mosaicstack/stack
1
0
Fork 0
Code Issues 26 Pull Requests 2 Actions Packages Projects Releases 14 Wiki Activity

feat(framework): P0 — MIT license + executable-leak sanitization
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/pr/ci Pipeline was successful
Details

Browse Source 
First phase of the framework constitution alpha. No behavior change for
configured installs.

- Add MIT LICENSE (root + framework bundle) + "license":"MIT" in manifests
- Drop private jarvis-brain credential fallback at 3 sites; default to
  $HOME/.config/mosaic/credentials.json (aligns with #551)
- prevent-memory-write.sh: soft-degrade OpenBrain nudge via ${OPENBRAIN_URL},
  removing hardcoded brain.woltje.com; still blocks the write

Refs #542, closes #569

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-06-20 20:18:42 -05:00
parent e834bbb83c
commit 010bd1181c
8 changed files with 55 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/mosaic/framework/tools/_lib/credentials.sh
View File

@@ -17,10 +17,10 @@
# Run `load_credentials --help` for details.
if [[ -z "${MOSAIC_CREDENTIALS_FILE:-}" ]]; then
for _cand in "$HOME/.config/mosaic/credentials.json" "$HOME/src/jarvis-brain/credentials.json"; do
for _cand in "$HOME/.config/mosaic/credentials.json"; do
if [[ -f "$_cand" ]]; then MOSAIC_CREDENTIALS_FILE="$_cand"; break; fi
done
: "${MOSAIC_CREDENTIALS_FILE:=$HOME/src/jarvis-brain/credentials.json}"
: "${MOSAIC_CREDENTIALS_FILE:=$HOME/.config/mosaic/credentials.json}"
fi
_mosaic_require_jq() {

2
packages/mosaic/framework/tools/git/detect-platform.sh
View File

@@ -86,7 +86,7 @@ gitea_url_matches_host() {
get_gitea_service_for_host() {
local host="$1"
local cred_file="${MOSAIC_CREDENTIALS_FILE:-$HOME/src/jarvis-brain/credentials.json}"
local cred_file="${MOSAIC_CREDENTIALS_FILE:-$HOME/.config/mosaic/credentials.json}"
case "$host" in
git.mosaicstack.dev)

2
packages/mosaic/framework/tools/health/stack-health.sh
View File

@@ -20,7 +20,7 @@ source "$MOSAIC_HOME/tools/_lib/credentials.sh"
FORMAT="table"
SINGLE_SERVICE=""
QUIET=false
CRED_FILE="${MOSAIC_CREDENTIALS_FILE:-$HOME/src/jarvis-brain/credentials.json}"
CRED_FILE="${MOSAIC_CREDENTIALS_FILE:-$HOME/.config/mosaic/credentials.json}"
while getopts "f:s:qh" opt; do
case $opt in

6
packages/mosaic/framework/tools/qa/prevent-memory-write.sh
View File

@@ -26,7 +26,11 @@ FILE_PATH="${FILE_PATH/#\~/$HOME}"
# Block writes to Claude Code auto-memory files
if [[ "$FILE_PATH" =~ /.claude/projects/.+/memory/.*\.md$ ]]; then
echo "BLOCKED: Do not write agent learnings to ~/.claude/projects/*/memory/ — this is a runtime-specific silo."
echo "Use OpenBrain instead: MCP 'capture' tool or REST POST https://brain.woltje.com/v1/thoughts"
if [[ -n "${OPENBRAIN_URL:-}" ]]; then
echo "Use OpenBrain instead: MCP 'capture' tool or REST POST ${OPENBRAIN_URL%/}/v1/thoughts"
else
echo "Use OpenBrain instead: the 'capture' MCP tool (set OPENBRAIN_URL for the REST endpoint)."
fi
echo "File blocked: $FILE_PATH"
exit 2
fi