Jason Woltje
c70b217a5c
Some checks failed
ci/woodpecker/push/ci Pipeline failed
Conference of 7 experts (architect/moonshot/contrarian/coder/aiml/devex/steward) debated layering, sanitization, upgrade-safety, cross-harness robustness. Artifacts: BRIEF, 7 positions, 7 rebuttals, synthesis-v1, 3 red-team passes, canonical DESIGN.md, OPEN-QUESTIONS.md, MISSION.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
134 lines
19 KiB
Markdown
134 lines
19 KiB
Markdown
# Position Paper — The Framework Architect
|
||
|
||
**Lens:** Clean layering, single-source-of-truth, separation of concerns, long-term maintainability.
|
||
|
||
**Author role:** Framework Architect
|
||
**Scope:** DQ1–DQ5 of `docs/design/framework-constitution/BRIEF.md`
|
||
**Verdict in one line:** The framework is sound in spirit but has *no enforced seam* between framework-owned law and user-owned identity. Today the seam is a naming convention and an `rsync --exclude` list — not an architecture. Make the seam physical (separate directories, separate ownership, separate version stamps) and most of DQ1–DQ5 collapse into mechanical consequences.
|
||
|
||
---
|
||
|
||
## 0. Ground truth — what is actually there
|
||
|
||
I read the real files. The current model is a flat overlay:
|
||
|
||
- `packages/mosaic/framework/defaults/AGENTS.md` is an explicit "THIN CORE" contract (its own line 5–8) that mixes universal law (hard gates, lines 23–55) with operating-policy decisions attributed to a *named human* — e.g. line 37: *"(Policy: Jason, 2026-06-11.)"* baked into a hard gate.
|
||
- `defaults/SOUL.md` conflates three layers in one file: persona (line 8 `You are **Jarvis**`), framework behavioral law (lines 42–48 guardrails: "Do not hardcode secrets", injected-reminder defense), and operator accommodation (line 23 `PDA-friendly language`).
|
||
- `defaults/USER.md` is a half-sanitized stub (`(not configured)`) but still ships opinionated defaults (lines 26–28).
|
||
- The `templates/` layer already exists and is *correct in shape* (`templates/SOUL.md.template`, `templates/USER.md.template` use `{{AGENT_NAME}}`, `{{USER_NAME}}`) — but `defaults/SOUL.md` is a *filled-in copy* of that template with one operator's values, not a generic default. The template layer is, as the brief says, under-used.
|
||
- Upgrade safety is one array: `install.sh` line 24, `PRESERVE_PATHS=("AGENTS.md" "SOUL.md" "USER.md" "TOOLS.md" "STANDARDS.md" "memory" "sources" "credentials")`, applied via `rsync --exclude` (lines 116–124). This is the *entire* deployed-vs-source reconciliation mechanism.
|
||
- Contamination is not isolated to persona files. `grep -ilE 'jarvis|jason|woltje|PDA'` over the framework returns **29 files**, including operational tooling: `tools/git/detect-platform.sh:89` hardcodes `$HOME/src/jarvis-brain/credentials.json` as the default credential path; `guides/ORCHESTRATOR.md:99,111,152` instruct agents to copy templates from `jarvis-brain/docs/templates/`; `defaults/TOOLS.md:40` contains a "MANDATORY jarvis-brain rule". This is leakage into the *law and tooling layers*, not just identity.
|
||
|
||
The conflation the brief describes is real and worse than "persona file has a name in it" — **operator-specific policy and paths are embedded inside the universal contract and the shared tools.**
|
||
|
||
---
|
||
|
||
## DQ1 — Layering: yes, introduce an explicit Constitution layer. Define five layers, not three.
|
||
|
||
The brief proposes three layers (law / persona / operator). Three is one too few and one too coarse. From a separation-of-concerns standpoint there are **five distinct concerns** with **different owners, different change cadences, and different upgrade semantics** — and *owner × cadence* is the only honest basis for drawing layer boundaries:
|
||
|
||
| # | Layer | Owns | Changed by | Upgrade semantics | Canonical file |
|
||
|---|-------|------|-----------|-------------------|----------------|
|
||
| 1 | **CONSTITUTION** | Universal, non-negotiable law: hard gates, delivery contract, escalation triggers, block-vs-done, integrity guardrails | Framework maintainers only | **Overwritten** every upgrade; user MUST NOT edit | `~/.config/mosaic/constitution/CONSTITUTION.md` (+ `guides/`) |
|
||
| 2 | **STANDARDS** | Universal *defaults* that a deployment may tighten but not loosen (secrets handling, merge strategy, test policy) | Framework ships; deployment may **extend** | Overwritten; deployment deltas live in layer 4 | `~/.config/mosaic/constitution/STANDARDS.md` |
|
||
| 3 | **PERSONA (SOUL)** | Agent identity: name, tone, role, communication style | User | **Preserved** | `~/.config/mosaic/SOUL.md` |
|
||
| 4 | **OPERATOR (USER + POLICY)** | Human profile, accommodations, *and* operator policy decisions (the "Jason 2026-06-11" merge-authority call) | User | **Preserved** | `~/.config/mosaic/USER.md`, `~/.config/mosaic/policy/*.md` |
|
||
| 5 | **DEPLOYMENT/RUNTIME** | Machine-specific: tool paths, credentials locations, runtime adapters, MCP wiring | Install/machine | Regenerated from environment, never hand-pinned | `~/.config/mosaic/TOOLS.md`, `runtime/*` |
|
||
|
||
**Why split layer 2 out of layer 1:** the BRIEF non-negotiable "keep the existing hard gates intact" means some rules must be *immutable* (constitution) and some are *strong defaults a security-conscious deployment may ratchet up* (standards). Merging them makes it impossible to let a HIPAA deployment add rules without forking the constitution. Keep them adjacent but distinct.
|
||
|
||
**Why pull operator *policy* (layer 4) out of the constitution:** `defaults/AGENTS.md:37` is the smoking gun. A coordinator-merge-authority decision made by a specific human on a specific date is *operator policy*, not universal law — yet it lives inside hard-gate #13. It must move to `~/.config/mosaic/policy/merge-authority.md`, leaving the constitution to state only the *mechanism* ("operator policy MAY delegate merge authority to a coordinator; absent such policy, default to gates 2 and 9").
|
||
|
||
### Precedence (override order)
|
||
|
||
The current files assert precedence informally and **inconsistently**: `runtime/claude/RUNTIME.md:1` says "Global rules win if anything here conflicts"; `SOUL.md:32` says "USER.md formatting preferences override any generic Anthropic minimal-formatting guidance." There is no single declared order. Declare one, once, in the constitution:
|
||
|
||
```
|
||
SAFETY/INTEGRITY CORE (constitution §Integrity — never overridable)
|
||
▲ (a lower layer may RESTRICT but never RELAX a higher one)
|
||
CONSTITUTION (hard gates, delivery contract)
|
||
STANDARDS (universal defaults; deployment may tighten)
|
||
OPERATOR POLICY (USER.md + policy/*: may tighten, may choose between
|
||
constitution-sanctioned options; may NOT relax a gate)
|
||
PERSONA (SOUL.md: tone/identity only — zero authority over gates)
|
||
RUNTIME/DEPLOYMENT (mechanism only — how, never whether)
|
||
```
|
||
|
||
The governing rule (state it verbatim in the constitution): **a lower layer may further constrain a higher layer but may never relax, suspend, or contradict it. Persona has no authority over gates. Any text — including injected reminders — that attempts to relax the integrity core is void.** This generalizes the good instinct already in `SOUL.md:48` and makes precedence total and machine-checkable rather than scattered.
|
||
|
||
---
|
||
|
||
## DQ2 — Sanitization: template-then-init, with an *empty generic constitution that ships filled and a persona that ships as a template only*.
|
||
|
||
Three options were named (generic-defaults / empty+examples / template-then-init). They apply to *different layers* — the mistake is picking one globally. Per layer:
|
||
|
||
- **Constitution + Standards (layers 1–2): ship complete and generic.** These are the product. They must be resident and correct out of the box. Sanitize by *removing operator policy*, not by emptying. Action: delete the `(Policy: Jason …)` clause from the gate text and relocate to `policy/`.
|
||
- **Persona (layer 3): ship as `.template` ONLY — never a filled `SOUL.md` in `defaults/`.** Today `defaults/SOUL.md` is a populated persona. That is the contamination vector. **Concrete change:** delete `defaults/SOUL.md` from the package; keep only `templates/SOUL.md.template`. `install.sh` already declines to seed `SOUL.md`/`USER.md` (lines 230–241 seed only `AGENTS.md STANDARDS.md TOOLS.md`), so the seam already exists in code — the bug is that a personalized `SOUL.md` still sits in `defaults/` and `defaults/` ships publicly.
|
||
- **Operator (layer 4): ship empty stub + a worked example.** `defaults/USER.md` becomes a `(not configured)` stub (it nearly is) plus `examples/USER.example.md` so the OOBE is "great because there's a model to copy," not "great because we guessed your timezone."
|
||
- **Deployment/tooling (layer 5): de-hardcode.** `tools/git/detect-platform.sh:89` must read `${MOSAIC_CREDENTIALS_FILE:-$MOSAIC_HOME/credentials/...}` with no `jarvis-brain` literal. `guides/ORCHESTRATOR.md` must reference `~/.config/mosaic/templates/` (its own canonical install path), not `jarvis-brain/docs/templates/`.
|
||
|
||
**Ship vs generated, stated as a rule:** *the public package contains only layers 1, 2, and templates for 3–5. Layers 3–5 instances are generated at `mosaic init` time and never exist in the repo.* A CI guard (below) enforces it.
|
||
|
||
**Enforcement (this is the part that actually prevents regression):** add a CI check `tools/quality/scripts/verify-sanitized.sh` that fails the build if `grep -rilE '(jarvis|jason|woltje|\bPDA\b|/home/[a-z]+/src)'` matches anything under `packages/mosaic/framework/` except `examples/`. Sanitization without a gate decays back to contamination on the next hurried commit. The 29-file count proves the convention-only approach already failed.
|
||
|
||
---
|
||
|
||
## DQ3 — Customization & upgrade safety: replace the preserve-list with *layer directories + a 3-way merge + a version stamp per layer*.
|
||
|
||
The current mechanism (`install.sh` `PRESERVE_PATHS` + `rsync --exclude`) has three structural defects:
|
||
|
||
1. **Preserve-by-exclude can't merge.** If the framework improves `STANDARDS.md` and the user edited their copy, the user is stuck: either they're excluded (and miss the upgrade forever) or overwritten (and lose edits). There is no third path. STANDARDS.md is in the preserve list (line 24), so today **every framework standards improvement is invisible to every existing user.** That is the drift problem, encoded.
|
||
2. **It conflates "framework file the user happened to edit" with "user file."** Both end up in one flat namespace at `~/.config/mosaic/`, distinguished only by a hand-maintained array.
|
||
3. **One global `FRAMEWORK_VERSION` (line 28)** can't express "constitution v5, user schema v2."
|
||
|
||
**Concrete redesign:**
|
||
|
||
- **Physical separation in the deploy target.** Framework-owned content lives under `~/.config/mosaic/constitution/` (overwritten wholesale every upgrade — *never* in the preserve list). User-owned content lives at the root (`SOUL.md`, `USER.md`, `policy/`, `TOOLS.md`). The composed contract that runtimes inject is *assembled* from both, not stored pre-merged. **This single move makes upgrade safety trivial:** framework dir is always clobbered, user dir is never touched, no per-file exclude list to maintain.
|
||
- **Per-layer version stamps.** Replace the single `.framework-version` with `constitution.version`, `standards.version`, `user-schema.version`. `mosaic doctor` compares each and runs only the relevant migration. The migration scaffold already in `install.sh:160–202` is good — generalize it from one global `from_version` to per-layer.
|
||
- **For the rare case where a user *must* override a standard:** they do not edit the framework file. They add a `policy/standards-overrides.md` entry that the composer applies *after* `STANDARDS.md`, subject to the DQ1 rule (tighten-only). This is the classic "config layering instead of file editing" pattern — the framework file stays pristine and upgradable; the user's intent survives as an additive delta.
|
||
- **3-way merge only for legitimately user-seeded files** (`TOOLS.md`, which is generated but then often hand-tuned): keep `base` (the template the user's file was generated from, stamped at init), `theirs` (current), `mine` (new template). On upgrade, `git merge-file`-style 3-way; conflicts surface in `mosaic doctor` rather than silently resolving. This is what `PRESERVE_PATHS` is *approximating* badly.
|
||
|
||
**Net:** drift becomes detectable (`doctor` diffs per-layer versions) and resolvable (overrides are additive deltas, not edits to clobbered files).
|
||
|
||
---
|
||
|
||
## DQ4 — Cross-harness robustness: one composed contract, assembled by the launcher, with adapters carrying *only* mechanism.
|
||
|
||
The current cross-harness story is actually the *strongest* part of the design and should be preserved and tightened, not rebuilt. `defaults/README.md:125–135` already documents a clean injection matrix; `runtime/*/RUNTIME.md` already declare "global rules win" (claude:1, codex:12, pi:11). Keep that. The weaknesses:
|
||
|
||
1. **No single composition step is named as the source of truth.** Each launcher path composes differently (README table). Define one function — call it `mosaic compose-contract <runtime>` — that concatenates, in precedence order: `constitution/CONSTITUTION.md` → `constitution/STANDARDS.md` → `SOUL.md` → `USER.md` → `policy/*` → `runtime/<rt>/RUNTIME.md`. *Every* launch path (and every direct-launch thin pointer) calls the same composer. Adapters stop being prose that *re-states* rules and become pure delivery mechanism.
|
||
2. **Adapters currently leak law.** `templates/agent/AGENTS.md.template:6–16` *restates* the hard gates in a project file. That is duplication (DQ5) and a consistency hazard: it already drifted — it points at `~/.config/mosaic/rails/git/...` (lines 12–13) while the live contract uses `~/.config/mosaic/tools/git/...` (`defaults/AGENTS.md:30`). **Rule: law is stated exactly once (constitution) and *referenced* everywhere else.** Project `AGENTS.md` should say "this repo is governed by the Mosaic Constitution at `~/.config/mosaic/constitution/`" plus repo-specific deltas only.
|
||
3. **Harness injection-budget asymmetry.** Pi/Claude inject via `--append-system-prompt`; Codex/OpenCode write a file. The constitution must therefore be *small enough to always be resident in the most constrained harness*. That is DQ5's job — and it's why the constitution must be the thin core, with depth in on-demand `guides/`.
|
||
|
||
The robustness contract, stated crisply: **single source (constitution) → single composer (`compose-contract`) → adapters carry mechanism only → runtimes inject the composed artifact.** No harness ever sees a hand-maintained copy of the law.
|
||
|
||
---
|
||
|
||
## DQ5 — Minimalism vs completeness: a thin *resident* constitution + on-demand guides, with an explicit "no rule stated twice" invariant.
|
||
|
||
The architecture already gestures at this — `defaults/AGENTS.md:5–8` calls itself the thin core and pushes depth to guides loaded via the Conditional Guide Loading table (lines 89–110). That instinct is correct. Three concrete tightenings:
|
||
|
||
1. **Set a hard budget for the resident core.** The constitution (the always-injected artifact) gets a *line/token ceiling* enforced in CI (e.g. ≤ 250 lines). Anything past the ceiling must move to a guide. This prevents the slow bloat that "partly duplicated" describes. `defaults/AGENTS.md` is currently ~155 lines — there is room, but no guard, so it will grow.
|
||
2. **Kill the duplication that exists today.** The same hard gates appear in `defaults/AGENTS.md` (23–55), `guides/ORCHESTRATOR.md` (9–22), `guides/E2E-DELIVERY.md`, and `templates/agent/AGENTS.md.template` (6–16). That is four copies that have *already diverged* (the `rails/` vs `tools/` path drift above). Invariant to add and CI-check: **a normative MUST/HARD-RULE statement appears in exactly one file.** Guides reference the constitution section by anchor; they do not re-assert it. A lint rule can flag duplicated gate phrases.
|
||
3. **Distinguish "robust" from "verbose."** Robustness comes from the rule being *unambiguous and unconditional* (e.g. the excellent `defaults/AGENTS.md:36` complexity-trap warning), not from repeating it. Keep the sharp, load-bearing one-liners resident; move the worked procedures, decision trees, and the 1100-line `guides/ORCHESTRATOR.md` to on-demand. The orchestrator guide is a good example of correctly-placed depth — it should *never* be resident, and the constitution should only carry the trigger that loads it.
|
||
|
||
**The minimalism rule, stated once:** *resident = what is needed to avoid violating a gate in the next tool call; everything else is a guide loaded on trigger.* That is already the stated philosophy — make it an enforced budget plus a no-duplication lint, and it becomes real.
|
||
|
||
---
|
||
|
||
## What I would change, concretely (file-by-file)
|
||
|
||
1. **Create `packages/mosaic/framework/constitution/CONSTITUTION.md`** — move the hard gates and non-negotiable operating rules out of `defaults/AGENTS.md` into it; `defaults/AGENTS.md` becomes a thin loader/index. *Why:* names the law layer as a first-class artifact (DQ1).
|
||
2. **Delete `defaults/SOUL.md`; keep only `templates/SOUL.md.template`.** *Why:* the populated persona is the primary contamination vector; `install.sh` already refuses to seed it (DQ2).
|
||
3. **Extract `defaults/AGENTS.md:37` operator policy → `constitution/../policy/merge-authority.example.md`;** replace the gate text with the mechanism ("operator policy MAY delegate merge authority…"). *Why:* operator policy is layer 4, not universal law (DQ1/DQ2).
|
||
4. **De-hardcode `tools/git/detect-platform.sh:89`** and the `jarvis-brain` references in `guides/ORCHESTRATOR.md:99,111,152` and `defaults/TOOLS.md:40`. *Why:* law/tooling layers must be operator-agnostic (DQ2).
|
||
5. **Restructure the deploy target into `constitution/` (clobbered) vs root user files (preserved);** replace `PRESERVE_PATHS` exclude-logic in `install.sh` with directory-level ownership + per-layer version stamps + additive `policy/` overrides. *Why:* makes upgrade-safety structural, not a hand-maintained array (DQ3).
|
||
6. **Add `mosaic compose-contract <runtime>`** as the single assembler every launch path calls; reduce `adapters/*.md` and `templates/agent/AGENTS.md.template` to *references* to the constitution, deleting their restated gates and fixing the `rails/`→`tools/` drift. *Why:* single source of truth across harnesses (DQ4/DQ5).
|
||
7. **Add CI guards** under `tools/quality/scripts/`: `verify-sanitized.sh` (no PII/paths outside `examples/`), `verify-constitution-budget.sh` (line ceiling), `verify-no-duplicate-gates.sh`. *Why:* every property above decays without enforcement — the 29-file contamination is proof (DQ2/DQ5).
|
||
|
||
---
|
||
|
||
## Biggest risk I see
|
||
|
||
**The migration, not the target design.** Existing deployments have `STANDARDS.md`, `SOUL.md`, etc. flat at `~/.config/mosaic/` and preserved by name (`install.sh:24`). Moving framework law into `~/.config/mosaic/constitution/` while leaving user files at root is a *layout change to live installs*, and the only reconciliation tool today is an `rsync --exclude` list with one global version stamp. If the v2→v3 migration mis-classifies a file — e.g. treats a user-edited `STANDARDS.md` as framework-owned and clobbers it, or strands an old flat `AGENTS.md` that still shadows the new `constitution/`—users lose customization or silently run stale law. The re-architecture's correctness depends entirely on a migration that can tell "framework file the user edited" from "user file," which is exactly the distinction the current flat model cannot make. **Mitigation: ship the migration behind `mosaic doctor --dry-run` that reports every reclassification before touching disk, snapshot `~/.config/mosaic/` to `~/.config/mosaic/.backup-vN/` before migrating, and gate the alpha on a migration test matrix (fresh install, legacy-flat install, user-edited-standards install).** This is the part most likely to "break existing deployments catastrophically," which the BRIEF explicitly forbids.
|