mosaicstack/stack
1
0
Fork 0
Code Issues 26 Pull Requests 2 Actions Packages Projects Releases 14 Wiki Activity
Files
2c29349a3f3747fe98d93e75703f23e2d74210fe
stack/docs/design/framework-constitution/PRD.md
Jason Woltje 2c29349a3f
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Details
docs(design): add mission PRD (decisions locked, drift re-grounded) 
Captures operator decisions (MIT, neutral persona, Pi internal, OpenBrain
soft-degrade), re-grounding vs current main (cred-fix simplified, launch.ts
anchors shifted, contamination=31), R1-R10 requirements, and the P0-P6 plan.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-20 20:16:13 -05:00

7.7 KiB
Raw Blame History

PRD — Mosaic Framework Constitution & Public Sanitization (Alpha)

Status: Active · Derives from: DESIGN.md (canonical design) · Mode: Orchestrator (autonomous) Source of record for requirements. Implementation derives from this PRD; the design supplies the rationale.

1. Objective

Re-architect the public @mosaicstack/mosaic framework so that universal Constitution law is cleanly separated from per-user customization (agent persona, operator profile, preferences); remove all personal data from the public package; make customization upgrade-safe; keep the contract robust across Claude/Codex/Pi/OpenCode; ship a solid alpha.

2. Operator decisions (locked)

Ref Decision Locked value
Q1 License MIT (root + framework LICENSE, package.json field)
Q10 Persona example Neutral only. Accommodation/PDA content stays in the operator's private init-generated SOUL.md/USER.md; public ships a generic persona example.
Q9 Pi runtime Maintainer-internal for alpha. Public compliance matrix lists Claude/Codex/OpenCode as supported; Pi marked internal.
Q7 OpenBrain hook Soft-degrade. prevent-memory-write.sh still blocks the write when OPENBRAIN_URL is unset; it just omits the OpenBrain nudge.
Q2/Q3/Q5/Q6/Q8 Proceed on DESIGN.md provisional defaults (bare-launch = best-effort; non-interactive persona fail-closed; overlay scope SOUL/USER/STANDARDS.local; migration = .bak+advisory; two installers + shared fixtures).
Q4 CI authority Resolved: Woodpecker; config at repo-root .woodpecker/ (ci.yml install→typecheck→{lint,format,test}). New gates add steps/files there.

3. Re-grounding vs current main (drift since design)

main advanced 14 commits (June 16→20) during design. Verified deltas that change implementation targets (architecture unchanged):

  • Credential leak fix simplified (was Phase 0 fail-closed). #551 added a ~/.config/mosaic/credentials.json preference but kept the ~/src/jarvis-brain/credentials.json fallback at credentials.sh:20,23, detect-platform.sh:89, stack-health.sh:23. Fix = drop the jarvis-brain fallback, default to ~/.config/mosaic/credentials.json (align with #551 intent; no fail-closed).
  • launch.ts anchors shifted (#555/#556, +142/11): checkSoul :63, buildPrompt reads AGENTS.md :334, --append-system-prompt :649/:682, opencode AGENTS.md :674. Target current lines.
  • TOOLS.md rewritten (#554, +29 fleet cheatsheet) and prevent-memory-write.sh unchanged (still brain.woltje.com:29). install.sh, file-adapter.ts, mosaic-init unchanged — Phase 3/4 design holds.
  • Contamination = 31 files (was 29); new sites: systemd/user/README.md, tools/git/test-issue-create-body-safety.sh, tools/bootstrap/agent-lint.sh, tools/{coolify,glpi}/README.md. Phase 2 scope updated.
  • Active concurrent fleet development on main → keep phase PRs small and fast; rebase + re-verify anchors immediately before each phase's edits.

4. Requirements (the alpha must satisfy)

R1 — Legal. MIT LICENSE at monorepo root and packages/mosaic/framework/; "license":"MIT" in package.json. R2 — No executable leaks. No private path or domain in any shipped *.sh/hook: 4 credential sites → ~/.config/mosaic/credentials.json; prevent-memory-write.sh${OPENBRAIN_URL} soft-degrade. R3 — Sanitization gate. verify-sanitized.sh (structural rules + labeled current-contaminant denylist, self-tested, scoped to *.md+*.sh, excludes examples/) wired blocking in .woodpecker/. R4 — Clean tree. All 31 contaminated files purged; defaults/SOUL.md + jarvis-loop.json deleted; AUDIT-*.md relocated; examples/* created (neutral persona per Q10); rails/tools/ in both template families. R5 — Constitution layer. defaults/CONSTITUTION.md (L0) extracted by subtraction: gates in one place, capability-verb authored (no tool-named "else stop"), two-axis precedence verbatim, §1.4 merge-disambiguation split, firewall rule, tier-aware self-load; AGENTS.md gutted to ~50-line dispatcher (remove false "already in context"); constitution/LAYER-MODEL.md governance spec; restated policy stripped from STANDARDS + 4 RUNTIME files. R6 — Upgrade-safe customization. Seed lists split FRAMEWORK_OWNED (overwrite) vs USER_SEEDED (seed-if-absent) in both installers; AGENTS.md/STANDARDS.md out of PRESERVE_PATHS; snapshot→sync→restore; v2→v3 migration moves user edits to .local/.bak; FRAMEWORK_VERSION=3; mosaic-init --non-interactive fail-closed persona. R7 — Overlay composer. mosaic compose-contract <harness> merges base + SOUL.local/USER.local/STANDARDS.local before injection; per-harness emission; bare-launch base-only documented. R8 — Cross-harness. Single L0 source; runtime/templates reference, never restate; tiered injection; Tier-3 anchor is a byte-equal L0 substring; sequential-thinking contradiction rewritten to capability verbs in all 4 RUNTIME files; Pi marked internal (Q9). R9 — Verification. 5-fixture migration matrix (fresh / legacy-edited / tuned-standard / no-TTY / interrupt) green against both installers asserting injected bytes; composer unit test (per-tier anchor + Tier-3 byte-equality); resident line-count CI ceiling over framework-owned resident files. R10 — Docs. CONTRIBUTING.md (layer model, PII prohibition, dual-installer parity, known-limitations, harness×gate compliance matrix with hook-parity gap); update aiguide to stay consistent with the Constitution.

5. Phased delivery (each phase = its own CI-green PR; references issue #542 lineage)

Phase Scope Gates the tag? Key risk
P0 R1 + R2 (MIT LICENSE; 4 cred sites; OpenBrain soft-degrade) — ships first none (no behavior change)
P1 R3 (sanitization gate, self-tested, wired blocking; build goes red = P2 worklist) yes gate must self-test
P2 R4 (sanitize tree to green; delete SOUL.md/jarvis-loop; examples/*) yes breadth (31 files)
P3 R5 (extract CONSTITUTION.md by subtraction; gut AGENTS.md; LAYER-MODEL) yes weakening a gate during extraction
P4 R6 (overwrite semantics + migration + headless bootstrap, both installers + 5 fixtures) yes — gates tag migration data-loss
P5 R7 + R8 (compose-contract + composer test; cross-harness) yes new subsystem
P6 R9 line-count ceiling + R10 docs/compliance matrix + aiguide; tag mosaic-vX.Y.Z-alpha yes final reconciliation

6. Acceptance criteria (alpha Definition of Done)

All CI-green on main: R1R10 satisfied; verify-sanitized.sh green-and-wired; git grep for the contaminant denylist over shipped paths returns zero; 5-fixture migration matrix green on both installers asserting injected bytes; composer unit test green; resident line-count ceiling enforced; CONTRIBUTING.md

  • compliance matrix present; alpha tag pushed + release published; aiguide reconciled. Each phase PR independently reviewed (author≠reviewer) and merged.

7. Deferred to v2 (explicit)

constitution/ deploy dir; adapters/<h>.capabilities.json; 3-way merge; live-launch cross-harness smoke test; policy/*.md composition; per-layer version stamps as migration driver; DCO CI; Pi as public target.

8. Tracking

  • Umbrella: issue #542 (agency patterns) folds into this lineage; a milestone/issue per phase created via ~/.config/mosaic/tools/git/*.sh before each phase's coding.
  • Durable state: MISSION.md (phase status), this PRD, DESIGN.md (rationale), OPEN-QUESTIONS.md (resolved).
Reference in New Issue View Git Blame Copy Permalink