An agentic operating system that turns plain markdown into a running life-and-work assistant across every AI tool I use — Claude Code, Cursor, and Codex. It is deliberately small and legible, and security-first: the goal was never more automation, but trustworthy automation.
The Concept
Plain markdown is the source of truth. A scheduler wakes lightweight agents on a cadence, a shared knowledge graph gives every tool the same memory, and a library of reusable "skills" encodes repeatable workflows. Nothing is a black box — every action traces back to a file a human can read.
How It's Structured
- Source of truth: human-readable markdown, versioned in git.
- Scheduler: time-based agents for briefs, reminders, and maintenance.
- Shared memory: a knowledge graph queried by all connected AI tools.
- Skills & commands: composable, inspectable workflows.
Security & Safety by Design
This is the part I care about most — the design is built around the assumption that agents will be wrong and inputs will be hostile.
- Least privilege: agents run inside a locked tool allowlist; destructive or ambiguous steps pause for explicit human approval.
- Untrusted input is hostile: anything from mail, the web, or documents is wrapped, normalized, and never treated as an instruction — injection attempts are quarantined.
- Guarded writes: every mutation goes through a validated, path-restricted writer with atomic, no-follow semantics — no raw file access.
- Auditability: each entry carries an evidence chain — who wrote it, from what source, and why.
Stack
Python · Bash · MCP · Knowledge graph · Claude Code / Cursor / Codex