CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-28 12:39:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(brain): setup-gbrain trust-policy step + sync-gbrain flags (T5b / T13+T5c)

Browse Source 
T5b — setup-gbrain Step 9.5:
  Inserts the brain trust policy AskUserQuestion before the verdict block.
  Detects active endpoint hash via gstack-config endpoint-hash. Branches
  per transport:
    * Local (sha == "local"): auto-set personal, one-line notice
    * Remote-MCP, unset: AskUserQuestion (personal vs shared)
    * Already-set: skip, just print current policy
  Personal default flips artifacts_sync_mode=full when still off.

T13+T5c — sync-gbrain:
  Adds two flag short-circuits:
    --refresh-cache : route to gstack-brain-cache refresh --project <slug>;
                       skip code + memory + brain-sync stages. Replaces
                       the planned /brain-refresh-context skill per D1
                       fold (one fewer always-loaded skill in catalog).
    --audit          : emit gstack-owned page summary + sensitive-content
                       leak check via gstack-brain-cache list. Read-only.
  Step 1 trust policy gate: fires the same AskUserQuestion as setup-gbrain
  Step 9.5 when policy is unset for a remote endpoint. Local engines
  auto-set personal silently. Idempotent for already-set policies.

Both templates re-rendered via bun run gen:skill-docs. Trust policy
question wording centralized in setup-gbrain Step 9.5; sync-gbrain
Step 1 references it to avoid prompt drift.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-05-26 23:13:23 -07:00
parent 71ee115bf5
commit 0c635919cd
4 changed files with 214 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
setup-gbrain/SKILL.md
+69
View File
@@ -1513,6 +1513,75 @@ and STOP with a NEEDS_CONTEXT escalation.
---
## Step 9.5: Brain trust policy (v1.48 brain-aware planning, D4 / Phase 1.5)
The brain trust policy controls whether gstack auto-pushes `~/.gstack/`
artifacts and writes calibration takes back to this brain. It's per-
endpoint: a user with both a local PGLite (personal) and a team remote
MCP (shared) gets both policies tracked separately.
Detect the active endpoint hash + current policy:
```bash
_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
echo "ENDPOINT_HASH: $_HASH"
echo "BRAIN_TRUST_POLICY: $_POLICY"
```
Branch on transport + current policy:
**If `_POLICY` is `personal` or `shared`:** policy already set. Print
"Trust policy for this endpoint: $_POLICY" and skip to Step 10.
**If `_POLICY` is `unset` AND `_HASH == "local"`:** auto-set personal
(local engines are inherently single-tenant). No AskUserQuestion.
```bash
~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
echo "Trust policy auto-set to 'personal' for local PGLite (single-tenant by construction)."
```
**If `_POLICY` is `unset` AND `_HASH != "local"` (remote MCP):** ask the
trust policy question via AskUserQuestion:
> The brain at this MCP endpoint — is it your personal brain or a
> shared/team brain?
>
> Personal: gstack auto-pushes ~/.gstack/ artifacts (CEO plans, design
> docs, retros, learnings) and writes calibration takes back as you make
> decisions. Your brain gets smarter every session. Pick this if you
> alone set up this brain.
>
> Shared/team: read-only by default. gstack reads context but prompts
> before any write. Safer for brains where your individual takes
> shouldn't pollute the shared corpus.
Options:
- A) Personal (recommended for self-hosted remote brains)
- B) Shared/team
After answer, persist:
```bash
~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH <personal|shared>
```
If `personal` was selected AND `artifacts_sync_mode` is still `off`, also
default it to `full` (D4 auto-push convention):
```bash
_CURRENT_SYNC=$(~/.claude/skills/gstack/bin/gstack-config get artifacts_sync_mode 2>/dev/null || echo off)
if [ "$_CURRENT_SYNC" = "off" ]; then
~/.claude/skills/gstack/bin/gstack-config set artifacts_sync_mode full
echo "artifacts_sync_mode auto-set to 'full' (personal brain default)."
fi
```
Backwards compat: existing users whose `artifacts_sync_mode_prompted` is
already `true` keep their answer; this gate only fires for new endpoints
or first-time-after-upgrade users.
## Step 10: GREEN/YELLOW/RED verdict block (idempotent doctor output)
After Steps 1-9 complete, summarize. Re-running `/setup-gbrain` on a
setup-gbrain/SKILL.md.tmpl
+69
View File
@@ -868,6 +868,75 @@ and STOP with a NEEDS_CONTEXT escalation.
---
## Step 9.5: Brain trust policy (v1.48 brain-aware planning, D4 / Phase 1.5)
The brain trust policy controls whether gstack auto-pushes `~/.gstack/`
artifacts and writes calibration takes back to this brain. It's per-
endpoint: a user with both a local PGLite (personal) and a team remote
MCP (shared) gets both policies tracked separately.
Detect the active endpoint hash + current policy:
```bash
_HASH=$(~/.claude/skills/gstack/bin/gstack-config endpoint-hash 2>/dev/null)
_POLICY=$(~/.claude/skills/gstack/bin/gstack-config get brain_trust_policy@$_HASH 2>/dev/null || echo unset)
echo "ENDPOINT_HASH: $_HASH"
echo "BRAIN_TRUST_POLICY: $_POLICY"
```
Branch on transport + current policy:
**If `_POLICY` is `personal` or `shared`:** policy already set. Print
"Trust policy for this endpoint: $_POLICY" and skip to Step 10.
**If `_POLICY` is `unset` AND `_HASH == "local"`:** auto-set personal
(local engines are inherently single-tenant). No AskUserQuestion.
```bash
~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH personal
echo "Trust policy auto-set to 'personal' for local PGLite (single-tenant by construction)."
```
**If `_POLICY` is `unset` AND `_HASH != "local"` (remote MCP):** ask the
trust policy question via AskUserQuestion:
> The brain at this MCP endpoint — is it your personal brain or a
> shared/team brain?
>
> Personal: gstack auto-pushes ~/.gstack/ artifacts (CEO plans, design
> docs, retros, learnings) and writes calibration takes back as you make
> decisions. Your brain gets smarter every session. Pick this if you
> alone set up this brain.
>
> Shared/team: read-only by default. gstack reads context but prompts
> before any write. Safer for brains where your individual takes
> shouldn't pollute the shared corpus.
Options:
- A) Personal (recommended for self-hosted remote brains)
- B) Shared/team
After answer, persist:
```bash
~/.claude/skills/gstack/bin/gstack-config set brain_trust_policy@$_HASH <personal|shared>
```
If `personal` was selected AND `artifacts_sync_mode` is still `off`, also
default it to `full` (D4 auto-push convention):
```bash
_CURRENT_SYNC=$(~/.claude/skills/gstack/bin/gstack-config get artifacts_sync_mode 2>/dev/null || echo off)
if [ "$_CURRENT_SYNC" = "off" ]; then
~/.claude/skills/gstack/bin/gstack-config set artifacts_sync_mode full
echo "artifacts_sync_mode auto-set to 'full' (personal brain default)."
fi
```
Backwards compat: existing users whose `artifacts_sync_mode_prompted` is
already `true` keep their answer; this gate only fires for new endpoints
or first-time-after-upgrade users.
## Step 10: GREEN/YELLOW/RED verdict block (idempotent doctor output)
After Steps 1-9 complete, summarize. Re-running `/setup-gbrain` on a