Initialize ops repository

2025-12-17 15:13:19 +00:00
commit f375d21a9e
51 changed files with 590 additions and 0 deletions
--- a/00-doctrine/.gitkeep
+++ b/00-doctrine/.gitkeep
@@ -0,0 +1 @@
+
--- a/00-doctrine/README.md
+++ b/00-doctrine/README.md
@@ -0,0 +1,7 @@
+# Doctrine
+
+This directory defines the non-negotiable rules of operation.
+
+- `operator-charter.md` is the one-page version you keep visible.
+- `personal-operating-doctrine.md` is the full doctrine that everything derives from.
+
--- a/00-doctrine/backup-doctrine.md
+++ b/00-doctrine/backup-doctrine.md
@@ -0,0 +1,25 @@
+# Backup Doctrine
+
+## Principles
+
+- Backups exist for **calm recovery**, not comfort.
+- Encrypt backups **before** they leave the system.
+- A backup that cannot be safely lost is incorrectly scoped.
+- Restores are verified: a backup without a restore test is a hope, not a backup.
+
+## In-repo boundaries
+
+- What is backed up, where it is stored, and how it is restored is recorded in `60-backups/manifests/`.
+- Proof that restores work (restore drills, checksums, validation notes) lives in `60-backups/restore-tests/`.
+
+## Minimum standard
+
+For each backup set, record:
+
+- Source (what)
+- Destination (where)
+- Method (how)
+- Frequency (when)
+- Restore procedure (how to get it back)
+- Validation (how you know it worked)
+
--- a/00-doctrine/identity-law.md
+++ b/00-doctrine/identity-law.md
@@ -0,0 +1,27 @@
+# Identity Law
+
+## Principles
+
+- Operate via **roles**, not personalities.
+- Issue access as **leases** (time-bound, revocable), not permanence.
+- Prefer **short-lived credentials** over long-lived secrets.
+- Public keys are safe to store; private keys are not.
+
+## In-repo boundaries
+
+- Role definitions live in `20-identity/roles/`.
+- Policies and intent live in `20-identity/policies/`.
+- Leases (who/what has access, until when) live in `20-identity/leases/`.
+- Public keys live in `20-identity/keys/public/`.
+- Private keys and plaintext secrets never live in this repo.
+
+## Required properties (revocation)
+
+Every identity mechanism must support:
+
+1. **Revoke**: shut it off quickly.
+2. **Rotate**: replace it predictably.
+3. **Prove**: show what changed and when.
+
+If any of the above is not true, the mechanism does not belong in the core.
+
--- a/00-doctrine/operator-charter.md
+++ b/00-doctrine/operator-charter.md
@@ -0,0 +1,113 @@
+# The Operator Charter (One Page)
+
+*(v1.0)*
+
+## I. Prime Directive
+
+I do not optimize for convenience. I optimize for **clarity, recoverability, and sovereignty**.
+
+If a system cannot be understood, rebuilt, or revoked, it does not belong.
+
+## II. The Core
+
+There is **one core of authority**.
+
+- `op-core-vm` is the origin of action.
+- It is disposable, but authoritative.
+- No critical action occurs outside it.
+
+The host is a console. The phone is a witness.
+
+## III. Identity Law
+
+Identity is finite.
+
+- Roles over personalities.
+- Least privilege, always.
+- Devices receive leases, never permanence.
+
+Anything that cannot be revoked cleanly is a liability.
+
+## IV. Naming Is Reality
+
+If it cannot be named correctly, it is not understood.
+
+Format:
+
+```
+<role>-<scope>-<id>
+```
+
+No myth names. No ambiguity. Renaming precedes deletion.
+
+## V. Infrastructure Doctrine
+
+Infrastructure is **cattle, not pets**.
+
+- Nodes are replaceable.
+- Loss is expected.
+- Rebuilds are boring.
+
+Sentiment is reserved for people, not machines.
+
+## VI. Separation of Meaning
+
+Meaning and infrastructure never mix.
+
+- Knowledge, media, philosophy → cold storage.
+- Keys, infra, authority → clean core.
+
+What matters must be portable. What operates must be disposable.
+
+## VII. Backup Rule
+
+Backups exist for **calm recovery**, not comfort.
+
+- Encrypt before upload.
+- Cloud storage is a vault, never a brain.
+- No live sync for the core.
+
+If losing a backup causes panic, it is wrongly scoped.
+
+## VIII. The Nuke Test
+
+Every system must answer:
+
+> “If this disappears today, can I rebuild without panic?”
+
+If not: reduce scope, split responsibility, document recovery, or remove it.
+
+## IX. Tool Discipline
+
+Every tool must earn its place.
+
+- Fewer tools, deeper mastery.
+- No duplicates without reason.
+- No installs without intent.
+
+Bloat is deferred failure.
+
+## X. Drift Control
+
+Entropy is natural. Drift is optional.
+
+Regularly: audit identities, review devices, correct names, delete without regret.
+
+Maintenance is freedom.
+
+## XI. Authority Boundary
+
+Critical actions occur only:
+
+- from the core
+- with intent
+- with traceability
+
+No shortcuts. No “just this once”.
+
+## XII. Final Law
+
+I build systems I am **not afraid to touch**.
+
+If fear appears, I stop — not to hesitate, but to **restore clarity**.
+
--- a/00-doctrine/personal-operating-doctrine.md
+++ b/00-doctrine/personal-operating-doctrine.md
@@ -0,0 +1,111 @@
+# Personal Operating Doctrine — Operator Edition
+
+*(v1.0)*
+
+## 1. Prime Directive
+
+I do not optimize for convenience. I optimize for **clarity, recoverability, and sovereignty**.
+
+If a system cannot be understood, rebuilt, or revoked, it does not belong.
+
+## 2. The Core
+
+There exists **one core** from which all authority flows:
+
+- `op-core-vm` is the origin of action.
+- It is disposable, but authoritative.
+- Nothing touches critical infrastructure unless it originates here.
+
+The host machine is a **console**, not a source of trust. The phone is a **witness**, not a workstation.
+
+## 3. Identity Law
+
+Identity is finite.
+
+- I operate through **roles**, not personalities.
+- Each role has minimal scope and clear purpose.
+- Devices hold **leases**, never permanent identity.
+
+Anything that cannot be cleanly revoked is a liability.
+
+## 4. Naming Is Reality
+
+If I cannot name it correctly, I do not understand it.
+
+All systems are named by:
+
+```
+<role>-<scope>-<id>
+```
+
+No myth names. No vibes. No ambiguity.
+
+Renaming precedes deletion. Deletion follows clarity.
+
+## 5. Infrastructure Is Cattle
+
+No machine is sacred.
+
+- All nodes are replaceable.
+- Rebuilds are expected.
+- Loss is boring, not catastrophic.
+
+Sentiment is reserved for people and meaning — never machines.
+
+## 6. Separation of Concerns
+
+Meaning and infrastructure do not mix.
+
+- Knowledge, media, philosophy → cold storage.
+- Keys, infra, authority → clean core.
+
+What matters must be portable. What operates must be disposable.
+
+## 7. Backup Doctrine
+
+Backups exist to enable **calm recovery**, not comfort.
+
+- All backups are encrypted **before** leaving the system.
+- Cloud storage is a **vault**, never a brain.
+- No live sync for core systems.
+
+If a backup cannot be lost safely, it is incorrectly scoped.
+
+## 8. The Nuke Test
+
+Any system must pass this test:
+
+> “If this disappears today, can I rebuild without panic?”
+
+If the answer is no: reduce scope, split responsibility, document recovery, or remove it entirely.
+
+## 9. Tool Minimalism
+
+Every tool must earn its place.
+
+- Fewer tools, deeper mastery.
+- No duplicates without reason.
+- No installs without intent.
+
+Bloat is deferred failure.
+
+## 10. Drift Control
+
+Entropy is inevitable. Drift is optional.
+
+I perform regular identity audits, device reviews, naming corrections, and deletion passes.
+
+Maintenance is a form of freedom.
+
+## 11. Authority Boundary
+
+Critical actions happen only from `op-core-vm`, with intent, awareness, and traceability.
+
+No “just this once”. No shortcuts.
+
+## 12. Final Rule
+
+I build systems I am **not afraid to touch**.
+
+If fear appears, I stop — not to hesitate, but to **restore clarity**.
+