clawdie/layered-soul
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(hive): record first-proof policy — scratch jail + test collection until hardening

Browse source 
First proven end-to-end uses a scratch jail + throwaway test collection only; no
real tenant data until path hardening (#92) lands. First-proof blockers are #88
(resolve collection by name) and #89 (per-call unlock); #92 is hardening.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Sam & Claude 2026-06-20 06:39:31 +02:00
parent b3c6514fc7
commit 7c3016cf06
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/HIVE-ONBOARDING.md
View file

@ -115,6 +115,12 @@ Smallest path that is real:
3. **Spawner hook** — call vault-provision right after jail create.
4. **`mother` skill in layered-soul** — the genesis sequence above.
**First-proof policy.** The first proven end-to-end runs against a **scratch jail + a
throwaway test collection only** — no real tenant data until the path hardening lands
(canonicalize + allowed-root containment, colibri issue #92). The two first-proof blockers
are colibri **#88** (resolve the collection by name) and **#89** (per-call unlock); #92 is
hardening that follows. Tracker state lives on those issues.
**Overengineering traps to avoid for now:** a custom Bitwarden web UI (Vaultwarden's own UI
+ a Collection is enough to start), billing/metering, a native Bitwarden protocol in Rust,
multi-region control plane, and recursive auto-spawn (gate it off until policy exists).