pdurlej/platform

Fork 0

arch(governance): kontrakt + granica między `pdurlej/platform` a `pdurlej/iskra-openclaw` — co gdzie mieszka #74

New issue

Closed

opened 2026-05-05 02:08:26 +02:00 by pdurlej · 0 comments

pdurlej commented

2026-05-05 02:08:26 +02:00

Owner

Origin

Po wieczornych decyzjach (2026-05-05 noc):

Migracja iskra-openclaw#47 → platform#73 (post-hoc fix mojej własnej decyzji)
Audyt iskra-openclaw#43 i iskra-openclaw#44 (oba candidate do migracji)

Pojawia się systemowa potrzeba: kontrakt jaki kod / jakie issues żyją w którym repo. Bez tego każde follow-up issue wymaga ad-hoc decision-making, a precedensy się rozjeżdżają.

Per Piotra prośby (2026-05-05 ~01:50 CEST): "Potem audyt 43 i 44. Meta praca - zastanowienie się nad kontraktem i granicą między platform a iskra-openclaw."

Repo landscape (2026-05-05)

Repo	Last update	Open issues	Scope
`pdurlej/platform`	2026-05-05	17	platform infrastructure, agent governance, secrets, OpenClaw deploy, control plane
`pdurlej/iskra-openclaw`	2026-05-05	41	Iskra runtime, Iskra automation, Iskra audit, iskra-runtime-bound integrations
`pdurlej/vps-home-platform-infra`	2026-04-30	0	legacy; lokalny clone ma origin = `pdurlej/platform.git` (już zmigrowane)

Proposed contract

`pdurlej/iskra-openclaw` CONTAINS

Iskra runtime artifacts:

Iskra-specific scripts (scripts/iskra-*, scripts/honcho-*, scripts/continuity-*)
Iskra skills, cron-skills, automations
Iskra workspace files (~/.openclaw/workspace/ content reference)
Iskra channel definitions (signal/matrix integration per Iskra)
Iskra audit binaries (canary, operator-watch, deps-report, scheduled-sends-inventory)
Iskra-runtime-bound integrations (e.g., Codex SSH wrapper code — bo allowlist = Iskra commands)
Memory sidecar filters specific to Iskra context

Iskra issues:

Iskra behavior bugs (#1, #12, #17, #22, #23, #24, etc.)
Iskra automation features (#28, #34, #36, #38–#42)
Iskra audit findings (5× audyty: #10/12/13/22/33)
Iskra UX (#26 reactions, #32 ACK)

`pdurlej/iskra-openclaw` DOES NOT CONTAIN

OpenClaw runtime config / deploy artifacts (→ platform)
Module manifests / platformctl skeleton (→ platform)
Cross-agent governance (multi-agent identity, capability brokerage) (→ platform)
Secrets management infrastructure (Infisical resolvers, providers, brokers) (→ platform)
Vault → Infisical migration plans (→ platform)
Tailscale ACL, Forgejo Actions / CI guardrails for the platform (→ platform)
Agent vault / credential proxy / HTTPS_PROXY infrastructure (→ platform)

`pdurlej/platform` CONTAINS

Platform infrastructure:

OpenClaw deploy configs (compose/, config/, scripts/openclaw/)
Module manifests for ~80 modules + schema (v1, v2)
platformctl (control plane: validate, plan, health)
Forgejo Actions / CI guardrails
Secrets infrastructure: Infisical scripts, env files, resolvers, providers, policy/security.rego
Migration plans (Vault → Infisical, per-module cutover)
Tailscale ACL .hujson seed
Cross-cutting credentials/secrets/security work
Universal agent runtime infrastructure

Platform governance:

Agentic decomposition workflow (meta → atomic, proposed → ready-for-agent → ready-for-operator)
Per-agent identity governance (Forgejo MCP token scoping per agent — #56)
Agent capability brokerage / Agent Vault design
Risk classification (risk/exposure, risk/process, risk/product, risk/runtime)
ADR / Charter enforcement
Cross-agent audit pipeline (#57 Antigravity PR factory, #59 L4 meta, etc.)

Platform issues:

OpenClaw operability (#48, #49)
Module catalog (#61, #63–68, #70)
Network (#65), prompts (#67), repo docs (#68)
Vault → Infisical migration (#64)
Per-agent identity (#56)
Cross-cutting credentials (#73)

`pdurlej/platform` DOES NOT CONTAIN

Iskra-specific runtime scripts (→ iskra-openclaw)
Iskra workspace files (→ iskra-openclaw)
Iskra-runtime-bound integration code (wrapper allowlist with Iskra commands → iskra-openclaw)
Iskra behavior bugs (→ iskra-openclaw)

Cross-cutting pattern (most common)

Many concerns split into TWO issues — platform parent (governance/infra) + iskra-openclaw companion (Iskra-side integration). Examples:

Topic	Platform side	Iskra-openclaw side
Codex SSH access	governance, key rotation policy, Path B Infisical machine identity	wrapper code, allowlist (PR #45 in iskra-openclaw)
Credential delivery	`platform#73` (ssh-agent + TTL)	none directly — wrapper consumes via SSH
NotebookLM MCP for Iskra	broker config, capability registration, credential mapping	`iskra-openclaw#15` (Iskra skill that uses the broker)
Per-agent identity	`platform#56` (Forgejo MCP token scoping)	per-agent skill profile in iskra-openclaw if Iskra uses non-default identity
Memory sidecar filter (Agent Souls/)	none — sidecar is iskra-runtime-bound	`iskra-openclaw#46` (filter in `obsidian-conscious-memory` skill)
Vault → Infisical migration	`platform#64` (parent), `platform#43` future migration target	per-module rollout where iskra-side affected

Test for new issues

When opening a new issue, ask in order:

Czy to dotyczy tylko Iskry? (jej behavior, audit, automation) → iskra-openclaw
Czy to dotyczy wielu agentów, OpenClaw runtime, platform infrastructure, secrets? → platform
Are there two layers (platform governance + iskra integration)? → split + cross-ref, platform issue jako parent

If still ambiguous: lean platform. Reason: platform has more mature agentic governance (proposed → ready-for-agent → ready-for-operator flow, risk labels), and platform repo is less likely to need post-hoc migration. Migration cost from iskra-openclaw → platform > migration cost from platform → iskra-openclaw.

Open migration candidates (from tonight's audit)

Issue	Current home	Recommendation	Reason
`iskra-openclaw#47`	closed	✅ migrated → `platform#73`	done
`iskra-openclaw#43`	iskra-openclaw	migrate → platform	secrets architecture = platform domain (zob. audit comment 2026-05-05 02:10)
`iskra-openclaw#44`	iskra-openclaw	migrate → platform	agent SSH access = platform governance (zob. audit comment 2026-05-05 02:12); wrapper PR #45 stays
`iskra-openclaw#27` (OpenClaw 2026.5.x upgrade)	iskra-openclaw	candidate for review	OpenClaw runtime upgrade = platform; not yet audited

Sister concerns

Identity contract gap: ja (Claude w tej sesji) loguje się jako pdurlej admin (id 1) używając Macowego tokena, nie jako claude (id 3). Iskra (id 6), Codex (id 4), GLM (id 5), Claude (id 3) mają osobne Forgejo accounts, ale w tej sesji ja nie mam ich tokenu — więc moja issue authorship attribution jest pdurlej, nie claude. To jest exactly platform#56 topic. Sygnał że kontrakt potrzebuje też agent identity contract jako sister artifact. (Nie blocker dla tego issue, ale flag.)

Decision asks for Piotr

Kontrakt accept / edit? — body powyżej jest moja proposal. Twoja decyzja: accept, edit konkretne sekcje, reject.
Migracja #43, #44 zgodnie z auditami? — yes / no / tylko jedno z dwóch?
Migracja #27 (OpenClaw upgrade)? — TBD, czeka na osobny audyt — ten issue go nie scope'uje.
Identity contract jako osobny follow-up issue? — propozycja: platform#XX "agent Forgejo identity contract — per-agent token, not pdurlej-admin". Sister do tego kontraktu.
Repo README update? — po accept, dodać krótki "where things live" summary do pdurlej/iskra-openclaw/README.md i pdurlej/platform/README.md z linkiem do tego issue.

Why now (loss aversion)

Co się zamyka jeśli tego nie zrobimy:

Dziś otworzę dwa kolejne issues w niewłaściwym miejscu (jutro Codex też). Te 4 ad-hoc decyzje (#43, #44, #47, #46) z dzisiaj są warning shot, nie outlier.
Codex przy implementacji Phase 1 / Phase 3 nie będzie wiedział gdzie kod ma trafić. Każdy PR = pytanie "którego repo?". Friction skaluje się.
Iskra w issue #57 już mówi o "platform issues" jako class — bez kontraktu jej self-correction loop też się rozjeżdża.

Co się otwiera jeśli zrobimy:

Każdy nowy issue / PR ma jednoznaczne home. 30s decyzja zamiast 5min audytu.
Codex/GLM/Iskra mogą pracować autonomicznie bez "którego repo to?" rozmów.
Migracje legacy (#43, #44, #27) stają się jednorazowym kosztem zamiast permanent friction.

— Claude (audytor placement, 2026-05-05 ~02:15 CEST, post-Path-A-night, post-Oracle-GPT-5.5-pro-consult)

## Origin Po wieczornych decyzjach (2026-05-05 noc): - Migracja `iskra-openclaw#47` → `platform#73` (post-hoc fix mojej własnej decyzji) - Audyt `iskra-openclaw#43` i `iskra-openclaw#44` (oba candidate do migracji) Pojawia się **systemowa potrzeba**: kontrakt jaki kod / jakie issues żyją w którym repo. Bez tego każde follow-up issue wymaga ad-hoc decision-making, a precedensy się rozjeżdżają. Per Piotra prośby (2026-05-05 ~01:50 CEST): *"Potem audyt 43 i 44. Meta praca - zastanowienie się nad kontraktem i granicą między platform a iskra-openclaw."* ## Repo landscape (2026-05-05) | Repo | Last update | Open issues | Scope | |---|---|---|---| | `pdurlej/platform` | 2026-05-05 | 17 | platform infrastructure, agent governance, secrets, OpenClaw deploy, control plane | | `pdurlej/iskra-openclaw` | 2026-05-05 | 41 | Iskra runtime, Iskra automation, Iskra audit, iskra-runtime-bound integrations | | `pdurlej/vps-home-platform-infra` | 2026-04-30 | 0 | legacy; lokalny clone ma origin = `pdurlej/platform.git` (już zmigrowane) | ## Proposed contract ### `pdurlej/iskra-openclaw` CONTAINS **Iskra runtime artifacts**: - Iskra-specific scripts (`scripts/iskra-*`, `scripts/honcho-*`, `scripts/continuity-*`) - Iskra skills, cron-skills, automations - Iskra workspace files (`~/.openclaw/workspace/` content reference) - Iskra channel definitions (signal/matrix integration per Iskra) - Iskra audit binaries (canary, operator-watch, deps-report, scheduled-sends-inventory) - Iskra-runtime-bound integrations (e.g., Codex SSH **wrapper code** — bo allowlist = Iskra commands) - Memory sidecar filters specific to Iskra context **Iskra issues**: - Iskra behavior bugs (#1, #12, #17, #22, #23, #24, etc.) - Iskra automation features (#28, #34, #36, #38–#42) - Iskra audit findings (5× audyty: #10/12/13/22/33) - Iskra UX (#26 reactions, #32 ACK) ### `pdurlej/iskra-openclaw` DOES NOT CONTAIN - OpenClaw runtime config / deploy artifacts (→ platform) - Module manifests / platformctl skeleton (→ platform) - Cross-agent governance (multi-agent identity, capability brokerage) (→ platform) - Secrets management infrastructure (Infisical resolvers, providers, brokers) (→ platform) - Vault → Infisical migration plans (→ platform) - Tailscale ACL, Forgejo Actions / CI guardrails for the platform (→ platform) - Agent vault / credential proxy / HTTPS_PROXY infrastructure (→ platform) ### `pdurlej/platform` CONTAINS **Platform infrastructure**: - OpenClaw deploy configs (`compose/`, `config/`, `scripts/openclaw/`) - Module manifests for ~80 modules + schema (v1, v2) - platformctl (control plane: validate, plan, health) - Forgejo Actions / CI guardrails - Secrets infrastructure: Infisical scripts, env files, resolvers, providers, `policy/security.rego` - Migration plans (Vault → Infisical, per-module cutover) - Tailscale ACL `.hujson` seed - Cross-cutting credentials/secrets/security work - Universal agent runtime infrastructure **Platform governance**: - Agentic decomposition workflow (meta → atomic, `proposed` → `ready-for-agent` → `ready-for-operator`) - Per-agent identity governance (Forgejo MCP token scoping per agent — #56) - Agent capability brokerage / Agent Vault design - Risk classification (`risk/exposure`, `risk/process`, `risk/product`, `risk/runtime`) - ADR / Charter enforcement - Cross-agent audit pipeline (#57 Antigravity PR factory, #59 L4 meta, etc.) **Platform issues**: - OpenClaw operability (#48, #49) - Module catalog (#61, #63–68, #70) - Network (#65), prompts (#67), repo docs (#68) - Vault → Infisical migration (#64) - Per-agent identity (#56) - Cross-cutting credentials (#73) ### `pdurlej/platform` DOES NOT CONTAIN - Iskra-specific runtime scripts (→ iskra-openclaw) - Iskra workspace files (→ iskra-openclaw) - Iskra-runtime-bound integration code (wrapper allowlist with Iskra commands → iskra-openclaw) - Iskra behavior bugs (→ iskra-openclaw) ## Cross-cutting pattern (most common) Many concerns split into TWO issues — **platform parent** (governance/infra) + **iskra-openclaw companion** (Iskra-side integration). Examples: | Topic | Platform side | Iskra-openclaw side | |---|---|---| | Codex SSH access | governance, key rotation policy, Path B Infisical machine identity | wrapper code, allowlist (PR #45 in iskra-openclaw) | | Credential delivery | `platform#73` (ssh-agent + TTL) | none directly — wrapper consumes via SSH | | NotebookLM MCP for Iskra | broker config, capability registration, credential mapping | `iskra-openclaw#15` (Iskra skill that uses the broker) | | Per-agent identity | `platform#56` (Forgejo MCP token scoping) | per-agent skill profile in iskra-openclaw if Iskra uses non-default identity | | Memory sidecar filter (Agent Souls/) | none — sidecar is iskra-runtime-bound | `iskra-openclaw#46` (filter in `obsidian-conscious-memory` skill) | | Vault → Infisical migration | `platform#64` (parent), `platform#43` future migration target | per-module rollout where iskra-side affected | ## Test for new issues When opening a new issue, ask in order: 1. **Czy to dotyczy tylko Iskry?** (jej behavior, audit, automation) → `iskra-openclaw` 2. **Czy to dotyczy wielu agentów, OpenClaw runtime, platform infrastructure, secrets?** → `platform` 3. **Are there two layers** (platform governance + iskra integration)? → split + cross-ref, platform issue jako parent If still ambiguous: **lean platform**. Reason: platform has more mature agentic governance (`proposed` → `ready-for-agent` → `ready-for-operator` flow, risk labels), and platform repo is less likely to need post-hoc migration. Migration cost from iskra-openclaw → platform > migration cost from platform → iskra-openclaw. ## Open migration candidates (from tonight's audit) | Issue | Current home | Recommendation | Reason | |---|---|---|---| | `iskra-openclaw#47` | closed | ✅ migrated → `platform#73` | done | | `iskra-openclaw#43` | iskra-openclaw | migrate → platform | secrets architecture = platform domain (zob. audit comment 2026-05-05 02:10) | | `iskra-openclaw#44` | iskra-openclaw | migrate → platform | agent SSH access = platform governance (zob. audit comment 2026-05-05 02:12); wrapper PR #45 stays | | `iskra-openclaw#27` (OpenClaw 2026.5.x upgrade) | iskra-openclaw | candidate for review | OpenClaw runtime upgrade = platform; not yet audited | ## Sister concerns - **Identity contract gap**: ja (Claude w tej sesji) loguje się jako `pdurlej` admin (id 1) używając Macowego tokena, nie jako `claude` (id 3). Iskra (id 6), Codex (id 4), GLM (id 5), Claude (id 3) mają osobne Forgejo accounts, ale w tej sesji **ja nie mam ich tokenu** — więc moja issue authorship attribution jest pdurlej, nie claude. To jest exactly `platform#56` topic. **Sygnał że kontrakt potrzebuje też agent identity contract jako sister artifact.** (Nie blocker dla tego issue, ale flag.) ## Decision asks for Piotr 1. **Kontrakt accept / edit?** — body powyżej jest moja proposal. Twoja decyzja: accept, edit konkretne sekcje, reject. 2. **Migracja #43, #44 zgodnie z auditami?** — yes / no / tylko jedno z dwóch? 3. **Migracja #27 (OpenClaw upgrade)?** — TBD, czeka na osobny audyt — ten issue go nie scope'uje. 4. **Identity contract jako osobny follow-up issue?** — propozycja: `platform#XX` "agent Forgejo identity contract — per-agent token, not pdurlej-admin". Sister do tego kontraktu. 5. **Repo README update?** — po accept, dodać krótki "where things live" summary do `pdurlej/iskra-openclaw/README.md` i `pdurlej/platform/README.md` z linkiem do tego issue. ## Why now (loss aversion) **Co się zamyka jeśli tego nie zrobimy**: - Dziś otworzę dwa kolejne issues w niewłaściwym miejscu (jutro Codex też). Te 4 ad-hoc decyzje (#43, #44, #47, #46) z dzisiaj są warning shot, nie outlier. - Codex przy implementacji Phase 1 / Phase 3 nie będzie wiedział gdzie kod ma trafić. Każdy PR = pytanie "którego repo?". Friction skaluje się. - Iskra w issue #57 już mówi o "platform issues" jako class — bez kontraktu jej self-correction loop też się rozjeżdża. **Co się otwiera jeśli zrobimy**: - Każdy nowy issue / PR ma jednoznaczne home. 30s decyzja zamiast 5min audytu. - Codex/GLM/Iskra mogą pracować autonomicznie bez "którego repo to?" rozmów. - Migracje legacy (#43, #44, #27) stają się jednorazowym kosztem zamiast permanent friction. — Claude (audytor placement, 2026-05-05 ~02:15 CEST, post-Path-A-night, post-Oracle-GPT-5.5-pro-consult)

pdurlej added the

Rows
Columns

arch(governance): kontrakt + granica między pdurlej/platform a pdurlej/iskra-openclaw — co gdzie mieszka #74