstrap, prod hotfixes
|
|
103
|
-
does_not_own: feature development (Youssouf), core Notion-Forms fork (Julien Nahum upstream)
|
|
104
|
-
audit_findings: 46 (critical/high/medium catalogued)
|
|
105
|
-
```
|
|
106
|
-
|
|
107
|
-
### 2.4 aiobi-docs
|
|
108
|
-
```yaml
|
|
109
|
-
status: staging active, prod pending
|
|
110
|
-
stack: Django + Yjs/CRDT + React (Impress fork)
|
|
111
|
-
ownership: deploy + IAM integration + staging
|
|
112
|
-
commits_in_window: 53
|
|
113
|
-
artifacts:
|
|
114
|
-
- ADR-0001 (Yjs CRDT decision, full trade-off matrix)
|
|
115
|
-
- Postmortem 2026-05-12 (staging recovery, dual root cause)
|
|
116
|
-
- Refacto plan 02 (52 KB)
|
|
117
|
-
boundary:
|
|
118
|
-
owns: staging deploy, IAM theme + logout flow, CI/CD
|
|
119
|
-
shared: core docs platform (Anthony LC, Manuel Raynaud upstream)
|
|
120
|
-
```
|
|
121
|
-
|
|
122
|
-
### 2.5 eshu
|
|
123
|
-
```yaml
|
|
124
|
-
status: in development, OAuth + prod setup phase
|
|
125
|
-
stack: FastAPI + Vue 3 + Capacitor + LangChain + CrewAI + ChromaDB
|
|
126
|
-
ownership: integration + prod release (equal partnership)
|
|
127
|
-
co_developer: Cephas Congo
|
|
128
|
-
commits_in_window: 37 (Cephas: 36)
|
|
129
|
-
boundary:
|
|
130
|
-
owns: prod setup, OAuth flows, deploy pipeline, develop→main merges for prod
|
|
131
|
-
does_not_own: backend feature development (Cephas)
|
|
132
|
-
```
|
|
133
|
-
|
|
134
|
-
### 2.6 AïobiOS-Guidance (personal/thesis)
|
|
135
|
-
```yaml
|
|
136
|
-
status: late prototype / pre-production
|
|
137
|
-
location: /home/ogu/Projects/AïobiOS-Guidance/ (not in /theY4NN/)
|
|
138
|
-
type: thesis-grade Ubuntu 24.04 LTS customisation
|
|
139
|
-
stack: Cubic chroot + dpkg-divert + bash + GRUB + Plymouth + GDM + Yaru
|
|
140
|
-
code_volume: 942 LOC shell across 10 scripts
|
|
141
|
-
docs_volume: 2549 lines markdown across 7 engineering logs + guides
|
|
142
|
-
ownership: 100% sole author
|
|
143
|
-
methodology: doctoral — 19 issues numbered continuously, each traced to root cause across abstraction layer (CSS → Yaru gresource → AccountsService D-Bus → dpkg-divert)
|
|
144
|
-
visibility: private — not yet public
|
|
145
|
-
```
|
|
146
|
-
|
|
147
|
-
## 3. Velocity Snapshot
|
|
148
|
-
|
|
149
|
-
```yaml
|
|
150
|
-
window: ~3 months (recent)
|
|
151
|
-
total_commits: 626
|
|
152
|
-
insertions: 66115
|
|
153
|
-
deletions: 11265
|
|
154
|
-
files_touched: 1501
|
|
155
|
-
repos_active: 5 (+ AïobiOS personal)
|
|
156
|
-
stacks_active: 5 (Python, PHP, JS/TS, Java SPI, Bash)
|
|
157
|
-
environments_per_service: 4 (dev, staging, prod, secure)
|
|
158
|
-
cadence:
|
|
159
|
-
peak_hours_cet: [10-14, 16-23]
|
|
160
|
-
hotfix_bursts: 00-04 CET, late-night
|
|
161
|
-
weekday_only: true
|
|
162
|
-
recent_hotfix_density: 4 prod commits in 22 minutes (2026-05-12 02:00-02:22)
|
|
163
|
-
```
|
|
164
|
-
|
|
165
|
-
## 4. Demonstrated Stack
|
|
166
|
-
|
|
167
|
-
### 4.1 Languages (actively shipping)
|
|
168
|
-
```yaml
|
|
169
|
-
python:
|
|
170
|
-
level: strong
|
|
171
|
-
evidence: FastAPI async + Pydantic + Alembic + asyncpg, Django production, LangChain/CrewAI/ChromaDB integration
|
|
172
|
-
php:
|
|
173
|
-
level: working
|
|
174
|
-
evidence: Laravel 11 production, Eloquent ORM, blade templates
|
|
175
|
-
typescript_javascript:
|
|
176
|
-
level: strong
|
|
177
|
-
evidence: Nuxt 3 SSR, React, Vue 3, Vitest, component libraries, i18next
|
|
178
|
-
java:
|
|
179
|
-
level: working
|
|
180
|
-
evidence: Keycloak SPI compilation, enum refactor, test suite (aiobi-user-provider)
|
|
181
|
-
bash:
|
|
182
|
-
level: strong
|
|
183
|
-
evidence: deploy-remote.sh patterns, AïobiOS scripts, dpkg-divert orchestration, UTF-8 byte-level reconstruction
|
|
184
|
-
yaml:
|
|
185
|
-
level: strong
|
|
186
|
-
evidence: realm config, docker-compose, GitLab CI, idempotent overlays
|
|
187
|
-
languages_absent: [go, rust, c, c++]
|
|
188
|
-
```
|
|
189
|
-
|
|
190
|
-
### 4.2 Infrastructure stack
|
|
191
|
-
```yaml
|
|
192
|
-
containerisation:
|
|
193
|
-
docker: strong
|
|
194
|
-
docker_compose: strong (multi-environment overlays, hash-based config drift detection, hardening overlays)
|
|
195
|
-
kubernetes: absent
|
|
196
|
-
ci_cd:
|
|
197
|
-
gitlab_ci: strong (268 yml touches, environment scoping, protected vars, conditional jobs)
|
|
198
|
-
github_actions: limited (aiobi-docs only)
|
|
199
|
-
iac:
|
|
200
|
-
declarative: absent (no Terraform, no Pulumi, no Helm)
|
|
201
|
-
imperative: strong (custom bash deploy patterns, SSH-direct with health polling)
|
|
202
|
-
observability:
|
|
203
|
-
prometheus: deployed
|
|
204
|
-
grafana: deployed
|
|
205
|
-
sentry: deployed across 3 projects
|
|
206
|
-
glitchtip: deployed
|
|
207
|
-
loki: deployed
|
|
208
|
-
opentelemetry: absent
|
|
209
|
-
slo_definitions: absent
|
|
210
|
-
burn_rate_alerts: absent
|
|
211
|
-
secrets:
|
|
212
|
-
sops: in use
|
|
213
|
-
gitlab_protected_vars: in use
|
|
214
|
-
vault: absent
|
|
215
|
-
service_mesh: absent
|
|
216
|
-
mtls_between_services: absent
|
|
217
|
-
```
|
|
218
|
-
|
|
219
|
-
### 4.3 Security stack
|
|
220
|
-
```yaml
|
|
221
|
-
practices:
|
|
222
|
-
- SECURITY.md per repo with disclosure policy
|
|
223
|
-
- CVE-pinned dependencies (explicit comments referencing CVE IDs)
|
|
224
|
-
- Hardening overlays for Keycloak (always re-applied on recreate)
|
|
225
|
-
- SSO across suite via Keycloak (single source of identity)
|
|
226
|
-
- Rate limiting (slowapi) on FastAPI endpoints
|
|
227
|
-
- Session security middleware
|
|
228
|
-
- Manual security audits (Forms audit: 46 findings catalogued)
|
|
229
|
-
automation:
|
|
230
|
-
sast_in_ci: absent # no semgrep, bandit, trivy, gitleaks, OSV-Scanner gates
|
|
231
|
-
dependency_scanning_in_ci: absent
|
|
232
|
-
threat_modelling_artifact: absent # STRIDE doc not produced
|
|
233
|
-
responsible_disclosure_received: 0
|
|
234
|
-
```
|
|
235
|
-
|
|
236
|
-
### 4.4 Domain expertise (deep)
|
|
237
|
-
```yaml
|
|
238
|
-
keycloak:
|
|
239
|
-
level: deep
|
|
240
|
-
evidence: 229 mentions in transcripts, custom SPI in Java, realm YAML hardening, theme bind-mounts, JDBC session persistence (Infinispan), SSO federation across 4 apps, broker IdP setup
|
|
241
|
-
docker_networking:
|
|
242
|
-
level: deep
|
|
243
|
-
evidence: Traefik routing edge cases, IPv6 vs IPv4 localhost healthcheck issues, ghost iptables on dead bridges, subnet pinning, hardening overlays
|
|
244
|
-
linux_systems_customisation:
|
|
245
|
-
level: deep (AïobiOS)
|
|
246
|
-
evidence: dpkg-divert across 6 subsystems, GRUB customisation, Plymouth themes, GDM/Yaru/AccountsService layer debugging, systemd one-shot first-boot provisioning
|
|
247
|
-
rag_ai_stack:
|
|
248
|
-
level: working
|
|
249
|
-
evidence: eshu uses LangChain + CrewAI + ChromaDB + sentence-transformers + Groq/OpenAI/Google models in production
|
|
250
|
-
crdt_realtime:
|
|
251
|
-
level: working
|
|
252
|
-
evidence: ADR-0001 Yjs evaluation with full trade-off matrix, integration in aiobi-docs
|
|
253
|
-
```
|
|
254
|
-
|
|
255
|
-
## 5. Engineering Methodology
|
|
256
|
-
|
|
257
|
-
### 5.1 Workflow rules (observed)
|
|
258
|
-
```yaml
|
|
259
|
-
design_before_code:
|
|
260
|
-
rule: PRD → SRS → CONTRACT → ARCHITECTURE → MODELING locked before implementation
|
|
261
|
-
applied_in: [Aïobi-IAM, MISHKAN]
|
|
262
|
-
source: SWE-BASICS-BEFORE-CODE framework
|
|
263
|
-
explain_before_implement:
|
|
264
|
-
rule: 2-3 sentence explanation + trade-offs + wait for approval before any code change
|
|
265
|
-
source: feedback_explain_before_code.md (triggered by 3-cycle date-picker incident)
|
|
266
|
-
diagnose_before_fix:
|
|
267
|
-
rule: exact stacktrace / HTTP status / log line required before any fix
|
|
268
|
-
reject: "soupçon" (guess-based) reasoning
|
|
269
|
-
source: feedback_diagnose_before_fix.md
|
|
270
|
-
durable_solutions_only:
|
|
271
|
-
rule: no sed-in-CI, no manual patches, no temporary workarounds
|
|
272
|
-
must_work_in_prod: true
|
|
273
|
-
source: feedback_durable_solutions.md
|
|
274
|
-
verify_before_destructive:
|
|
275
|
-
rule: git status --short before every push, read compose paths before deploy
|
|
276
|
-
source: project_aiobi-ops memory
|
|
277
|
-
no_invented_facts:
|
|
278
|
-
rule: no estimation of timeframes without git log verification
|
|
279
|
-
source: feedback_no_invented_facts.md
|
|
280
|
-
no_scope_creep:
|
|
281
|
-
rule: fix only what was specified; no "au passage" refactors
|
|
282
|
-
source: feedback_no_scope_creep.md
|
|
283
|
-
```
|
|
284
|
-
|
|
285
|
-
### 5.2 Commit discipline
|
|
286
|
-
```yaml
|
|
287
|
-
format: "type(scope) short description"
|
|
288
|
-
extended: "type(scope) subject — body with logs, root cause, before/after"
|
|
289
|
-
types_used: [fix, feat, docs, chore, hotfix, refactor, ops]
|
|
290
|
-
emojis: forbidden
|
|
291
|
-
co_authored_by: forbidden
|
|
292
|
-
case: lowercase subject
|
|
293
|
-
period_terminator: no
|
|
294
|
-
shared_server_protocol:
|
|
295
|
-
- GIT_COMMITTER_NAME="TheY4NN777"
|
|
296
|
-
- --author flag explicit on every commit
|
|
297
|
-
- never modify git config
|
|
298
|
-
body_style: 5-15 lines with environment details, error messages, alternatives considered
|
|
299
|
-
language: French in subject and scope, French or English in body
|
|
300
|
-
```
|
|
301
|
-
|
|
302
|
-
### 5.3 Deployment discipline
|
|
303
|
-
```yaml
|
|
304
|
-
flow: staging → validate → MR develop→main → prod
|
|
305
|
-
trigger: continuous deploy (no semver tags)
|
|
306
|
-
narration: git log + .claude/plans/ + docs/ops/
|
|
307
|
-
ci_runner_topology:
|
|
308
|
-
- runner_host: ops-serv (10.13.13.14)
|
|
309
|
-
- prod_runtime: Aïobi Master (207.180.255.229, 10.13.13.1) — pure runtime, no CI
|
|
310
|
-
- pattern: SSH-direct deploy with scoped key + sudo NOPASSWD discipline
|
|
311
|
-
pre_deploy_checks:
|
|
312
|
-
- hash-based config drift detection (sha256 diff on env files)
|
|
313
|
-
- health polling with timeout + retry
|
|
314
|
-
- container restart only if config hash changed
|
|
315
|
-
post_deploy:
|
|
316
|
-
- structured DEPLOYMENT-LOG.md updated per service per env
|
|
317
|
-
incident_pattern:
|
|
318
|
-
- reproduce in staging first
|
|
319
|
-
- identify dual root causes (applicative + network often both present)
|
|
320
|
-
- blameless postmortem with timeline + lessons + action items
|
|
321
|
-
```
|
|
322
|
-
|
|
323
|
-
### 5.4 Documentation discipline
|
|
324
|
-
```yaml
|
|
325
|
-
audience: builders (not end-users)
|
|
326
|
-
density:
|
|
327
|
-
readmes: 50-150 lines (terse)
|
|
328
|
-
design_docs: 300-800 lines (heavy)
|
|
329
|
-
runbooks: copy-paste-safe, one command per failure mode
|
|
330
|
-
templates_applied:
|
|
331
|
-
- SWE-BASICS-BEFORE-CODE (PRD/SRS/CONTRACT/ARCHITECTURE/MODELING)
|
|
332
|
-
- postmortem: timeline + root causes + lessons + action items
|
|
333
|
-
- integration journal: chronological narrative with gotchas table
|
|
334
|
-
language_split:
|
|
335
|
-
french: 90% (internal team-facing)
|
|
336
|
-
english: 10% (architecture, design docs, MISHKAN)
|
|
337
|
-
status_marker: absent — no draft/live/superseded frontmatter convention yet
|
|
338
|
-
closure_discipline: weak — many docs marked "à valider" indefinitely
|
|
339
|
-
```
|
|
340
|
-
|
|
341
|
-
## 6. AI-Tooling Profile
|
|
342
|
-
|
|
343
|
-
### 6.1 Setup
|
|
344
|
-
```yaml
|
|
345
|
-
primary_tool: Claude Code (exclusive — no Cursor/Windsurf/Aider/Continue)
|
|
346
|
-
user_level_dir: ~/.claude/
|
|
347
|
-
user_agents:
|
|
348
|
-
- aiobi-ops (40 KB, specialised DevOps agent with 20+ documented gotchas, 15+ incidents)
|
|
349
|
-
- explore-codebase
|
|
350
|
-
- explore-docs
|
|
351
|
-
- action
|
|
352
|
-
- websearch
|
|
353
|
-
user_commands: [epct, explore, run-tasks, watch-ci, commit, create-pull-request, fix-pr-comments, oneshot]
|
|
354
|
-
hooks:
|
|
355
|
-
pre_tool_use: bun-TypeScript command validator (~/.claude/scripts/command-validator/)
|
|
356
|
-
stop_notification: audio cues (afplay)
|
|
357
|
-
mcp_servers_configured: 0 # planned via MISHKAN, not active
|
|
358
|
-
bash_aliases:
|
|
359
|
-
cc: "claude --dangerously-skip-permissions"
|
|
360
|
-
ccc: "claude --dangerously-skip-permissions -c"
|
|
361
|
-
memory_files_per_project: 25-30 # flat-file knowledge graph at ceiling
|
|
362
|
-
total_memory_tokens: ~48000 across 93 files
|
|
363
|
-
```
|
|
364
|
-
|
|
365
|
-
### 6.2 Delegation map (transcript-derived)
|
|
366
|
-
```yaml
|
|
367
|
-
high_delegation:
|
|
368
|
-
- ui_css_svg_animations # one-shot accepted
|
|
369
|
-
- config_generation # YAML, docker-compose, XML
|
|
370
|
-
- keycloak_spi_boilerplate
|
|
371
|
-
medium_delegation:
|
|
372
|
-
- database_migrations # generate then heavily review, execute self
|
|
373
|
-
low_delegation:
|
|
374
|
-
- tests # prefers manual verification
|
|
375
|
-
zero_delegation:
|
|
376
|
-
- git_push
|
|
377
|
-
- ssh_to_prod
|
|
378
|
-
- docker_exec_on_prod
|
|
379
|
-
- sudo_operations
|
|
380
|
-
- schema_migration_execution
|
|
381
|
-
- log_forensics_execution # ai analyses output, human runs commands
|
|
382
|
-
```
|
|
383
|
-
|
|
384
|
-
### 6.3 Prompting fingerprint
|
|
385
|
-
```yaml
|
|
386
|
-
early_session_style:
|
|
387
|
-
format: highly structured JSON (tâche/entrée/format_de_sortie/exigences)
|
|
388
|
-
avg_length_chars: 1062
|
|
389
|
-
rigor: high
|
|
390
|
-
late_session_style:
|
|
391
|
-
format: conversational, terse, French command-style
|
|
392
|
-
avg_length_chars: 7948 # logs/terminal dumps included
|
|
393
|
-
rigor: scales with task difficulty — reverts to structure under pressure
|
|
394
|
-
language_triggers:
|
|
395
|
-
french: emotional venting, narrative progress, sharp corrections, local observations
|
|
396
|
-
english: terminal commands, framework names, error messages, technical specs
|
|
397
|
-
mixed: 13% of messages
|
|
398
|
-
fatigue_signal:
|
|
399
|
-
threshold: after 23:00 UTC
|
|
400
|
-
symptoms: typo density 3x baseline, prompts shift to raw terminal dumps, code-switching increases
|
|
401
|
-
ai_collaboration_maturity: 3.5/5
|
|
402
|
-
friction_tax: 3-5% of session time
|
|
403
|
-
recurring_friction_topics:
|
|
404
|
-
- keycloak_session_persistence # 125 instances
|
|
405
|
-
- commit_format_compliance # 129 instances
|
|
406
|
-
- git_push_coordination # 53 instances
|
|
407
|
-
- database_schema_sync # 29 instances
|
|
408
|
-
```
|
|
409
|
-
|
|
410
|
-
### 6.4 Non-negotiables (durable AI rules)
|
|
411
|
-
```yaml
|
|
412
|
-
- aiobi_brand_uses_treme: "Aïobi" — never "Aiobi"
|
|
413
|
-
- no_co_authored_by_trailers_in_commits
|
|
414
|
-
- no_emojis_in_commits
|
|
415
|
-
- explain_then_wait_before_implementing
|
|
416
|
-
- no_scope_creep_au_passage
|
|
417
|
-
- diagnose_before_fix_no_soupcon
|
|
418
|
-
- no_invented_timeframes_or_facts
|
|
419
|
-
- no_assistant_ssh_to_prod
|
|
420
|
-
- no_assistant_git_push
|
|
421
|
-
- stop_pending_action_when_user_speaks # interruption priority
|
|
422
|
-
- use_edit_tool_not_sed # vscode visibility
|
|
423
|
-
- check_both_gitlab_ci_and_deploy_remote_sh_for_deploy_logic_changes
|
|
424
|
-
- shared_server_requires_git_committer_name_env_var
|
|
425
|
-
- prefer_durable_over_temporary
|
|
426
|
-
```
|
|
427
|
-
|
|
428
|
-
## 7. Active Work — Open Scope
|
|
429
|
-
|
|
430
|
-
### 7.1 Aïobi-IAM
|
|
431
|
-
```yaml
|
|
432
|
-
status: v1.0.x in prod, v1.1.x ongoing
|
|
433
|
-
open:
|
|
434
|
-
- SPI bind-mount priority escalation (in BACKLOG.md)
|
|
435
|
-
- Docker boltdb cleanup (tech debt acknowledged)
|
|
436
|
-
- Full federation across all 4 apps (Forms done, Docs in progress, Meet/eshu pending)
|
|
437
|
-
locked: design phase complete (01_PRD through 05_MODELING)
|
|
438
|
-
pending: 06_IMPLEMENTATION doc
|
|
439
|
-
```
|
|
440
|
-
|
|
441
|
-
### 7.2 aiobi-form
|
|
442
|
-
```yaml
|
|
443
|
-
status: Phase 1 IAM hardening shipped, Phase 2 finition pre-prod in flight
|
|
444
|
-
open:
|
|
445
|
-
- silent SSO deployment
|
|
446
|
-
- JWT hardening completion
|
|
447
|
-
- audit findings remediation (46 catalogued, partial)
|
|
448
|
-
boundary: Y4NN owns deploy and IAM integration; Youssouf owns features
|
|
449
|
-
```
|
|
450
|
-
|
|
451
|
-
### 7.3 aiobi-docs
|
|
452
|
-
```yaml
|
|
453
|
-
status: staging active, prod pending
|
|
454
|
-
open:
|
|
455
|
-
- IAM theme migration to prod
|
|
456
|
-
- logout flow finalisation
|
|
457
|
-
- postmortem follow-ups from 2026-05-12 staging recovery
|
|
458
|
-
- realm_events_listener bug (2026-05-11, documented)
|
|
459
|
-
```
|
|
460
|
-
|
|
461
|
-
### 7.4 eshu
|
|
462
|
-
```yaml
|
|
463
|
-
status: OAuth + prod setup phase
|
|
464
|
-
open:
|
|
465
|
-
- Google + Apple OAuth completion
|
|
466
|
-
- prod deployment (registry migration 10.13.13.1 → 10.13.13.14 in progress)
|
|
467
|
-
boundary: shared with Cephas Congo
|
|
468
|
-
```
|
|
469
|
-
|
|
470
|
-
### 7.5 AïobiMeet
|
|
471
|
-
```yaml
|
|
472
|
-
status: continuous ops
|
|
473
|
-
open:
|
|
474
|
-
- session persistence across Keycloak restarts (recurring friction)
|
|
475
|
-
- Whisper ASR performance on staging vs prod (AVX-512 CPU divergence, unconfirmed root cause)
|
|
476
|
-
- SSO session timeout tuning
|
|
477
|
-
- cadvisor memory limits ongoing
|
|
478
|
-
```
|
|
479
|
-
|
|
480
|
-
### 7.6 AïobiOS-Guidance (personal/thesis)
|
|
481
|
-
```yaml
|
|
482
|
-
status: late prototype / pre-production
|
|
483
|
-
open:
|
|
484
|
-
- AppArmor/SELinux policy phase
|
|
485
|
-
- LUKS encryption integration
|
|
486
|
-
- Secure Boot signing
|
|
487
|
-
- ISO build automation (no CI yet)
|
|
488
|
-
- public release preparation
|
|
489
|
-
locked: US-1.1 through US-1.4 (debloat, security, branding, GDM customisation)
|
|
490
|
-
methodology_artifact: 19 issues numbered, each traced to root cause across layers
|
|
491
|
-
```
|
|
492
|
-
|
|
493
|
-
### 7.7 MISHKAN (harness research)
|
|
494
|
-
```yaml
|
|
495
|
-
status: design v1 complete, build pending
|
|
496
|
-
locked: naming (45 agents), 6 teams, init flow, 5-layer architecture, knowledge promotion model
|
|
497
|
-
open_decisions:
|
|
498
|
-
- cognee_deployment_mode # local docker vs cloud vs hybrid
|
|
499
|
-
- local_model_runtime # ollama vs lm-studio vs llama.cpp
|
|
500
|
-
- install_scope # user-level vs per-project
|
|
501
|
-
not_yet_designed:
|
|
502
|
-
- agent_system_prompts
|
|
503
|
-
- claude_md_templates
|
|
504
|
-
- rules_files_content
|
|
505
|
-
- hook_implementations
|
|
506
|
-
- skill_implementations
|
|
507
|
-
- curated_library_content
|
|
508
|
-
- cognee_graph_schema
|
|
509
|
-
- observability_pipeline
|
|
510
|
-
- model_routing_config
|
|
511
|
-
```
|
|
512
|
-
|
|
513
|
-
### 7.8 RAG-CLI (planned, not started)
|
|
514
|
-
```yaml
|
|
515
|
-
purpose: ingest 654K-token internal doc corpus, build knowledge graph, expose CLI for engineering process improvement queries
|
|
516
|
-
foundation: same Cognee instance MISHKAN needs
|
|
517
|
-
status: design only
|
|
518
|
-
corpus_ready: yes — 325 files, 13 doc types, strong interlinking, dated
|
|
519
|
-
```
|
|
520
|
-
|
|
521
|
-
## 8. Documentation Corpus (RAG-ready)
|
|
522
|
-
|
|
523
|
-
```yaml
|
|
524
|
-
total_files: 325
|
|
525
|
-
total_size_mb: 5.6
|
|
526
|
-
total_tokens_est: 654000
|
|
527
|
-
language_split:
|
|
528
|
-
fr: 90%
|
|
529
|
-
en: 10%
|
|
530
|
-
distribution:
|
|
531
|
-
project_docs: 226 files, 591K tokens
|
|
532
|
-
home_level_docs: 6 files, 15K tokens
|
|
533
|
-
claude_session_memory: 93 files, 48K tokens
|
|
534
|
-
doc_types_identified:
|
|
535
|
-
- DESIGN_SPEC # PRD, SRS, ARCHITECTURE, MODELING
|
|
536
|
-
- INCIDENT_REPORT
|
|
537
|
-
- POSTMORTEM
|
|
538
|
-
- RUNBOOK
|
|
539
|
-
- INTEGRATION_JOURNAL
|
|
540
|
-
- HANDOVER_NOTE
|
|
541
|
-
- ARCHITECTURE
|
|
542
|
-
- AUDIT_REPORT
|
|
543
|
-
- README
|
|
544
|
-
- DEPLOYMENT_LOG
|
|
545
|
-
- SESSION_MEMORY
|
|
546
|
-
- ADR
|
|
547
|
-
- FEATURE_SPEC
|
|
548
|
-
- TODO_TRACKER
|
|
549
|
-
quality_flags:
|
|
550
|
-
todo_fixme_markers: 42
|
|
551
|
-
superseded_docs: 33
|
|
552
|
-
contradictions_detected: 2
|
|
553
|
-
mixed_language_within_doc: 7
|
|
554
|
-
status_frontmatter_present: false # convention not yet adopted
|
|
555
|
-
entity_density: high
|
|
556
|
-
services: 20+ # Keycloak, PostgreSQL, Redis, Celery, Whisper, MinIO, LiveKit, Nginx, Traefik, Grafana, Sentry, GlitchTip, Loki, etc.
|
|
557
|
-
hosts: 4 named # id.aiobi.world, meet.aiobi.world, docs.aiobi.world, AiobiDev
|
|
558
|
-
config_keys: 30+
|
|
559
|
-
ports: 15+
|
|
560
|
-
realms: 3
|
|
561
|
-
ip_subnets: 3
|
|
562
|
-
```
|
|
563
|
-
|
|
564
|
-
## 9. Gaps — Factual Inventory
|
|
565
|
-
|
|
566
|
-
### 9.1 Skill (study required)
|
|
567
|
-
```yaml
|
|
568
|
-
kubernetes:
|
|
569
|
-
status: absent
|
|
570
|
-
blocking: declarative orchestration progression
|
|
571
|
-
terraform_or_pulumi:
|
|
572
|
-
status: absent
|
|
573
|
-
blocking: IaC progression beyond bash + Compose
|
|
574
|
-
helm:
|
|
575
|
-
status: absent
|
|
576
|
-
blocking: K8s package distribution
|
|
577
|
-
go:
|
|
578
|
-
status: absent
|
|
579
|
-
blocking: SRE/Platform tooling layer
|
|
580
|
-
rust:
|
|
581
|
-
status: absent
|
|
582
|
-
blocking: systems performance work (longer-term)
|
|
583
|
-
formal_slo_practice:
|
|
584
|
-
status: absent
|
|
585
|
-
components_missing: [SLI definitions, error budgets, burn-rate alerts, SLO docs]
|
|
586
|
-
distributed_systems_depth:
|
|
587
|
-
status: absent
|
|
588
|
-
components_missing: [service mesh, mTLS, circuit breakers, RPC framework]
|
|
589
|
-
threat_modelling_as_artifact:
|
|
590
|
-
status: absent
|
|
591
|
-
components_missing: [STRIDE doc, attack tree, formal threat model per service or per system]
|
|
592
|
-
```
|
|
593
|
-
|
|
594
|
-
### 9.2 Practice (process change required)
|
|
595
|
-
```yaml
|
|
596
|
-
sast_gates_in_ci:
|
|
597
|
-
status: not_automated
|
|
598
|
-
manual_equivalent: present (46-finding Forms audit done manually)
|
|
599
|
-
tools_missing: [semgrep, bandit, trivy, gitleaks, OSV-Scanner]
|
|
600
|
-
dependency_scanning_in_ci:
|
|
601
|
-
status: not_automated
|
|
602
|
-
docs_closure_ritual:
|
|
603
|
-
status: weak
|
|
604
|
-
symptom: many docs marked "à valider" indefinitely
|
|
605
|
-
fix: status frontmatter + sprint-end closure pass
|
|
606
|
-
changelog_automation:
|
|
607
|
-
status: partial
|
|
608
|
-
forms_repo: present
|
|
609
|
-
others_repo: absent
|
|
610
|
-
source: git-cliff or conventional-changelog could autogenerate from existing commits
|
|
611
|
-
test_coverage:
|
|
612
|
-
status: variable
|
|
613
|
-
weakest_repos: [IAM, eshu]
|
|
614
|
-
strongest_repos: [aiobi-form (phpunit), aiobi-docs (vitest)]
|
|
615
|
-
ai_friction_engineering:
|
|
616
|
-
status: reactive
|
|
617
|
-
symptom: 129 commit-format corrections, 125 session-persistence corrections, 53 push-protocol corrections
|
|
618
|
-
fix: bake recurring rules into mishkan-init skill + pre-commit hooks
|
|
619
|
-
late_night_deploy_rule:
|
|
620
|
-
status: absent
|
|
621
|
-
symptom: typo density 3x and prompt rigor degrades after 23:00 UTC
|
|
622
|
-
```
|
|
623
|
-
|
|
624
|
-
### 9.3 Tooling (build required)
|
|
625
|
-
```yaml
|
|
626
|
-
cognee_or_knowledge_graph:
|
|
627
|
-
status: designed, not deployed
|
|
628
|
-
mcp_servers_configured:
|
|
629
|
-
status: 0 configured
|
|
630
|
-
needed: [cognee, filesystem, git, security_scanner]
|
|
631
|
-
mishkan_implementation:
|
|
632
|
-
status: spec v1 complete, code at 0%
|
|
633
|
-
rag_cli:
|
|
634
|
-
status: design only
|
|
635
|
-
memory_to_graph_migration:
|
|
636
|
-
status: not started
|
|
637
|
-
source: 93 flat-file MEMORY.md → Cognee nodes
|
|
638
|
-
go_binary_for_internal_tooling:
|
|
639
|
-
status: none built yet
|
|
640
|
-
```
|
|
641
|
-
|
|
642
|
-
## 10. Strengths — Factual Inventory
|
|
643
|
-
|
|
644
|
-
```yaml
|
|
645
|
-
operational_mastery:
|
|
646
|
-
- 5 production services across 5 stacks managed solo on deploy side
|
|
647
|
-
- 626 commits / 66K insertions in 3 months at sustained quality
|
|
648
|
-
- Real blameless postmortems authored
|
|
649
|
-
- Idempotent rollback runbooks with pre-flight state capture
|
|
650
|
-
- Hash-based config drift detection in CI
|
|
651
|
-
- Dual root-cause identification in incidents
|
|
652
|
-
keycloak_deep_expertise:
|
|
653
|
-
- Custom Java SPI built from scratch
|
|
654
|
-
- Realm YAML hardening + bind-mount persistence
|
|
655
|
-
- SSO federation across multiple apps
|
|
656
|
-
- Infinispan JDBC session persistence
|
|
657
|
-
- Theme customisation including UTF-8 byte-level reconstruction
|
|
658
|
-
methodology_rigor:
|
|
659
|
-
- SWE-BASICS-BEFORE-CODE applied verbatim in IAM and MISHKAN
|
|
660
|
-
- ADR-0001 with 4-CRDT × 3-OT-framework trade-off matrix
|
|
661
|
-
- AïobiOS: 19 issues numbered, each traced to root cause across abstraction layer
|
|
662
|
-
- Doctoral-level engineering log methodology
|
|
663
|
-
ai_tooling_intentionality:
|
|
664
|
-
- Custom 40 KB aiobi-ops specialist agent
|
|
665
|
-
- Religious MEMORY.md discipline (93 files, 48K tokens)
|
|
666
|
-
- Asymmetric delegation rule (creative high / stateful zero)
|
|
667
|
-
- bun-TypeScript command validator hook
|
|
668
|
-
- MISHKAN architectural spec (815 lines) as original harness research
|
|
669
|
-
- Zero multi-tool sprawl by deliberate choice
|
|
670
|
-
documentation_practice:
|
|
671
|
-
- 654K tokens across 325 files, 13 distinct doc types
|
|
672
|
-
- Strong interlinking, dated, templated structure
|
|
673
|
-
- Bilingual (fr/en) with deliberate split by audience
|
|
674
|
-
debugging_discipline:
|
|
675
|
-
- Verification-first (no soupçon allowed)
|
|
676
|
-
- Identifies dual root causes (applicative + network)
|
|
677
|
-
- Documented refusal of guess-based fixes
|
|
678
|
-
brand_precision:
|
|
679
|
-
- Aïobi tréma enforced everywhere
|
|
680
|
-
- UTF-8 byte-level work in shell when needed
|
|
681
|
-
- Commit format strict and durable
|
|
682
|
-
security_practice:
|
|
683
|
-
- SECURITY.md per repo
|
|
684
|
-
- CVE-pinned dependencies with explicit comments
|
|
685
|
-
- SOPS for secret management
|
|
686
|
-
- Hardening overlays always re-applied
|
|
687
|
-
- SSO across suite via Keycloak
|
|
688
|
-
```
|
|
689
|
-
|
|
690
|
-
## 11. Project File Layout (Reference)
|
|
691
|
-
|
|
692
|
-
```yaml
|
|
693
|
-
home_root: /home/ogu/
|
|
694
|
-
work_root: /home/ogu/theY4NN/
|
|
695
|
-
work_repos:
|
|
696
|
-
- /home/ogu/theY4NN/Aïobi-IAM/
|
|
697
|
-
- /home/ogu/theY4NN/AïobiMeet/
|
|
698
|
-
- /home/ogu/theY4NN/aiobi-form/
|
|
699
|
-
- /home/ogu/theY4NN/aiobi-docs/
|
|
700
|
-
- /home/ogu/theY4NN/eshu/
|
|
701
|
-
- /home/ogu/theY4NN/a-obi-design-system/ # dormant
|
|
702
|
-
- /home/ogu/theY4NN/docs/
|
|
703
|
-
- /home/ogu/theY4NN/harness/ # MISHKAN design
|
|
704
|
-
personal_root: /home/ogu/Projects/
|
|
705
|
-
personal_repos:
|
|
706
|
-
- /home/ogu/Projects/AïobiOS-Guidance/
|
|
707
|
-
claude_data:
|
|
708
|
-
- ~/.claude/
|
|
709
|
-
- ~/.claude/projects/<encoded-path>/memory/
|
|
710
|
-
- ~/.claude/projects/<encoded-path>/*.jsonl
|
|
711
|
-
infra_topology:
|
|
712
|
-
- aiobi_master: 207.180.255.229 (10.13.13.1) — production runtime
|
|
713
|
-
- ops_serv: 10.13.13.14 — CI runner host
|
|
714
|
-
- aiobi_dev: shared staging server (Forms, Meet, Docs, eshu staging)
|
|
715
|
-
```
|
|
716
|
-
|
|
717
|
-
## 12. Operating Preferences (Cached Rules)
|
|
718
|
-
|
|
719
|
-
```yaml
|
|
720
|
-
session_modes:
|
|
721
|
-
exploration: default, free conversation, agents on demand
|
|
722
|
-
execution: triggered by /mishkan-init or convergence
|
|
723
|
-
interruption_priority: drop pending action immediately when user speaks
|
|
724
|
-
tool_choice:
|
|
725
|
-
prefer: Edit (vscode visibility)
|
|
726
|
-
avoid: sed for file modifications
|
|
727
|
-
use_for_files: Read/Edit/Write
|
|
728
|
-
reserve_for_shell: Bash only when no dedicated tool exists
|
|
729
|
-
git_protocol:
|
|
730
|
-
commit: assistant may commit locally
|
|
731
|
-
push: human only
|
|
732
|
-
ssh_to_prod: human only
|
|
733
|
-
schema_migration_execution: human only
|
|
734
|
-
log_inspection_execution: human only (assistant analyses output)
|
|
735
|
-
explanation_protocol:
|
|
736
|
-
before_implementing: 2-3 sentences + trade-offs + wait for approval
|
|
737
|
-
after_implementing: terse summary, do not narrate the diff
|
|
738
|
-
language_protocol:
|
|
739
|
-
internal_meta_work: French acceptable
|
|
740
|
-
technical_artifacts: English preferred
|
|
741
|
-
commit_subjects: French acceptable
|
|
742
|
-
output_protocol:
|
|
743
|
-
no_emojis: enforced everywhere
|
|
744
|
-
no_co_authored_by_trailers: enforced
|
|
745
|
-
detailed_explanations_over_summaries: preferred when documenting
|
|
746
|
-
no_invented_facts: verify timeframes against git log or mark as estimation
|
|
747
|
-
scope_protocol:
|
|
748
|
-
fix_what_was_specified: no "au passage" cleanup
|
|
749
|
-
ask_before_widening: scope expansion requires approval
|
|
750
|
-
```
|
|
751
|
-
|
|
752
|
-
---
|
|
753
|
-
|
|
754
|
-
*Profile is canonical present-state. Update on milestone events, role changes, or major work scope shifts. Designed for agent context loading with high signal density and low ceremony.*
|