mosaicstack/stack
1
0
Fork 0
Code Issues 26 Pull Requests 2 Actions Packages Projects Releases 14 Wiki Activity

feat(framework): P1+P2 — public sanitization + blocking CI gate
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details

Browse Source 
Adds tools/quality/scripts/verify-sanitized.sh (two-class, self-tested) wired
blocking in .woodpecker/ci.yml; sanitizes operator identity from the public
framework package so the gate is green.

- purge jarvis/jason/woltje/PDA across 26 files -> generic
- delete jarvis-loop.json overlay; add neutral examples/{personas,overlays}
- relocate maintainer AUDIT to docs/audits/; delete 2 jarvis-brain rule blocks
- neutralize SOUL persona; strip "(Policy: Jason ...)" keeping universal rule
- test fixtures jason.woltje -> ci-bot (both git tests pass)

Deferred (tracked): private third-party host (uscllc) genericization.

Refs #542, closes #571

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Jason Woltje
2026-06-20 20:57:08 -05:00
parent 92316ab41e
commit 6ad96c37cd
31 changed files with 207 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/mosaic/framework/defaults/AGENTS.md
View File

@@ -34,7 +34,7 @@ At session start, additionally:
10. Manual `docker build` / `docker push` for deployment is FORBIDDEN when CI/CD pipelines exist in the repository. CI is the ONLY canonical build path for container images.
11. Before ANY build or deployment action, you MUST check for existing CI/CD pipeline configuration (`.woodpecker/`, `.woodpecker.yml`, `.github/workflows/`, etc.). If pipelines exist, use them — do not build locally.
12. The mandatory intake procedure is NOT conditional on perceived task complexity. A "simple" commit-push-deploy task has the same procedural requirements as a multi-file feature. Skipping intake because a task "seems simple" is the most common framework violation.
13. **Merge authority (coordinated work):** when a coordinator/orchestrator session is active for the work, the post-review MERGE GO-AHEAD is the coordinator's to give — once code has passed the required review gates, request the coordinator's go-ahead and merge on their confirmation; do NOT wait on the human owner personally. Solo (uncoordinated) delivery keeps the default: merge without routine confirmation per gates 2 and 9. A "No self-merge" note on a PR means no UNREVIEWED self-merge — it does not suspend coordinator-authorized merges. (Policy: Jason, 2026-06-11.)
13. **Merge authority (coordinated work):** when a coordinator/orchestrator session is active for the work, the post-review MERGE GO-AHEAD is the coordinator's to give — once code has passed the required review gates, request the coordinator's go-ahead and merge on their confirmation; do NOT wait on the human owner personally. Solo (uncoordinated) delivery keeps the default: merge without routine confirmation per gates 2 and 9. A "No self-merge" note on a PR means no UNREVIEWED self-merge — it does not suspend coordinator-authorized merges.
## Non-Negotiable Operating Rules (condensed — full detail in `guides/E2E-DELIVERY.md`)

139
packages/mosaic/framework/defaults/AUDIT-2026-02-17-framework-consistency.md
View File

@@ -1,139 +0,0 @@
# Mosaic Framework Consistency Audit
Date: 2026-02-17
Scope:
- `~/src/mosaic-bootstrap`
- `~/src/agent-skills`
- Installed runtime check: `~/.config/mosaic`
## Findings
| ID | Severity | Finding | Status |
| ------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------ | ---------- |
| MF-001 | High | QA rails scripts referenced invalid paths (missing `/qa/` segment) for `qa-hook-handler.sh` calls. | Remediated |
| MF-002 | Medium | Conditional-loading detection was biased to legacy `agent-guides` markers and missed Mosaic `guides`/`Conditional Context` phrasing. | Remediated |
| MF-003 | Medium | Framework spec text still described detection as `agent-guides`-based only. | Remediated |
| MF-004 | Medium | Runtime Claude overlay hardcoded skill count, which drifts over time. | Remediated |
| MF-005 | High | `pr-reviewer` skill used legacy `~/.claude/scripts/git` and `~/.claude/skills` paths. | Remediated |
| MF-006 | Medium | `using-git-worktrees` prioritized `CLAUDE.md` only and ignored Mosaic-first docs (`AGENTS.md`/`SOUL.md`). | Remediated |
| MF-007 | Medium | Marketing skills used `.claude/product-marketing-context.md` instead of Mosaic repo-local path. | Remediated |
| MF-008 | Low | `agent-skills/README.md` manual install/adaptation guidance referenced legacy Claude-only paths. | Remediated |
| MF-009 | Low | Historical creation-log contained stale Claude-specific path examples. | Remediated |
## Remediation Details
### MF-001 (QA rails path correction)
Updated:
- `tools/qa/qa-hook-wrapper.sh`
- `tools/qa/qa-hook-stdin.sh`
- `tools/qa/qa-hook-handler.sh`
- `tools/qa/remediation-hook-handler.sh`
- `tools/qa/qa-queue-monitor.sh`
Change:
- Standardized handler paths to `~/.config/mosaic/tools/qa/...`.
### MF-002 + MF-003 (conditional loading/context detection)
Updated:
- `tools/bootstrap/agent-lint.sh`
- `tools/bootstrap/agent-upgrade.sh`
- `templates/agent/SPEC.md`
Change:
- Detection now recognizes both legacy and Mosaic patterns:
- `agent-guides` (legacy compatibility)
- `~/.config/mosaic/guides`
- `Conditional Loading`
- `Conditional Context`
### MF-004 (runtime overlay drift-proofing)
Updated:
- `runtime/claude/CLAUDE.md`
Change:
- Removed hardcoded skills count text.
### MF-005 (pr-reviewer skill path migration)
Updated:
- `skills/pr-reviewer/SKILL.md`
Change:
- Replaced all `~/.claude/scripts/git/...` with `~/.config/mosaic/tools/git/...`.
- Replaced `~/.claude/skills/...` with `~/.config/mosaic/skills/...`.
### MF-006 (worktree skill docs hierarchy)
Updated:
- `skills/using-git-worktrees/SKILL.md`
Change:
- Replaced CLAUDE-only checks with `AGENTS.md` / `SOUL.md` (fallback: `CLAUDE.md`).
### MF-007 (marketing context path migration)
Updated:
- `skills/product-marketing-context/SKILL.md`
- All skills referencing product-marketing-context path (bulk update)
Change:
- Standardized context path to `.mosaic/product-marketing-context.md`.
### MF-008 + MF-009 (repo guidance cleanup)
Updated:
- `README.md` (agent-skills)
- `skills/writing-skills/SKILL.md`
- `skills/writing-skills/examples/CLAUDE_MD_TESTING.md`
- `skills/systematic-debugging/CREATION-LOG.md`
Change:
- Standardized references to `~/.config/mosaic/skills`.
- Removed stale Claude-only wording.
## Residual Legacy References (Intentional)
The following legacy references remain in `mosaic-bootstrap` by design and are not inconsistencies:
- Runtime compatibility tooling for Claude home directory management:
- `bin/mosaic-link-runtime-assets`
- `bin/mosaic-clean-runtime`
- `bin/mosaic-doctor`
- `bin/mosaic-sync-skills`
- `bin/mosaic-migrate-local-skills`
- Documentation explaining Claude runtime overlays:
- `README.md`
- `profiles/README.md`
- `adapters/claude.md`
- `runtime/claude/settings-overlays/jarvis-loop.json`
These are required to support existing Claude runtime integration while keeping Mosaic as canonical source.
## Verification
Executed checks:
- `rg -n "~/.claude|\\.claude/|agent-guides" ~/src/agent-skills -S`
- Result: no matches after remediation.
- `rg -n "~/.config/mosaic/tools/(qa-hook|remediation-hook|qa-queue-monitor)" ~/src/mosaic-bootstrap -S`
- Result: no invalid old-style QA rail paths remain.
- Installed runtime validation:
- `~/.config/mosaic` contains `tools/git`, `tools/portainer`, `tools/cicd`, `skills`, and `bin` tooling.

2
packages/mosaic/framework/defaults/README.md
View File

@@ -69,7 +69,7 @@ It also detects installed runtimes (Claude, Codex, OpenCode, Pi), configures seq
For CI or scripted installs:
```bash
mosaic init --non-interactive --name Jarvis --style direct --user-name Jason --timezone America/Chicago
mosaic init --non-interactive --name "Mosaic Agent" --style direct --user-name "Your Name" --timezone "UTC"
```
All flags: `--name`, `--role`, `--style`, `--user-name`, `--pronouns`, `--timezone`, `--mosaic-home`, `--source-dir`.

6
packages/mosaic/framework/defaults/SOUL.md
View File

@@ -5,14 +5,14 @@ It is loaded globally and applies to all sessions regardless of runtime or proje
## Identity
You are **Jarvis** in this session.
You are the **Mosaic agent** in this session.
- Runtime (Claude, Codex, OpenCode, etc.) is implementation detail.
- Role identity: execution partner and visibility engine
If asked "who are you?", answer:
`I am Jarvis, running on <runtime>.`
`I am the Mosaic agent, running on <runtime>.`
## Behavioral Principles
@@ -20,7 +20,7 @@ If asked "who are you?", answer:
2. Practical execution over abstract planning.
3. Truthfulness over confidence: state uncertainty explicitly.
4. Visible state over hidden assumptions.
5. PDA-friendly language, communication style, and iconography. Avoid overwhelming info and communication style..
5. Accessibility-aware: honor the operator's communication and formatting preferences declared in `USER.md`.
## Communication Style

6
packages/mosaic/framework/defaults/TOOLS.md
View File

@@ -66,12 +66,6 @@ starts, commits, PRs, test results, or file edits. At session start, `search` +
prior context. MCP (`mcp__openbrain__capture/search/recent/stats`) preferred when connected; else
REST/`tools/openbrain_client.py`. Full protocol: `guides/MEMORY.md`.
**MANDATORY jarvis-brain rule:** when working in `~/src/jarvis-brain`, NEVER capture project data,
meeting notes, status, timelines, or task completions to OpenBrain — the flat files
(`data/projects/*.json`, `data/tasks/*.json`) are the SSOT (use `tools/brain.py` + direct JSON
edits). OpenBrain there is for agent meta-observations ONLY (tooling gotchas, framework learnings,
cross-project patterns). Violating this creates duplicate, divergent data.
## Git Providers
| Host | Instance | CI |