Force sync local SSD to repo root (all files)

Kabuki94 · Kabuki94 · commit c068055a68e5 · 2026-04-30T23:19:32.000-04:00
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -0,0 +1,43 @@
+# CLAUDE.md
+
+> Read by Claude Code (CLI, VSCodium/VSCode, JetBrains, Slack) on entry.
+> This is a redirector stub. The canonical agent prompt for MiOS-DEV is
+> `/usr/share/mios/ai/system.md` (or `/etc/mios/ai/system-prompt.md` for
+> host-local overrides).
+
+## Behavior contract
+
+1. **Load `/usr/share/mios/ai/system.md` first**, before any other file in
+   this repo. It is the authoritative system prompt.
+2. **Apply `/etc/mios/ai/system-prompt.md` as an override** if present
+   (host-local admin customization).
+3. **This file (`/CLAUDE.md`) carries Claude Code-specific deltas only.**
+   See §Tool-specific deltas below.
+
+If `/usr/share/mios/ai/system.md` is unreachable (e.g., running outside a
+MiOS host), fall back to the copy at `/system-prompt.md` in the repo root.
+
+## Tool-specific deltas (Claude Code only)
+
+- **TodoWrite usage:** Track multi-step audits, refactors, and migrations
+  with TodoWrite. One in_progress at a time. Mark completed immediately
+  on finish.
+- **File-creation defaults:** New files default to `/var/lib/mios/ai/scratch/`
+  unless the user specifies a path or the work is targeted at the system
+  overlay (`/automation/`, `/usr/share/mios/`, etc.).
+- **Tool permissions:** When unsure whether a tool call would mutate state,
+  prefer the read-only equivalent and ask before escalating. Never run
+  `git push`, `bootc upgrade`, `dnf install`, `systemctl`, `rm -rf` without
+  explicit user confirmation.
+- **Skills:** This repo does not need the docx/pptx/xlsx skills for routine
+  work. Use them only when explicitly asked to produce a Word/Excel/PowerPoint
+  artifact.
+- **Memory:** Per-session learnings persist to `/var/lib/mios/ai/memory/`.
+  Read `/usr/share/mios/ai/system.md` §12 before writing memory entries.
+
+## Sanitization reminder
+
+Per `/usr/share/mios/ai/system.md` §6, all artifacts persisted to repo paths
+or `/usr/share/mios/ai/` must be sanitized: no corporate entity references,
+no chat metadata, no tool-call envelopes, OpenAI API-compliant minimal form.
+This applies to anything you write — including this file's future revisions.
diff --git a/GEMINI.md b/GEMINI.md
@@ -0,0 +1,36 @@
+# GEMINI.md
+
+> Read by Gemini CLI on entry into this repo. Redirector stub.
+> Canonical agent prompt: `/usr/share/mios/ai/system.md`.
+
+## Behavior contract
+
+1. Load `/usr/share/mios/ai/system.md` first.
+2. Apply `/etc/mios/ai/system-prompt.md` as host-local override if present.
+3. This file carries Gemini CLI-specific deltas only.
+
+If `/usr/share/mios/ai/system.md` is unreachable, fall back to
+`/system-prompt.md` in the repo root.
+
+## Tool-specific deltas (Gemini CLI only)
+
+- **Sandbox model:** Gemini CLI typically operates from the working directory
+  as the sandbox root. On a MiOS-DEV host, `cwd` should be `/`. Do NOT treat
+  `/` as a "dangerous" path to avoid; it is the canonical repo root.
+- **Tool calls:** Use `read_file`, `list_directory`, `glob`, `search_file_content`
+  for read-only inspection. `write_file`, `replace`, `run_shell_command` are
+  mutating — confirm with the user before each invocation that touches a
+  whitelisted overlay path or the live system.
+- **Memory:** `/memory add` and `/memory show` write to
+  `/var/lib/mios/ai/memory/gemini-cli/`. The format must conform to
+  `/usr/share/mios/ai/system.md` §12 (one fact per record, file:line citation,
+  immutable, supersedes-by-reference).
+- **YOLO mode:** Even when `--yolo` is enabled, never `git push`, `bootc upgrade`,
+  `dnf install`, or destructive shell commands without explicit operator turn.
+
+## Sanitization reminder
+
+Per `/usr/share/mios/ai/system.md` §6, all persisted artifacts are sanitized.
+Specifically for Gemini CLI: do not write the strings "Gemini", "Google",
+"Bard", "DeepMind", or any vendor brand into pushed paths. Vendor brands stay
+in your runtime context only; persisted artifacts are vendor-neutral.
diff --git a/mios-ai-sanitize b/mios-ai-sanitize
@@ -0,0 +1,242 @@
+#!/usr/bin/env bash
+# /usr/libexec/mios/ai-sanitize
+# Sanitize AI artifacts to OpenAI API-compliant minimal form.
+# Implements rules from /usr/share/mios/ai/system.md §6.
+#
+# Usage:
+#   mios-ai-sanitize check <path>      # Report findings, exit 1 if dirty
+#   mios-ai-sanitize clean <path>      # In-place sanitize (creates .bak)
+#   mios-ai-sanitize diff <path>       # Show what would change
+#
+# Operates on: .md, .txt, .json, .yaml, .yml files.
+# Skips:       .sh, .py, source code (only sanitizes prose).
+
+set -euo pipefail
+
+readonly SCRIPT_NAME="$(basename "$0")"
+readonly MODE="${1:-}"
+readonly TARGET="${2:-}"
+
+if [[ -z "$MODE" || -z "$TARGET" ]]; then
+    cat >&2 <<EOF
+Usage: $SCRIPT_NAME <check|clean|diff> <path>
+
+Sanitizes AI artifacts per /usr/share/mios/ai/system.md §6.
+EOF
+    exit 1
+fi
+
+# ── Forbidden corporate entities (case-insensitive prose match) ──
+# These are stripped from prose. Source code and protocol references survive
+# (see system.md §6.1 exceptions).
+declare -ar FORBIDDEN_BRANDS=(
+    'Anthropic'
+    'Anthropic, Inc\.'
+    'Claude\.ai'
+    'Claude Sonnet'
+    'Claude Opus'
+    'Claude Haiku'
+    'OpenAI(, Inc\.)?'
+    'ChatGPT'
+    'GPT-4o?'
+    'GPT-3\.5'
+    'Google AI'
+    'Google DeepMind'
+    'DeepMind'
+    'Bard'
+    'Gemini (Pro|Advanced|Ultra)'
+    'Microsoft Copilot'
+    'GitHub Copilot'
+    'Bing AI'
+    'Mistral AI'
+    'Cohere'
+    'xAI'
+    'Grok'
+    'Perplexity AI'
+)
+
+# ── Forbidden conversational metadata patterns ──
+declare -ar FORBIDDEN_META=(
+    '^Human:'
+    '^Assistant:'
+    '^User:'
+    '^AI:'
+    '<thinking>'
+    '</thinking>'
+    '<'
+    '</'
+    '<scratchpad>'
+    '</scratchpad>'
+    '<reasoning>'
+    '</reasoning>'
+    'I.d be happy to help'
+    'Great question!'
+    'Let me think about this step by step'
+    '\[doc-[0-9]+-[0-9]+\]'
+)
+
+# ── Forbidden sandbox path traces ──
+declare -ar FORBIDDEN_PATHS=(
+    '/mnt/user-data/uploads'
+    '/mnt/user-data/outputs'
+    '/mnt/skills/'
+    '/home/claude'
+    '/home/ubuntu'
+    '/repo/'
+    '/workspace/'
+)
+
+# ── Whitelist (protocol references that survive) ──
+# These look like brand names but are actually protocol/spec references.
+declare -ar WHITELIST_PATTERNS=(
+    'OpenAI[ -]compatible'
+    'OpenAI v1'
+    'OpenAI API (spec|standard|protocol|format)'
+    '/v1/(chat|completions|embeddings|models|responses|mcp)'
+)
+
+is_whitelisted() {
+    local line="$1"
+    local pat
+    for pat in "${WHITELIST_PATTERNS[@]}"; do
+        if echo "$line" | grep -qE "$pat"; then
+            return 0
+        fi
+    done
+    return 1
+}
+
+# ── Scanning ──
+
+scan_file() {
+    local path="$1"
+    local findings=0
+    local lineno=0
+
+    # Skip non-prose files
+    case "$path" in
+        *.sh|*.py|*.rs|*.go|*.c|*.cpp|*.h|*.hpp|*.toml|*.ini|*.conf)
+            return 0  # Source code — skip
+            ;;
+    esac
+
+    while IFS= read -r line; do
+        lineno=$((lineno + 1))
+        is_whitelisted "$line" && continue
+
+        local pat
+        for pat in "${FORBIDDEN_BRANDS[@]}"; do
+            if echo "$line" | grep -qiE "\\b${pat}\\b"; then
+                printf '%s:%d: BRAND  %s\n' "$path" "$lineno" "$line"
+                findings=$((findings + 1))
+            fi
+        done
+
+        for pat in "${FORBIDDEN_META[@]}"; do
+            if echo "$line" | grep -qE "$pat"; then
+                printf '%s:%d: META   %s\n' "$path" "$lineno" "$line"
+                findings=$((findings + 1))
+            fi
+        done
+
+        for pat in "${FORBIDDEN_PATHS[@]}"; do
+            if echo "$line" | grep -qF "$pat"; then
+                printf '%s:%d: PATH   %s\n' "$path" "$lineno" "$line"
+                findings=$((findings + 1))
+            fi
+        done
+    done < "$path"
+
+    return "$findings"
+}
+
+# ── Cleaning ──
+
+clean_file() {
+    local path="$1"
+    local tmp
+    tmp="$(mktemp)"
+    cp "$path" "${path}.bak"
+
+    # Brand stripping: replace standalone brand mentions with neutral terms
+    sed -E \
+        -e 's/\b(Anthropic|Anthropic, Inc\.)\b//gI' \
+        -e 's/\b(Claude\.ai|Claude Sonnet|Claude Opus|Claude Haiku|Claude)\b/the assistant/gI' \
+        -e 's/\b(OpenAI, Inc\.|OpenAI Inc\.)\b//g' \
+        -e 's/\b(ChatGPT|GPT-4o?|GPT-3\.5|GPT)\b/the model/gI' \
+        -e 's/\b(Google AI|Google DeepMind|DeepMind|Bard)\b/the assistant/gI' \
+        -e 's/\bGemini (Pro|Advanced|Ultra)\b/the assistant/gI' \
+        -e 's/\b(Microsoft Copilot|GitHub Copilot|Bing AI)\b/the tool/gI' \
+        -e 's/\b(Mistral AI|Cohere|xAI|Grok|Perplexity AI)\b//gI' \
+        "$path" > "$tmp"
+
+    # Metadata stripping
+    sed -i -E \
+        -e '/^Human:/d' \
+        -e '/^Assistant:/d' \
+        -e '/^User:/d' \
+        -e '/^AI:/d' \
+        -e 's|</?thinking>||g' \
+        -e 's|</?antml:[^>]+>||g' \
+        -e 's|</?scratchpad>||g' \
+        -e 's|</?reasoning>||g' \
+        -e 's/I.d be happy to help[^.]*\.//g' \
+        -e 's/Great question!\s*//g' \
+        -e 's/Let me think about this step by step[^.]*\.//g' \
+        -e 's/\[doc-[0-9]+-[0-9]+\]//g' \
+        "$tmp"
+
+    # Path normalization (sandbox traces → FHS scratch)
+    sed -i \
+        -e 's|/mnt/user-data/uploads|/var/lib/mios/ai/scratch|g' \
+        -e 's|/mnt/user-data/outputs|/var/lib/mios/ai/scratch|g' \
+        -e 's|/mnt/skills/|/usr/share/mios/skills/|g' \
+        -e 's|/home/claude|/var/lib/mios/ai|g' \
+        -e 's|/home/ubuntu|/var/lib/mios/ai|g' \
+        "$tmp"
+
+    # Collapse double-blank lines (compaction)
+    awk 'BEGIN{blank=0} /^$/{blank++; if(blank<=1) print; next} {blank=0; print}' \
+        "$tmp" > "${tmp}.compact"
+
+    mv "${tmp}.compact" "$path"
+    rm -f "$tmp"
+
+    echo "Cleaned: $path (backup: ${path}.bak)"
+}
+
+# ── Dispatch ──
+
+case "$MODE" in
+    check)
+        if [[ -d "$TARGET" ]]; then
+            findings=0
+            while IFS= read -r -d '' f; do
+                scan_file "$f" || findings=$((findings + $?))
+            done < <(find "$TARGET" -type f \( -name '*.md' -o -name '*.txt' -o -name '*.json' -o -name '*.yaml' -o -name '*.yml' \) -print0)
+            echo "---"
+            echo "Total findings: $findings"
+            [[ "$findings" -eq 0 ]] || exit 1
+        else
+            scan_file "$TARGET" || exit 1
+        fi
+        ;;
+    clean)
+        if [[ -d "$TARGET" ]]; then
+            while IFS= read -r -d '' f; do
+                clean_file "$f"
+            done < <(find "$TARGET" -type f \( -name '*.md' -o -name '*.txt' -o -name '*.json' -o -name '*.yaml' -o -name '*.yml' \) -print0)
+        else
+            clean_file "$TARGET"
+        fi
+        ;;
+    diff)
+        clean_file "$TARGET" >/dev/null
+        diff -u "${TARGET}.bak" "$TARGET" || true
+        mv "${TARGET}.bak" "$TARGET"  # Restore — diff mode is non-destructive
+        ;;
+    *)
+        echo "Unknown mode: $MODE" >&2
+        exit 1
+        ;;
+esac
diff --git a/system.md b/system.md
