Skip to content

Commit 4c45124

Browse files
docs: enhance .gitignore, add new scripts, and update documentation for clarity
Updated `.gitignore` to exclude sensitive files, including environment variables and private session states. Introduced new scripts: `list_capabilities.py` for generating a harness manifest and `verify_contract_hash.py` for validating contract integrity. Enhanced documentation in `README.md`, `SESSION_BOOTSTRAP.md`, and `OPENHARNESS_CONTEXT_MAP.md` to clarify the structure and usage of the harness, including the handling of public vs private data. Updated `capabilities.harness.yaml` to reflect new capabilities and ensure alignment with the scripts. Made-with: Cursor
1 parent ff476a4 commit 4c45124

29 files changed

+283
-195
lines changed

.cursor/skills/agent-native-architecture/references/dynamic-context-injection.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -336,3 +336,7 @@ When adding new features:
336336
- [ ] New capabilities are documented in system prompt
337337
- [ ] User vocabulary for the feature is mapped
338338
</checklist>
339+
340+
## OpenHarness (portable bundle)
341+
342+
The checklist above targets product apps with a live runtime. For the **OpenHarness** repo (markdown + `state/` + manifest), map checklist bullets to concrete files and scripts: see [`docs/OPENHARNESS_CONTEXT_MAP.md`](../../../../docs/OPENHARNESS_CONTEXT_MAP.md).

.cursor/state/daily/2026-03-22.md

Lines changed: 0 additions & 7 deletions
This file was deleted.

.cursor/state/decision-log.md

Lines changed: 0 additions & 17 deletions
This file was deleted.

.cursor/state/handoff_latest.md

Lines changed: 0 additions & 47 deletions
This file was deleted.

.cursor/state/scope_brain_map_gap_closure.md

Lines changed: 0 additions & 31 deletions
This file was deleted.

.github/workflows/ci.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
# Lightweight checks for docs/scripts parity (no SCP package required for contract hash step).
2+
name: CI
3+
4+
on:
5+
push:
6+
branches: [main, master]
7+
pull_request:
8+
9+
jobs:
10+
verify:
11+
runs-on: ubuntu-latest
12+
steps:
13+
- uses: actions/checkout@v4
14+
15+
- name: Set up Python
16+
uses: actions/setup-python@v5
17+
with:
18+
python-version: "3.12"
19+
20+
- name: Install PyYAML
21+
run: pip install PyYAML
22+
23+
- name: Script index parity (CHEATSHEET + YAML + disk)
24+
run: python scripts/verify_script_index.py
25+
26+
- name: Skills README vs SKILL.md descriptions
27+
run: python scripts/verify_skills_readme.py
28+
29+
- name: SCP contract fingerprint
30+
run: python scripts/verify_contract_hash.py

.gitignore

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,21 @@
11
# Local PDF extraction working copies (large; not for version control)
22
docs/research/_extract*.txt
3+
4+
# Secrets and environment (do not commit)
5+
.env
6+
.env.*
7+
!.env.example
8+
9+
# Keys and certificates (common filenames)
10+
*.pem
11+
*.key
12+
*.p12
13+
id_rsa
14+
id_rsa.pub
15+
*.pfx
16+
17+
# Local MCP config (secrets); do not commit. See docs/MCP_TRANSPARENCY.md, docs/MCP_PRIVATE_HOST.md
18+
.cursor/mcp.json
19+
20+
# Private session state at repo root (use root state/ for public schema + synthetic examples)
21+
.cursor/state/

.pre-commit-config.yaml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,3 +38,11 @@ repos:
3838
files: ^(\.cursor/skills/README\.md|\.cursor/skills/.*/SKILL\.md)$
3939
pass_filenames: false
4040
stages: [pre-commit]
41+
42+
- id: verify-contract-hash
43+
name: SCP contract SHA-256 fingerprint
44+
entry: python scripts/verify_contract_hash.py
45+
language: system
46+
files: ^docs/contracts/scp_mcp_v1\.(md|sha256)$
47+
pass_filenames: false
48+
stages: [pre-commit]

README.md

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ See [docs/CANONICAL_AGENT_BUNDLE.md](docs/CANONICAL_AGENT_BUNDLE.md) and [docs/V
6363

6464
## Private wellbeing / survival corpora
6565

66-
Do **not** commit purchased PDFs or full extracted text to this harness. Use a private path; run **SCP on extracted text** before any RAG or handoff. Canonical playbook: `local-proto` repo `docs/HUMAN_WELLBEING_CORPUS.md` and `docs/SURVIVAL_MEDICAL_RAG_DISCLAIMER.md` (sibling layout under the same workspace root). Decision: `.cursor/state/decision-log.md` (2026-03-20).
66+
Do **not** commit purchased PDFs or full extracted text to this harness. Use a private path; run **SCP on extracted text** before any RAG or handoff. Canonical playbook: `local-proto` repo `docs/HUMAN_WELLBEING_CORPUS.md` and `docs/SURVIVAL_MEDICAL_RAG_DISCLAIMER.md` (sibling layout under the same workspace root). For decision history in this repo, prefer root [`state/decision-log.md`](state/decision-log.md); use a private `.cursor/state/` checkout for material that must not ship publicly.
6767

6868
## Pre-commit
6969

@@ -91,7 +91,9 @@ When extending harness or adding components, use [docs/DELINEATION.md](docs/DELI
9191

9292
## Public vs private
9393

94-
This repo is a **public** reference: use **synthetic** handoff examples ([docs/examples/HANDOFF_EXAMPLE_SYNTHETIC.md](docs/examples/HANDOFF_EXAMPLE_SYNTHETIC.md)), not real session state. Keep real handoffs and experimental work in a **private** workspace; see [docs/PUBLIC_AND_PRIVATE_HARNESS.md](docs/PUBLIC_AND_PRIVATE_HARNESS.md).
94+
This repo is a **public** reference: use **synthetic** handoff examples ([docs/examples/HANDOFF_EXAMPLE_SYNTHETIC.md](docs/examples/HANDOFF_EXAMPLE_SYNTHETIC.md)), not real session state. Root [`state/`](state/) holds **schema + synthetic placeholders** suitable for cloning; keep real handoffs, `daily/`, archives, and decision logs with identifying detail in a **private** workspace or fork. **`.cursor/state/`** is gitignored here so local session files are not committed by mistake; see [docs/PUBLIC_AND_PRIVATE_HARNESS.md](docs/PUBLIC_AND_PRIVATE_HARNESS.md).
95+
96+
**Secrets:** `.gitignore` excludes `.env*`, common key filenames, and `.cursor/mcp.json`. Do not commit credentials; use env vars or a private config path per [docs/MCP_PRIVATE_HOST.md](docs/MCP_PRIVATE_HOST.md).
9597

9698
## OpenAtlas (related app, not in this repo)
9799

@@ -108,7 +110,7 @@ This repo is a **public** reference: use **synthetic** handoff examples ([docs/e
108110
- [INTENT_ENGINEERING.md](docs/INTENT_ENGINEERING.md)
109111
- [HANDOFF_FLOW.md](docs/HANDOFF_FLOW.md) (includes **Definition of done** for P1 verification + dual gates)
110112
- [PUBLIC_AND_PRIVATE_HARNESS.md](docs/PUBLIC_AND_PRIVATE_HARNESS.md)
111-
- [CANONICAL_AGENT_BUNDLE.md](docs/CANONICAL_AGENT_BUNDLE.md), [VERIFY_NOT_TRUST.md](docs/VERIFY_NOT_TRUST.md), [MCP_TRANSPARENCY.md](docs/MCP_TRANSPARENCY.md)
113+
- [CANONICAL_AGENT_BUNDLE.md](docs/CANONICAL_AGENT_BUNDLE.md), [VERIFY_NOT_TRUST.md](docs/VERIFY_NOT_TRUST.md), [MCP_TRANSPARENCY.md](docs/MCP_TRANSPARENCY.md), [GOVERNANCE.md](docs/GOVERNANCE.md)
112114
- [contracts/scp_mcp_v1.md](docs/contracts/scp_mcp_v1.md), [SCP_ENV_AND_TRUST.md](docs/SCP_ENV_AND_TRUST.md)
113115
- [AUTHORITY_MODEL.md](docs/AUTHORITY_MODEL.md)
114116
- [state/README.md](state/README.md)

capabilities.harness.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,8 @@ harness_capability:
4444
- verify_canonical_bundle.ps1
4545
- update_canonical_bundle_hashes.ps1
4646
- check_docs_portfolio_links.py
47+
- list_capabilities.py
48+
- verify_contract_hash.py
4749
- verify_script_index.py
4850
- verify_skills_readme.py
4951

0 commit comments

Comments
 (0)