-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path0-AI-MANIFEST.a2ml
More file actions
92 lines (70 loc) · 4.48 KB
/
0-AI-MANIFEST.a2ml
File metadata and controls
92 lines (70 loc) · 4.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# STOP — CRITICAL READING REQUIRED
**THIS FILE MUST BE READ FIRST BY ALL AI AGENTS**
## WHAT IS THIS?
This is the AI manifest for **presswerk**. It declares:
- Canonical file locations (where things MUST be, and nowhere else)
- Critical invariants (rules that must NEVER be violated)
- Repository structure and organization
## CANONICAL LOCATIONS (UNIVERSAL RULE)
### Machine-Readable Metadata: `.machine_readable/` ONLY
These 6 SCM files MUST exist in `.machine_readable/` directory ONLY:
1. **.machine_readable/6a2/STATE.a2ml** - Project state, progress, blockers
2. **.machine_readable/6a2/META.a2ml** - Architecture decisions, governance
3. **.machine_readable/6a2/ECOSYSTEM.a2ml** - Position in ecosystem, relationships
4. **.machine_readable/6a2/AGENTIC.a2ml** - AI agent interaction patterns
5. **.machine_readable/6a2/NEUROSYM.a2ml** - Neurosymbolic integration config
6. **.machine_readable/6a2/PLAYBOOK.a2ml** - Operational runbook
**CRITICAL:** If ANY of these files exist in the root directory, this is an ERROR.
### Bot Directives: `.bot_directives/` ONLY
Bot-specific instructions for the gitbot-fleet (7 bots: rhodibot, echidnabot, sustainabot, glambot, seambot, finishbot, robot-repo-automaton).
### Source Code: `crates/` ONLY
All Rust source code lives in the `crates/` workspace directory. The six crates are:
- `presswerk-core` — Shared types, errors, config (no internal deps)
- `presswerk-security` — Encrypted storage, audit trail, TLS certs (depends: core)
- `presswerk-document` — PDF ops, image processing, scanning, OCR (depends: core)
- `presswerk-print` — IPP client/server, mDNS discovery, job queue (depends: core, security)
- `presswerk-bridge` — iOS (objc2) + Android (JNI) native bridges (depends: core)
- `presswerk-app` — Dioxus UI with 10 pages (depends: all above)
### Formal Verification: `src/abi/` and `ffi/zig/`
Idris2 ABI proofs in `src/abi/` (5 files):
- **Types.idr** — Core types with C ABI sizes, platform detection, injectivity proofs
- **Protocol.idr** — IPP op-code injectivity, job state machine (valid transitions, terminal states)
- **Encryption.idr** — encrypt/decrypt roundtrip, ciphertext bounds, key separation
- **Layout.idr** — Struct memory layout and alignment proofs
- **Bridge.idr** — Toll-free bridging, keychain semantics, thread safety, JNI invariants
Zig FFI in `ffi/zig/` — C-compatible exports (8 functions, 5 tests).
Generated C headers in `generated/abi/`.
## CORE INVARIANTS
1. **No SCM duplication** — Root must NOT contain .machine_readable/6a2/STATE.a2ml, .machine_readable/6a2/META.a2ml, etc.
2. **Single source of truth** — `.machine_readable/` is authoritative
3. **License** — All code MPL-2.0
4. **Author** — "Jonathan D.A. Jewell (hyperpolymath) <j.d.a.jewell@open.ac.uk>"
5. **No unsafe Rust** without `// SAFETY:` comment referencing ABI proofs
6. **No banned crates** — No C-based OCR (Tesseract), no openssl (use ring/rustls)
7. **No banned patterns** — No believe_me, Admitted, assert_total, unsafePerformIO, transmute
8. **Container standard** — Containerfile (not Dockerfile), Podman (not Docker), chainguard base images
## SESSION STARTUP CHECKLIST
1. Read THIS file (0-AI-MANIFEST.a2ml) first
2. Read `.machine_readable/6a2/STATE.a2ml` for current status (75% complete)
3. Run `cargo test -p presswerk-core -p presswerk-security -p presswerk-document -p presswerk-print` to verify state (68 tests expected)
4. Check for blockers in .machine_readable/6a2/STATE.a2ml
## PROJECT STATUS
- **Version:** 0.1.0
- **Completion:** 75%
- **Stats:** 46 Rust files, 10,749 lines, 5 Idris2 ABI files, 3 Zig FFI files
- **Tests:** 68 unit tests (47 print + 14 security + 7 document), 0 failures
- **Benchmarks:** 7 criterion benchmarks (3 security + 3 print + 1 document)
- **Workflows:** 21 GitHub Actions (CI, security scan, release, benchmarks, CodeQL, Scorecard, etc.)
- **Clippy:** 0 warnings
- **Audit:** 0 vulnerabilities (14 warnings — unmaintained GTK3 transitive deps)
- **Security:** panic-attack 0 critical, 4 high (FFI — covered by Bridge.idr)
- **Container:** Containerfile (chainguard wolfi-base, multi-stage, non-root)
- **Trustfile:** 7-step verification (ABI, banned patterns, audit, encryption, PQ readiness, hash, policy)
- **Remotes:** GitHub + GitLab (hyperpolymath/presswerk)
## META
- **Format Version:** 1.1.0
- **Created:** 2026-02-13
- **Updated:** 2026-02-14
- **Maintained By:** Jonathan D.A. Jewell (hyperpolymath)
- **License:** MPL-2.0
- **Protocol:** https://github.com/hyperpolymath/0-ai-gatekeeper-protocol