mishkan-harness 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (145) hide show
  1. package/README.md +49 -11
  2. package/bin/mishkan.js +562 -79
  3. package/docs/design/MISHKAN_decisions.md +398 -8
  4. package/docs/design/MISHKAN_observability.md +8 -8
  5. package/docs/engineer/profile-readable.md +201 -0
  6. package/docs/engineer/profile.md +754 -0
  7. package/docs/usage/01-installation.md +22 -8
  8. package/docs/usage/02-project-init.md +30 -13
  9. package/docs/usage/03-orchestration.md +46 -7
  10. package/docs/usage/04-memory-layer.md +135 -69
  11. package/docs/usage/06-llm-providers.md +2 -1
  12. package/docs/usage/07-troubleshooting.md +23 -0
  13. package/docs/usage/08-glossary.md +12 -3
  14. package/docs/usage/09-workflows.md +15 -3
  15. package/docs/usage/10-observability.md +3 -3
  16. package/docs/usage/11-graphify.md +38 -18
  17. package/docs/usage/12-cli.md +87 -0
  18. package/docs/usage/12-skill-discovery.md +11 -0
  19. package/docs/usage/README.md +35 -19
  20. package/package.json +1 -1
  21. package/payload/mishkan/AGENT_SPEC.md +3 -1
  22. package/payload/mishkan/agents/ahikam.md +3 -1
  23. package/payload/mishkan/agents/aholiab.md +3 -1
  24. package/payload/mishkan/agents/asaph.md +3 -1
  25. package/payload/mishkan/agents/baruch.md +8 -1
  26. package/payload/mishkan/agents/benaiah.md +3 -1
  27. package/payload/mishkan/agents/bezalel.md +3 -1
  28. package/payload/mishkan/agents/caleb.md +3 -1
  29. package/payload/mishkan/agents/deborah.md +3 -1
  30. package/payload/mishkan/agents/elasah.md +3 -1
  31. package/payload/mishkan/agents/eliashib.md +3 -1
  32. package/payload/mishkan/agents/ezra.md +3 -1
  33. package/payload/mishkan/agents/hanun.md +3 -1
  34. package/payload/mishkan/agents/hiram.md +3 -1
  35. package/payload/mishkan/agents/hizkiah.md +3 -1
  36. package/payload/mishkan/agents/huldah.md +3 -1
  37. package/payload/mishkan/agents/huram.md +3 -1
  38. package/payload/mishkan/agents/hushai.md +3 -1
  39. package/payload/mishkan/agents/igal.md +3 -1
  40. package/payload/mishkan/agents/ira.md +3 -1
  41. package/payload/mishkan/agents/jahaziel.md +3 -1
  42. package/payload/mishkan/agents/jakin.md +3 -1
  43. package/payload/mishkan/agents/jehonathan.md +3 -1
  44. package/payload/mishkan/agents/jehoshaphat.md +3 -1
  45. package/payload/mishkan/agents/joab.md +3 -1
  46. package/payload/mishkan/agents/joah.md +3 -1
  47. package/payload/mishkan/agents/maaseiah.md +3 -1
  48. package/payload/mishkan/agents/meremoth.md +3 -1
  49. package/payload/mishkan/agents/meshullam.md +3 -1
  50. package/payload/mishkan/agents/nathan.md +3 -1
  51. package/payload/mishkan/agents/nehemiah.md +3 -1
  52. package/payload/mishkan/agents/obed.md +3 -1
  53. package/payload/mishkan/agents/oholiab.md +3 -1
  54. package/payload/mishkan/agents/palal.md +3 -1
  55. package/payload/mishkan/agents/phinehas.md +3 -1
  56. package/payload/mishkan/agents/rehum.md +3 -1
  57. package/payload/mishkan/agents/salma.md +3 -1
  58. package/payload/mishkan/agents/seraiah.md +3 -1
  59. package/payload/mishkan/agents/shallum.md +3 -1
  60. package/payload/mishkan/agents/shaphan.md +3 -1
  61. package/payload/mishkan/agents/shemaiah.md +6 -1
  62. package/payload/mishkan/agents/shevna.md +3 -1
  63. package/payload/mishkan/agents/uriah.md +3 -1
  64. package/payload/mishkan/agents/zaccur.md +3 -1
  65. package/payload/mishkan/agents/zadok.md +3 -1
  66. package/payload/mishkan/agents/zerubbabel.md +3 -1
  67. package/payload/mishkan/cognee/.env.example +11 -0
  68. package/payload/mishkan/cognee/Dockerfile +20 -0
  69. package/payload/mishkan/cognee/README.md +34 -14
  70. package/payload/mishkan/cognee/docker-compose.curated.yml +33 -6
  71. package/payload/mishkan/cognee/docker-compose.selfhosted.yml +35 -5
  72. package/payload/mishkan/cognee/docker-compose.work.yml +191 -0
  73. package/payload/mishkan/cognee/docker-compose.yml +18 -3
  74. package/payload/mishkan/cognee/patches/cognee-mcp-core-align.py +72 -0
  75. package/payload/mishkan/cognee/patches/cognee-mcp-recall-user.py +82 -0
  76. package/payload/mishkan/cognee/promote-curated.py +77 -0
  77. package/payload/mishkan/cognee/prune-store.py +23 -0
  78. package/payload/mishkan/commands/mishkan-init.md +4 -1
  79. package/payload/mishkan/commands/mishkan-org-reference.md +2 -2
  80. package/payload/mishkan/config/curated-library.yaml +1 -0
  81. package/payload/mishkan/config/model-routing.yaml +23 -14
  82. package/payload/mishkan/evals/baruch/fixtures/invalid/bad-curated-candidate.json +22 -0
  83. package/payload/mishkan/evals/baruch/fixtures/valid/resolved-curated-candidate.json +23 -0
  84. package/payload/mishkan/hooks/model-route.py +14 -1
  85. package/payload/mishkan/hooks/post-tool-observe.sh +55 -7
  86. package/payload/mishkan/hooks/pre-tool-trace.sh +40 -6
  87. package/payload/mishkan/observability/README.md +15 -12
  88. package/payload/mishkan/observability/schema.json +18 -1
  89. package/payload/mishkan/observability/usage_parser.py +1 -0
  90. package/payload/mishkan/observability/watch/pyproject.toml +1 -1
  91. package/payload/mishkan/observability/watch/src/mishkan_watch/__init__.py +1 -1
  92. package/payload/mishkan/observability/watch/src/mishkan_watch/__main__.py +78 -21
  93. package/payload/mishkan/observability/watch/src/mishkan_watch/app.py +56 -3
  94. package/payload/mishkan/observability/watch/src/mishkan_watch/tabs/agents.py +29 -7
  95. package/payload/mishkan/observability/watch/src/mishkan_watch/tabs/knowledge.py +83 -8
  96. package/payload/mishkan/observability/watch/src/mishkan_watch/tabs/live.py +42 -13
  97. package/payload/mishkan/observability/watch/src/mishkan_watch/tabs/usage.py +10 -3
  98. package/payload/mishkan/observability/watch/src/mishkan_watch/tabs/workflows.py +47 -7
  99. package/payload/mishkan/observability/watchd/pyproject.toml +1 -1
  100. package/payload/mishkan/observability/watchd/src/mishkan_watchd/__init__.py +1 -1
  101. package/payload/mishkan/observability/watchd/src/mishkan_watchd/__main__.py +87 -11
  102. package/payload/mishkan/observability/watchd/src/mishkan_watchd/server.py +126 -9
  103. package/payload/mishkan/observability/watchd/src/mishkan_watchd/sources/cognee_poll.py +136 -49
  104. package/payload/mishkan/observability/watchd/src/mishkan_watchd/sources/graphify_tail.py +38 -64
  105. package/payload/mishkan/observability/watchd/src/mishkan_watchd/state.py +222 -34
  106. package/payload/mishkan/observability/watchd/tests/test_state.py +502 -4
  107. package/payload/mishkan/ontology.md +8 -1
  108. package/payload/mishkan/ontology.ttl +188 -0
  109. package/payload/mishkan/scripts/ensure-work-store.sh +230 -0
  110. package/payload/mishkan/scripts/mishkan-ingest.sh +53 -3
  111. package/payload/mishkan/scripts/promote-curated.sh +77 -0
  112. package/payload/mishkan/scripts/reset-knowledge-data.sh +70 -0
  113. package/payload/mishkan/scripts/validate-research-log.sh +27 -0
  114. package/payload/mishkan/skills/baruch-research-reporting-craft/SKILL.md +42 -8
  115. package/payload/mishkan/skills/cognee-promote/SKILL.md +13 -0
  116. package/payload/mishkan/skills/cognee-quickstart/SKILL.md +7 -1
  117. package/payload/mishkan/skills/ezra-research-formulation-craft/SKILL.md +9 -0
  118. package/payload/mishkan/skills/mishkan-ingest/SKILL.md +22 -0
  119. package/payload/mishkan/skills/mishkan-init/SKILL.md +31 -19
  120. package/payload/mishkan/skills/shemaiah-evaluation-craft/SKILL.md +33 -5
  121. package/payload/mishkan/skills/team-lead-craft/SKILL.md +66 -0
  122. package/payload/mishkan/templates/mcp.json +7 -2
  123. package/payload/mishkan/templates/observability-log.schema.json +1 -1
  124. package/payload/mishkan/templates/research-log.schema.json +15 -1
  125. package/payload/mishkan/workflows/README.md +19 -13
  126. package/payload/mishkan/workflows/chosheb-feature-ship.js +63 -18
  127. package/payload/mishkan/workflows/migdal-dr-drill.js +4 -0
  128. package/payload/mishkan/workflows/migdal-infra-change.js +48 -7
  129. package/payload/mishkan/workflows/mishkan-architecture-panel.js +4 -0
  130. package/payload/mishkan/workflows/mishkan-blast-radius.js +4 -0
  131. package/payload/mishkan/workflows/mishkan-codebase-audit.js +4 -0
  132. package/payload/mishkan/workflows/mishkan-deep-research.js +4 -0
  133. package/payload/mishkan/workflows/mishkan-init.js +4 -0
  134. package/payload/mishkan/workflows/mishkan-knowledge-gap-discovery.js +4 -0
  135. package/payload/mishkan/workflows/mishkan-migration-wave.js +4 -0
  136. package/payload/mishkan/workflows/mishkan-release-readiness.js +4 -0
  137. package/payload/mishkan/workflows/mishkan-sprint-close.js +4 -0
  138. package/payload/mishkan/workflows/mishkan-standards-rollout.js +4 -0
  139. package/payload/mishkan/workflows/mishmar-security-gate.js +45 -6
  140. package/payload/mishkan/workflows/panim-ds-rollout.js +4 -0
  141. package/payload/mishkan/workflows/panim-feature-ship.js +132 -0
  142. package/payload/mishkan/workflows/sefer-release-notes.js +4 -0
  143. package/payload/mishkan/workflows/yasad-data-migration-wave.js +4 -0
  144. package/payload/mishkan/workflows/yasad-feature-ship.js +130 -0
  145. package/payload/mishkan/workflows/yasad-schema-evolution.js +4 -0
@@ -0,0 +1,754 @@
1
+ ---
2
+ name: y4nn-profile
3
+ description: Canonical developer profile of Y4NN. Loaded as cached context by MISHKAN agents.
4
+ type: developer_profile
5
+ version: 1.0
6
+ last_updated: 2026-05-27
7
+ scope: agent-loadable
8
+ language: en
9
+ ---
10
+
11
+ # Y4NN — Developer Profile
12
+
13
+ ## 0. Identity
14
+
15
+ ```yaml
16
+ legal_name: Ragnang-Newende Yanis Axel DABO
17
+ handle: >_TheY4NN
18
+ github: Y4NN777
19
+ emails:
20
+ - yanisaxel.dabo@aiobi.world # primary work
21
+
22
+ - nage-remorqueur8o@icloud.com # claude.ai account
23
+ git_authors:
24
+ - TheY4NN777 <yanisaxel.dabo@aiobi.world>
25
+ - Yanis Axel Dabo <yanisaxel.dabo@aiobi.world>
26
+ machine_identities:
27
+ - ogu # current
28
+ - aiobi6 # prior
29
+ title: Junior Software Engineer
30
+ internal_role: Mainteneur Staging & Production @ OGUN
31
+ employer: Aïobi
32
+ languages:
33
+ - fr # primary, all internal/meta work
34
+ - en # secondary, technical artifacts and code
35
+ location: France/Africa axis (Aïobi = sovereign African tech ecosystem)
36
+ brand_rule: "Aïobi" with tréma — never "Aiobi"
37
+ ```
38
+
39
+ ## 1. Operating Role
40
+
41
+ Build-and-deploy engineer for the Aïobi product suite. Bridge between feature development and infrastructure operations. Owns the operational delivery pipeline end-to-end across five production services. Sole owner of one (IAM). Builder of one independent thesis-grade project (AïobiOS).
42
+
43
+ ```yaml
44
+ role_components:
45
+ - feature_engineering # full-stack, multi-stack
46
+ - deployment_engineering # staging + prod for entire suite
47
+ - devsecops_practice # hardening, secret management, audits
48
+ - incident_response # primary on-call
49
+ - documentation_authoring # design specs, runbooks, postmortems
50
+ - ai_tooling_engineering # custom agents, harness design
51
+ reports_to:
52
+ - cto: unnamed (Direction Technique Aïobi)
53
+ collaborates_with:
54
+ - youssouf_kouanda: Forms feature lead + MR gate (OGUN-kal)
55
+ - cephas_congo: eshu backend co-developer (LEGBA-8I)
56
+ - cheick_oumar_tarnagueda: ops support (OGUN-TCO)
57
+ - hermes_team: hardware/server provisioning
58
+ - antoine_lebaud: original AïobiMeet author (less active)
59
+ ```
60
+
61
+ ## 2. Surface Owned
62
+
63
+ ### 2.1 Aïobi-IAM (sole owner)
64
+ ```yaml
65
+ status: production
66
+ stack: Keycloak 20 + custom Java SPI + realm YAML + theme bind-mounts
67
+ ownership: 100%
68
+ commits_in_window: 115
69
+ artifacts:
70
+ - SWE-BASICS-BEFORE-CODE design suite: 01_PRD → 05_MODELING (locked)
71
+ - Custom SPI: aiobi-user-provider (Java, compiled in-pipeline)
72
+ - Hardening overlay (docker-compose.hardening.yml)
73
+ - Rollback runbook with pre-flight state capture
74
+ - Integration journals for Forms / Docs / Meet onboarding
75
+ boundary: builds, integrates, hardens, deploys, operates
76
+ ```
77
+
78
+ ### 2.2 AïobiMeet
79
+ ```yaml
80
+ status: production
81
+ stack: Django + React + LiveKit + FastAPI + Keycloak SSO
82
+ ownership: ops/infra/deploy (not original author)
83
+ original_author: Antoine Lebaud (1388 historical commits)
84
+ commits_in_window: 320
85
+ boundary:
86
+ owns: docker/production, docker/staging, gitlab-ci.yml, Keycloak realm config,
87
+ Prometheus/Grafana setup, Whisper ASR tuning, hotfixes, deploys
88
+ does_not_own: original feature architecture, core conferencing logic
89
+ incidents_handled: 30+ staging errors, 11 prod errors documented
90
+ ```
91
+
92
+ ### 2.3 aiobi-form (Forms)
93
+ ```yaml
94
+ status: production
95
+ stack: Laravel 11 + Nuxt 3 (dual-licensed AGPLv3 + proprietary)
96
+ ownership: deploy + IAM integration + ops + production hotfixes
97
+ feature_lead: Youssouf Kouanda
98
+ mr_gate: Youssouf Kouanda (25+ merges in 8 weeks)
99
+ commits_in_window: 55
100
+ boundary:
101
+ owns: deploy-remote.sh, nginx-prod.conf, Traefik ingress, IAM integration,
102
+ staging bootstrap, prod hotfixes
103
+ does_not_own: feature development (Youssouf), core Notion-Forms fork (Julien Nahum upstream)
104
+ audit_findings: 46 (critical/high/medium catalogued)
105
+ ```
106
+
107
+ ### 2.4 aiobi-docs
108
+ ```yaml
109
+ status: staging active, prod pending
110
+ stack: Django + Yjs/CRDT + React (Impress fork)
111
+ ownership: deploy + IAM integration + staging
112
+ commits_in_window: 53
113
+ artifacts:
114
+ - ADR-0001 (Yjs CRDT decision, full trade-off matrix)
115
+ - Postmortem 2026-05-12 (staging recovery, dual root cause)
116
+ - Refacto plan 02 (52 KB)
117
+ boundary:
118
+ owns: staging deploy, IAM theme + logout flow, CI/CD
119
+ shared: core docs platform (Anthony LC, Manuel Raynaud upstream)
120
+ ```
121
+
122
+ ### 2.5 eshu
123
+ ```yaml
124
+ status: in development, OAuth + prod setup phase
125
+ stack: FastAPI + Vue 3 + Capacitor + LangChain + CrewAI + ChromaDB
126
+ ownership: integration + prod release (equal partnership)
127
+ co_developer: Cephas Congo
128
+ commits_in_window: 37 (Cephas: 36)
129
+ boundary:
130
+ owns: prod setup, OAuth flows, deploy pipeline, develop→main merges for prod
131
+ does_not_own: backend feature development (Cephas)
132
+ ```
133
+
134
+ ### 2.6 AïobiOS-Guidance (personal/thesis)
135
+ ```yaml
136
+ status: late prototype / pre-production
137
+ location: /home/ogu/Projects/AïobiOS-Guidance/ (not in /theY4NN/)
138
+ type: thesis-grade Ubuntu 24.04 LTS customisation
139
+ stack: Cubic chroot + dpkg-divert + bash + GRUB + Plymouth + GDM + Yaru
140
+ code_volume: 942 LOC shell across 10 scripts
141
+ docs_volume: 2549 lines markdown across 7 engineering logs + guides
142
+ ownership: 100% sole author
143
+ methodology: doctoral — 19 issues numbered continuously, each traced to root cause across abstraction layer (CSS → Yaru gresource → AccountsService D-Bus → dpkg-divert)
144
+ visibility: private — not yet public
145
+ ```
146
+
147
+ ## 3. Velocity Snapshot
148
+
149
+ ```yaml
150
+ window: ~3 months (recent)
151
+ total_commits: 626
152
+ insertions: 66115
153
+ deletions: 11265
154
+ files_touched: 1501
155
+ repos_active: 5 (+ AïobiOS personal)
156
+ stacks_active: 5 (Python, PHP, JS/TS, Java SPI, Bash)
157
+ environments_per_service: 4 (dev, staging, prod, secure)
158
+ cadence:
159
+ peak_hours_cet: [10-14, 16-23]
160
+ hotfix_bursts: 00-04 CET, late-night
161
+ weekday_only: true
162
+ recent_hotfix_density: 4 prod commits in 22 minutes (2026-05-12 02:00-02:22)
163
+ ```
164
+
165
+ ## 4. Demonstrated Stack
166
+
167
+ ### 4.1 Languages (actively shipping)
168
+ ```yaml
169
+ python:
170
+ level: strong
171
+ evidence: FastAPI async + Pydantic + Alembic + asyncpg, Django production, LangChain/CrewAI/ChromaDB integration
172
+ php:
173
+ level: working
174
+ evidence: Laravel 11 production, Eloquent ORM, blade templates
175
+ typescript_javascript:
176
+ level: strong
177
+ evidence: Nuxt 3 SSR, React, Vue 3, Vitest, component libraries, i18next
178
+ java:
179
+ level: working
180
+ evidence: Keycloak SPI compilation, enum refactor, test suite (aiobi-user-provider)
181
+ bash:
182
+ level: strong
183
+ evidence: deploy-remote.sh patterns, AïobiOS scripts, dpkg-divert orchestration, UTF-8 byte-level reconstruction
184
+ yaml:
185
+ level: strong
186
+ evidence: realm config, docker-compose, GitLab CI, idempotent overlays
187
+ languages_absent: [go, rust, c, c++]
188
+ ```
189
+
190
+ ### 4.2 Infrastructure stack
191
+ ```yaml
192
+ containerisation:
193
+ docker: strong
194
+ docker_compose: strong (multi-environment overlays, hash-based config drift detection, hardening overlays)
195
+ kubernetes: absent
196
+ ci_cd:
197
+ gitlab_ci: strong (268 yml touches, environment scoping, protected vars, conditional jobs)
198
+ github_actions: limited (aiobi-docs only)
199
+ iac:
200
+ declarative: absent (no Terraform, no Pulumi, no Helm)
201
+ imperative: strong (custom bash deploy patterns, SSH-direct with health polling)
202
+ observability:
203
+ prometheus: deployed
204
+ grafana: deployed
205
+ sentry: deployed across 3 projects
206
+ glitchtip: deployed
207
+ loki: deployed
208
+ opentelemetry: absent
209
+ slo_definitions: absent
210
+ burn_rate_alerts: absent
211
+ secrets:
212
+ sops: in use
213
+ gitlab_protected_vars: in use
214
+ vault: absent
215
+ service_mesh: absent
216
+ mtls_between_services: absent
217
+ ```
218
+
219
+ ### 4.3 Security stack
220
+ ```yaml
221
+ practices:
222
+ - SECURITY.md per repo with disclosure policy
223
+ - CVE-pinned dependencies (explicit comments referencing CVE IDs)
224
+ - Hardening overlays for Keycloak (always re-applied on recreate)
225
+ - SSO across suite via Keycloak (single source of identity)
226
+ - Rate limiting (slowapi) on FastAPI endpoints
227
+ - Session security middleware
228
+ - Manual security audits (Forms audit: 46 findings catalogued)
229
+ automation:
230
+ sast_in_ci: absent # no semgrep, bandit, trivy, gitleaks, OSV-Scanner gates
231
+ dependency_scanning_in_ci: absent
232
+ threat_modelling_artifact: absent # STRIDE doc not produced
233
+ responsible_disclosure_received: 0
234
+ ```
235
+
236
+ ### 4.4 Domain expertise (deep)
237
+ ```yaml
238
+ keycloak:
239
+ level: deep
240
+ evidence: 229 mentions in transcripts, custom SPI in Java, realm YAML hardening, theme bind-mounts, JDBC session persistence (Infinispan), SSO federation across 4 apps, broker IdP setup
241
+ docker_networking:
242
+ level: deep
243
+ evidence: Traefik routing edge cases, IPv6 vs IPv4 localhost healthcheck issues, ghost iptables on dead bridges, subnet pinning, hardening overlays
244
+ linux_systems_customisation:
245
+ level: deep (AïobiOS)
246
+ evidence: dpkg-divert across 6 subsystems, GRUB customisation, Plymouth themes, GDM/Yaru/AccountsService layer debugging, systemd one-shot first-boot provisioning
247
+ rag_ai_stack:
248
+ level: working
249
+ evidence: eshu uses LangChain + CrewAI + ChromaDB + sentence-transformers + Groq/OpenAI/Google models in production
250
+ crdt_realtime:
251
+ level: working
252
+ evidence: ADR-0001 Yjs evaluation with full trade-off matrix, integration in aiobi-docs
253
+ ```
254
+
255
+ ## 5. Engineering Methodology
256
+
257
+ ### 5.1 Workflow rules (observed)
258
+ ```yaml
259
+ design_before_code:
260
+ rule: PRD → SRS → CONTRACT → ARCHITECTURE → MODELING locked before implementation
261
+ applied_in: [Aïobi-IAM, MISHKAN]
262
+ source: SWE-BASICS-BEFORE-CODE framework
263
+ explain_before_implement:
264
+ rule: 2-3 sentence explanation + trade-offs + wait for approval before any code change
265
+ source: feedback_explain_before_code.md (triggered by 3-cycle date-picker incident)
266
+ diagnose_before_fix:
267
+ rule: exact stacktrace / HTTP status / log line required before any fix
268
+ reject: "soupçon" (guess-based) reasoning
269
+ source: feedback_diagnose_before_fix.md
270
+ durable_solutions_only:
271
+ rule: no sed-in-CI, no manual patches, no temporary workarounds
272
+ must_work_in_prod: true
273
+ source: feedback_durable_solutions.md
274
+ verify_before_destructive:
275
+ rule: git status --short before every push, read compose paths before deploy
276
+ source: project_aiobi-ops memory
277
+ no_invented_facts:
278
+ rule: no estimation of timeframes without git log verification
279
+ source: feedback_no_invented_facts.md
280
+ no_scope_creep:
281
+ rule: fix only what was specified; no "au passage" refactors
282
+ source: feedback_no_scope_creep.md
283
+ ```
284
+
285
+ ### 5.2 Commit discipline
286
+ ```yaml
287
+ format: "type(scope) short description"
288
+ extended: "type(scope) subject — body with logs, root cause, before/after"
289
+ types_used: [fix, feat, docs, chore, hotfix, refactor, ops]
290
+ emojis: forbidden
291
+ co_authored_by: forbidden
292
+ case: lowercase subject
293
+ period_terminator: no
294
+ shared_server_protocol:
295
+ - GIT_COMMITTER_NAME="TheY4NN777"
296
+ - --author flag explicit on every commit
297
+ - never modify git config
298
+ body_style: 5-15 lines with environment details, error messages, alternatives considered
299
+ language: French in subject and scope, French or English in body
300
+ ```
301
+
302
+ ### 5.3 Deployment discipline
303
+ ```yaml
304
+ flow: staging → validate → MR develop→main → prod
305
+ trigger: continuous deploy (no semver tags)
306
+ narration: git log + .claude/plans/ + docs/ops/
307
+ ci_runner_topology:
308
+ - runner_host: ops-serv (10.13.13.14)
309
+ - prod_runtime: Aïobi Master (207.180.255.229, 10.13.13.1) — pure runtime, no CI
310
+ - pattern: SSH-direct deploy with scoped key + sudo NOPASSWD discipline
311
+ pre_deploy_checks:
312
+ - hash-based config drift detection (sha256 diff on env files)
313
+ - health polling with timeout + retry
314
+ - container restart only if config hash changed
315
+ post_deploy:
316
+ - structured DEPLOYMENT-LOG.md updated per service per env
317
+ incident_pattern:
318
+ - reproduce in staging first
319
+ - identify dual root causes (applicative + network often both present)
320
+ - blameless postmortem with timeline + lessons + action items
321
+ ```
322
+
323
+ ### 5.4 Documentation discipline
324
+ ```yaml
325
+ audience: builders (not end-users)
326
+ density:
327
+ readmes: 50-150 lines (terse)
328
+ design_docs: 300-800 lines (heavy)
329
+ runbooks: copy-paste-safe, one command per failure mode
330
+ templates_applied:
331
+ - SWE-BASICS-BEFORE-CODE (PRD/SRS/CONTRACT/ARCHITECTURE/MODELING)
332
+ - postmortem: timeline + root causes + lessons + action items
333
+ - integration journal: chronological narrative with gotchas table
334
+ language_split:
335
+ french: 90% (internal team-facing)
336
+ english: 10% (architecture, design docs, MISHKAN)
337
+ status_marker: absent — no draft/live/superseded frontmatter convention yet
338
+ closure_discipline: weak — many docs marked "à valider" indefinitely
339
+ ```
340
+
341
+ ## 6. AI-Tooling Profile
342
+
343
+ ### 6.1 Setup
344
+ ```yaml
345
+ primary_tool: Claude Code (exclusive — no Cursor/Windsurf/Aider/Continue)
346
+ user_level_dir: ~/.claude/
347
+ user_agents:
348
+ - aiobi-ops (40 KB, specialised DevOps agent with 20+ documented gotchas, 15+ incidents)
349
+ - explore-codebase
350
+ - explore-docs
351
+ - action
352
+ - websearch
353
+ user_commands: [epct, explore, run-tasks, watch-ci, commit, create-pull-request, fix-pr-comments, oneshot]
354
+ hooks:
355
+ pre_tool_use: bun-TypeScript command validator (~/.claude/scripts/command-validator/)
356
+ stop_notification: audio cues (afplay)
357
+ mcp_servers_configured: 0 # planned via MISHKAN, not active
358
+ bash_aliases:
359
+ cc: "claude --dangerously-skip-permissions"
360
+ ccc: "claude --dangerously-skip-permissions -c"
361
+ memory_files_per_project: 25-30 # flat-file knowledge graph at ceiling
362
+ total_memory_tokens: ~48000 across 93 files
363
+ ```
364
+
365
+ ### 6.2 Delegation map (transcript-derived)
366
+ ```yaml
367
+ high_delegation:
368
+ - ui_css_svg_animations # one-shot accepted
369
+ - config_generation # YAML, docker-compose, XML
370
+ - keycloak_spi_boilerplate
371
+ medium_delegation:
372
+ - database_migrations # generate then heavily review, execute self
373
+ low_delegation:
374
+ - tests # prefers manual verification
375
+ zero_delegation:
376
+ - git_push
377
+ - ssh_to_prod
378
+ - docker_exec_on_prod
379
+ - sudo_operations
380
+ - schema_migration_execution
381
+ - log_forensics_execution # ai analyses output, human runs commands
382
+ ```
383
+
384
+ ### 6.3 Prompting fingerprint
385
+ ```yaml
386
+ early_session_style:
387
+ format: highly structured JSON (tâche/entrée/format_de_sortie/exigences)
388
+ avg_length_chars: 1062
389
+ rigor: high
390
+ late_session_style:
391
+ format: conversational, terse, French command-style
392
+ avg_length_chars: 7948 # logs/terminal dumps included
393
+ rigor: scales with task difficulty — reverts to structure under pressure
394
+ language_triggers:
395
+ french: emotional venting, narrative progress, sharp corrections, local observations
396
+ english: terminal commands, framework names, error messages, technical specs
397
+ mixed: 13% of messages
398
+ fatigue_signal:
399
+ threshold: after 23:00 UTC
400
+ symptoms: typo density 3x baseline, prompts shift to raw terminal dumps, code-switching increases
401
+ ai_collaboration_maturity: 3.5/5
402
+ friction_tax: 3-5% of session time
403
+ recurring_friction_topics:
404
+ - keycloak_session_persistence # 125 instances
405
+ - commit_format_compliance # 129 instances
406
+ - git_push_coordination # 53 instances
407
+ - database_schema_sync # 29 instances
408
+ ```
409
+
410
+ ### 6.4 Non-negotiables (durable AI rules)
411
+ ```yaml
412
+ - aiobi_brand_uses_treme: "Aïobi" — never "Aiobi"
413
+ - no_co_authored_by_trailers_in_commits
414
+ - no_emojis_in_commits
415
+ - explain_then_wait_before_implementing
416
+ - no_scope_creep_au_passage
417
+ - diagnose_before_fix_no_soupcon
418
+ - no_invented_timeframes_or_facts
419
+ - no_assistant_ssh_to_prod
420
+ - no_assistant_git_push
421
+ - stop_pending_action_when_user_speaks # interruption priority
422
+ - use_edit_tool_not_sed # vscode visibility
423
+ - check_both_gitlab_ci_and_deploy_remote_sh_for_deploy_logic_changes
424
+ - shared_server_requires_git_committer_name_env_var
425
+ - prefer_durable_over_temporary
426
+ ```
427
+
428
+ ## 7. Active Work — Open Scope
429
+
430
+ ### 7.1 Aïobi-IAM
431
+ ```yaml
432
+ status: v1.0.x in prod, v1.1.x ongoing
433
+ open:
434
+ - SPI bind-mount priority escalation (in BACKLOG.md)
435
+ - Docker boltdb cleanup (tech debt acknowledged)
436
+ - Full federation across all 4 apps (Forms done, Docs in progress, Meet/eshu pending)
437
+ locked: design phase complete (01_PRD through 05_MODELING)
438
+ pending: 06_IMPLEMENTATION doc
439
+ ```
440
+
441
+ ### 7.2 aiobi-form
442
+ ```yaml
443
+ status: Phase 1 IAM hardening shipped, Phase 2 finition pre-prod in flight
444
+ open:
445
+ - silent SSO deployment
446
+ - JWT hardening completion
447
+ - audit findings remediation (46 catalogued, partial)
448
+ boundary: Y4NN owns deploy and IAM integration; Youssouf owns features
449
+ ```
450
+
451
+ ### 7.3 aiobi-docs
452
+ ```yaml
453
+ status: staging active, prod pending
454
+ open:
455
+ - IAM theme migration to prod
456
+ - logout flow finalisation
457
+ - postmortem follow-ups from 2026-05-12 staging recovery
458
+ - realm_events_listener bug (2026-05-11, documented)
459
+ ```
460
+
461
+ ### 7.4 eshu
462
+ ```yaml
463
+ status: OAuth + prod setup phase
464
+ open:
465
+ - Google + Apple OAuth completion
466
+ - prod deployment (registry migration 10.13.13.1 → 10.13.13.14 in progress)
467
+ boundary: shared with Cephas Congo
468
+ ```
469
+
470
+ ### 7.5 AïobiMeet
471
+ ```yaml
472
+ status: continuous ops
473
+ open:
474
+ - session persistence across Keycloak restarts (recurring friction)
475
+ - Whisper ASR performance on staging vs prod (AVX-512 CPU divergence, unconfirmed root cause)
476
+ - SSO session timeout tuning
477
+ - cadvisor memory limits ongoing
478
+ ```
479
+
480
+ ### 7.6 AïobiOS-Guidance (personal/thesis)
481
+ ```yaml
482
+ status: late prototype / pre-production
483
+ open:
484
+ - AppArmor/SELinux policy phase
485
+ - LUKS encryption integration
486
+ - Secure Boot signing
487
+ - ISO build automation (no CI yet)
488
+ - public release preparation
489
+ locked: US-1.1 through US-1.4 (debloat, security, branding, GDM customisation)
490
+ methodology_artifact: 19 issues numbered, each traced to root cause across layers
491
+ ```
492
+
493
+ ### 7.7 MISHKAN (harness research)
494
+ ```yaml
495
+ status: design v1 complete, build pending
496
+ locked: naming (45 agents), 6 teams, init flow, 5-layer architecture, knowledge promotion model
497
+ open_decisions:
498
+ - cognee_deployment_mode # local docker vs cloud vs hybrid
499
+ - local_model_runtime # ollama vs lm-studio vs llama.cpp
500
+ - install_scope # user-level vs per-project
501
+ not_yet_designed:
502
+ - agent_system_prompts
503
+ - claude_md_templates
504
+ - rules_files_content
505
+ - hook_implementations
506
+ - skill_implementations
507
+ - curated_library_content
508
+ - cognee_graph_schema
509
+ - observability_pipeline
510
+ - model_routing_config
511
+ ```
512
+
513
+ ### 7.8 RAG-CLI (planned, not started)
514
+ ```yaml
515
+ purpose: ingest 654K-token internal doc corpus, build knowledge graph, expose CLI for engineering process improvement queries
516
+ foundation: same Cognee instance MISHKAN needs
517
+ status: design only
518
+ corpus_ready: yes — 325 files, 13 doc types, strong interlinking, dated
519
+ ```
520
+
521
+ ## 8. Documentation Corpus (RAG-ready)
522
+
523
+ ```yaml
524
+ total_files: 325
525
+ total_size_mb: 5.6
526
+ total_tokens_est: 654000
527
+ language_split:
528
+ fr: 90%
529
+ en: 10%
530
+ distribution:
531
+ project_docs: 226 files, 591K tokens
532
+ home_level_docs: 6 files, 15K tokens
533
+ claude_session_memory: 93 files, 48K tokens
534
+ doc_types_identified:
535
+ - DESIGN_SPEC # PRD, SRS, ARCHITECTURE, MODELING
536
+ - INCIDENT_REPORT
537
+ - POSTMORTEM
538
+ - RUNBOOK
539
+ - INTEGRATION_JOURNAL
540
+ - HANDOVER_NOTE
541
+ - ARCHITECTURE
542
+ - AUDIT_REPORT
543
+ - README
544
+ - DEPLOYMENT_LOG
545
+ - SESSION_MEMORY
546
+ - ADR
547
+ - FEATURE_SPEC
548
+ - TODO_TRACKER
549
+ quality_flags:
550
+ todo_fixme_markers: 42
551
+ superseded_docs: 33
552
+ contradictions_detected: 2
553
+ mixed_language_within_doc: 7
554
+ status_frontmatter_present: false # convention not yet adopted
555
+ entity_density: high
556
+ services: 20+ # Keycloak, PostgreSQL, Redis, Celery, Whisper, MinIO, LiveKit, Nginx, Traefik, Grafana, Sentry, GlitchTip, Loki, etc.
557
+ hosts: 4 named # id.aiobi.world, meet.aiobi.world, docs.aiobi.world, AiobiDev
558
+ config_keys: 30+
559
+ ports: 15+
560
+ realms: 3
561
+ ip_subnets: 3
562
+ ```
563
+
564
+ ## 9. Gaps — Factual Inventory
565
+
566
+ ### 9.1 Skill (study required)
567
+ ```yaml
568
+ kubernetes:
569
+ status: absent
570
+ blocking: declarative orchestration progression
571
+ terraform_or_pulumi:
572
+ status: absent
573
+ blocking: IaC progression beyond bash + Compose
574
+ helm:
575
+ status: absent
576
+ blocking: K8s package distribution
577
+ go:
578
+ status: absent
579
+ blocking: SRE/Platform tooling layer
580
+ rust:
581
+ status: absent
582
+ blocking: systems performance work (longer-term)
583
+ formal_slo_practice:
584
+ status: absent
585
+ components_missing: [SLI definitions, error budgets, burn-rate alerts, SLO docs]
586
+ distributed_systems_depth:
587
+ status: absent
588
+ components_missing: [service mesh, mTLS, circuit breakers, RPC framework]
589
+ threat_modelling_as_artifact:
590
+ status: absent
591
+ components_missing: [STRIDE doc, attack tree, formal threat model per service or per system]
592
+ ```
593
+
594
+ ### 9.2 Practice (process change required)
595
+ ```yaml
596
+ sast_gates_in_ci:
597
+ status: not_automated
598
+ manual_equivalent: present (46-finding Forms audit done manually)
599
+ tools_missing: [semgrep, bandit, trivy, gitleaks, OSV-Scanner]
600
+ dependency_scanning_in_ci:
601
+ status: not_automated
602
+ docs_closure_ritual:
603
+ status: weak
604
+ symptom: many docs marked "à valider" indefinitely
605
+ fix: status frontmatter + sprint-end closure pass
606
+ changelog_automation:
607
+ status: partial
608
+ forms_repo: present
609
+ others_repo: absent
610
+ source: git-cliff or conventional-changelog could autogenerate from existing commits
611
+ test_coverage:
612
+ status: variable
613
+ weakest_repos: [IAM, eshu]
614
+ strongest_repos: [aiobi-form (phpunit), aiobi-docs (vitest)]
615
+ ai_friction_engineering:
616
+ status: reactive
617
+ symptom: 129 commit-format corrections, 125 session-persistence corrections, 53 push-protocol corrections
618
+ fix: bake recurring rules into mishkan-init skill + pre-commit hooks
619
+ late_night_deploy_rule:
620
+ status: absent
621
+ symptom: typo density 3x and prompt rigor degrades after 23:00 UTC
622
+ ```
623
+
624
+ ### 9.3 Tooling (build required)
625
+ ```yaml
626
+ cognee_or_knowledge_graph:
627
+ status: designed, not deployed
628
+ mcp_servers_configured:
629
+ status: 0 configured
630
+ needed: [cognee, filesystem, git, security_scanner]
631
+ mishkan_implementation:
632
+ status: spec v1 complete, code at 0%
633
+ rag_cli:
634
+ status: design only
635
+ memory_to_graph_migration:
636
+ status: not started
637
+ source: 93 flat-file MEMORY.md → Cognee nodes
638
+ go_binary_for_internal_tooling:
639
+ status: none built yet
640
+ ```
641
+
642
+ ## 10. Strengths — Factual Inventory
643
+
644
+ ```yaml
645
+ operational_mastery:
646
+ - 5 production services across 5 stacks managed solo on deploy side
647
+ - 626 commits / 66K insertions in 3 months at sustained quality
648
+ - Real blameless postmortems authored
649
+ - Idempotent rollback runbooks with pre-flight state capture
650
+ - Hash-based config drift detection in CI
651
+ - Dual root-cause identification in incidents
652
+ keycloak_deep_expertise:
653
+ - Custom Java SPI built from scratch
654
+ - Realm YAML hardening + bind-mount persistence
655
+ - SSO federation across multiple apps
656
+ - Infinispan JDBC session persistence
657
+ - Theme customisation including UTF-8 byte-level reconstruction
658
+ methodology_rigor:
659
+ - SWE-BASICS-BEFORE-CODE applied verbatim in IAM and MISHKAN
660
+ - ADR-0001 with 4-CRDT × 3-OT-framework trade-off matrix
661
+ - AïobiOS: 19 issues numbered, each traced to root cause across abstraction layer
662
+ - Doctoral-level engineering log methodology
663
+ ai_tooling_intentionality:
664
+ - Custom 40 KB aiobi-ops specialist agent
665
+ - Religious MEMORY.md discipline (93 files, 48K tokens)
666
+ - Asymmetric delegation rule (creative high / stateful zero)
667
+ - bun-TypeScript command validator hook
668
+ - MISHKAN architectural spec (815 lines) as original harness research
669
+ - Zero multi-tool sprawl by deliberate choice
670
+ documentation_practice:
671
+ - 654K tokens across 325 files, 13 distinct doc types
672
+ - Strong interlinking, dated, templated structure
673
+ - Bilingual (fr/en) with deliberate split by audience
674
+ debugging_discipline:
675
+ - Verification-first (no soupçon allowed)
676
+ - Identifies dual root causes (applicative + network)
677
+ - Documented refusal of guess-based fixes
678
+ brand_precision:
679
+ - Aïobi tréma enforced everywhere
680
+ - UTF-8 byte-level work in shell when needed
681
+ - Commit format strict and durable
682
+ security_practice:
683
+ - SECURITY.md per repo
684
+ - CVE-pinned dependencies with explicit comments
685
+ - SOPS for secret management
686
+ - Hardening overlays always re-applied
687
+ - SSO across suite via Keycloak
688
+ ```
689
+
690
+ ## 11. Project File Layout (Reference)
691
+
692
+ ```yaml
693
+ home_root: /home/ogu/
694
+ work_root: /home/ogu/theY4NN/
695
+ work_repos:
696
+ - /home/ogu/theY4NN/Aïobi-IAM/
697
+ - /home/ogu/theY4NN/AïobiMeet/
698
+ - /home/ogu/theY4NN/aiobi-form/
699
+ - /home/ogu/theY4NN/aiobi-docs/
700
+ - /home/ogu/theY4NN/eshu/
701
+ - /home/ogu/theY4NN/a-obi-design-system/ # dormant
702
+ - /home/ogu/theY4NN/docs/
703
+ - /home/ogu/theY4NN/harness/ # MISHKAN design
704
+ personal_root: /home/ogu/Projects/
705
+ personal_repos:
706
+ - /home/ogu/Projects/AïobiOS-Guidance/
707
+ claude_data:
708
+ - ~/.claude/
709
+ - ~/.claude/projects/<encoded-path>/memory/
710
+ - ~/.claude/projects/<encoded-path>/*.jsonl
711
+ infra_topology:
712
+ - aiobi_master: 207.180.255.229 (10.13.13.1) — production runtime
713
+ - ops_serv: 10.13.13.14 — CI runner host
714
+ - aiobi_dev: shared staging server (Forms, Meet, Docs, eshu staging)
715
+ ```
716
+
717
+ ## 12. Operating Preferences (Cached Rules)
718
+
719
+ ```yaml
720
+ session_modes:
721
+ exploration: default, free conversation, agents on demand
722
+ execution: triggered by /mishkan-init or convergence
723
+ interruption_priority: drop pending action immediately when user speaks
724
+ tool_choice:
725
+ prefer: Edit (vscode visibility)
726
+ avoid: sed for file modifications
727
+ use_for_files: Read/Edit/Write
728
+ reserve_for_shell: Bash only when no dedicated tool exists
729
+ git_protocol:
730
+ commit: assistant may commit locally
731
+ push: human only
732
+ ssh_to_prod: human only
733
+ schema_migration_execution: human only
734
+ log_inspection_execution: human only (assistant analyses output)
735
+ explanation_protocol:
736
+ before_implementing: 2-3 sentences + trade-offs + wait for approval
737
+ after_implementing: terse summary, do not narrate the diff
738
+ language_protocol:
739
+ internal_meta_work: French acceptable
740
+ technical_artifacts: English preferred
741
+ commit_subjects: French acceptable
742
+ output_protocol:
743
+ no_emojis: enforced everywhere
744
+ no_co_authored_by_trailers: enforced
745
+ detailed_explanations_over_summaries: preferred when documenting
746
+ no_invented_facts: verify timeframes against git log or mark as estimation
747
+ scope_protocol:
748
+ fix_what_was_specified: no "au passage" cleanup
749
+ ask_before_widening: scope expansion requires approval
750
+ ```
751
+
752
+ ---
753
+
754
+ *Profile is canonical present-state. Update on milestone events, role changes, or major work scope shifts. Designed for agent context loading with high signal density and low ceremony.*