Appearance
Approved File Paths
REFERENCE — consult during any write operation. See runtime-workflow for delegation rules.
Permitted write locations
| Path | Purpose | Harnesses |
|---|---|---|
/Users/nnamdi/hinata-v2/ | Vault — primary knowledge base | Claude (General) |
/Users/nnamdi/Sandpit/hinata/ | Sandpit — scripts, applications, ephemeral work | Claude, Cloud, Antigravity |
/Users/nnamdi/Sandpit/hinata-sandpit/ | Sandpit git repo — committed operational state; data/bulma/ holds Mac-side banking reauth artifacts only (Z2 is token master) | Claude, Cloud |
~/Library/LaunchAgents/ | macOS LaunchAgents — scheduled jobs | Claude (infra tasks only) |
~/.cursor/skills*/ | Cursor skill definitions | Antigravity |
/Users/nnamdi/Library/CloudStorage/OneDrive-Personal/hinata-onedrive/ | OneDrive sync target | Claude |
Forbidden paths
| Path | Reason |
|---|---|
/Users/nnamdi/ (root) | Home root is forbidden — no exceptions, not even temporarily |
~/.codex | Codex harness config — never modify from another harness |
~/.gemini | Gemini harness config — never modify from another harness |
~/.antigravitycli | Antigravity harness config — never modify from another harness |
/Users/nnamdi/Library/Mobile Documents/iCloud~md~obsidian/ | Legacy vault path — blacklisted, never reference or write |
hinata-v2/captain/, hinata-v2/commander/ | Dissolved 2026-06-11 (Michael ruling) — no agent-separated vault folders; operational surfaces live on Z2 (/mnt/data/hinata/ or containers) |
hinata-v2/inbox/ | Dissolved 2026-06-11 (Michael ruling) — capture enters via the OneDrive (CT113 bisync) hinata-inbox/ only |
hinata-v2/the-government/tasks/ | Dissolved 2026-06-11 (Michael ruling) — tasks master is /mnt/data/hinata/tasks/tasks.json on Z2, accessed via tasks_io (local on Z2, ssh one-shot from Mac, loud failure, no vault fallback) |
| Any path outside the above permitted list | Vault boundary — see runtime-workflow |
Vault subdirectory write rules
| Directory | Who writes | What goes there |
|---|---|---|
federation/ | General only | Agent context (_context.md) and agent definitions (_agent.md) |
supreme-court/ | General only | Strategy, laws, preferences, task lifecycle, deployment, format rules |
the-government/ | General + Commanders (via routing) | Diataxis-classified outputs |
~/Library/CloudStorage/OneDrive-Personal/hinata/hinata-inbox/ | All CLIs (via Minato) | Handover files, ingested content, pending classification |
.claude/ | General only | Settings, skills, hooks config |
Vault directory registry
Top-level directories
| Directory | Purpose | Index |
|---|---|---|
supreme-court/ | Strategy, laws, governance | supreme-court/index |
the-government/ | Diataxis-classified outputs | the-government/index |
federation/ | Agent context + agent definitions (129 files) | Flat — no subdirs except demoted/ |
~/Library/CloudStorage/OneDrive-Personal/hinata/hinata-inbox/ | Handover files, ingested content, pending classification (OneDrive — Minato's inbox) | — |
.claude/ | Settings, skills, hooks, commands | — |
supreme-court/ subdirectories
| Subdirectory | Files | What it governs |
|---|---|---|
runtime/ | 29 | Chain of command, session lifecycle, architecture, credentials, security, domain registry |
format-design/ | 22 | Naming conventions, diataxis, folder structure, file format standards |
preferences/ | 10 | User feedback, persona language, growth philosophy, plan format |
task-lifecycle/ | 8 | Enrichment checks, signal extraction, deletion intent, retention |
handover/ | 5 | Per-CLI durable re-attach state |
deployment/ | 1 | Cloudflare, Tailscale, Z2 always-on rules |
kpi-thresholds/ | 0 | Commander KPI gates (pending) |
telegram/ | 0 | Telegram noise policy, alert thresholds (pending) |
the-government/ subdirectories
| Subdirectory | Files | Diataxis type |
|---|---|---|
information_reference/ | 77 | Reference (cognition × application) |
how_to_guides/ | 22 | How-to (action × application) |
understanding_explanation/ | 15 | Explanation (cognition × acquisition) |
tutorials_learning/ | 3 | Tutorial (action × acquisition) |
information_reference/ — canonical use cases
Reference is the yellow pages: pure directory information consulted while working. "What is the address/port/endpoint/key/name?" — not "how do I set it up" or "why we chose it."
| Belongs in reference | Example |
|---|---|
| IP addresses, hostnames, ports | reference_approved-ip-addresses.md |
| File paths, write permissions | reference_approved-file-paths.md |
| API endpoints, schema descriptions | reference_bulma-endpoints.md, reference_zepile-endpoints.md |
| Service catalog (what runs where) | reference_z2-service-catalog.md, reference_deployment-status.md |
| Container/infrastructure topology | reference_z2-container-architecture.md, reference_data-architecture.md |
| Bot/agent registry (name → token → channel) | reference_commander-bots.md, reference_telegram-bot-fleet-spec.md |
| Credential locations (not values) | ../audits/04-06-26_phase-1-credentials.md |
| Status snapshots (point-in-time facts) | reference_launchagent-migration-status.md |
| Does NOT belong in reference | Correct home |
|---|---|
| Migration plans, setup procedures | how_to_guides/ |
| Strategy docs, roadmaps | how_to_guides/ (if actionable) or understanding_explanation/ |
| Architecture rationale ("why we chose X") | understanding_explanation/ |
| Specs with implementation steps | how_to_guides/ |
| Research output, analysis | understanding_explanation/ |
Litmus test: if the file answers "how do I…" → how-to. If it answers "why…" → explanation. If it answers "what is the value/address/name of…" → reference.
federation/ structure
Flat directory. Files follow {rank}_{pillar}_{agent}_{type}.md convention. No subdirectories except demoted/ for archived agents. See naming-conventions for the full naming schema.
Auto-accept policy
Commands operating exclusively within permitted paths should be auto-accepted by the delegation gate. The delegation-gate.sh hook validates write targets against this list.
See also: reference_approved-ip-addresses · runtime-workflow