A curated, versioned convention layer for engineering teams.

• kind: git repo of vetted markdown + rules + skills
• runtime: none — pure content, zero install
• consumer: the IDE's own agent (Cursor, Codex, Claude Code, VS Code)
• activation: glob-triggered rules + description-matched skills
• distribution: ak-copy.sh drops artifacts into each project
• audit surface: git commits — every standard change is reviewable
• center of gravity: curated depth in the engineer's workflow

Philosophy: the IDE already has excellent primitives. Don't reinvent them. Add the conventions that are missing.

A persistent runtime layer that any agent can plug into.

• kind: daemon + MCP server + SQLite+vec + role registry
• runtime: Python + systemd user unit; stdio + HTTP MCP transports
• consumer: any agent that speaks MCP — Claude, Codex, Gemini, Cursor, web chats, bots
• activation: bootstrap() per session + semantic role/skill match
• distribution: one install per host; adapters generate per-agent context
• audit surface: session reports + compliance scorecard + tool telemetry
• center of gravity: persistent state across sessions, agents, domains

Philosophy: the agent is the new runtime. Give it memory, roles, and a bridge so it can compound across sessions and providers.

Craftsmanship. Every artifact is written by someone who knows the domain, reviewed in a PR, and kept versioned. That is hard to replicate with generated content.

Plumbing. Memory, bridge, roles, bootstrap. Infrastructure that any agent or domain can sit on top of, without needing to re-author content per scope.

Why it is a strong choice:

• the IDE's index is already excellent, fresh, and sandboxed
• no separate service to run, secure, or keep in sync
• no hallucination risk from a lossy semantic layer
• code never leaves the dev machine or IDE boundary
• grep + LSP + IDE AST is strictly more precise than embeddings for code

The tradeoff: the index is scoped to the IDE session — an agent outside the IDE (or an orchestrator sub-task) cannot query it.

Why it is a different strong choice:

• reachable from any MCP-speaking agent — inside or outside an IDE
• one index per host, shared across projects, sessions, and providers
• coexists with the IDE's native index rather than replacing it
• exposes primitive operations (search / route / read_header) — the agent does the reasoning

The tradeoff: a separate index to maintain; a semantic layer adds a failure mode the IDE doesn't have; needs explicit freshness strategy.

"Is the invoice-retry feature in development?"

Should the answer come from engineering (kernel path, human in the loop, accurate) or from an agent querying the index (faster, but grounded in what?). Both answers have merit.

Auto-draft a pitch deck grounded in the actual API.

If the only indexer is inside the IDE, this workflow can't exist. Is that a constraint we accept, or a problem to solve?

Launch post before the PM writeup lands.

Is "wait for the PM" a feature (quality control) or a bottleneck (time-to-market)?

Markdown is protocol-agnostic. Any future agent that reads files still consumes the kernel. Zero migration cost. This is a real durability property.

Transport is pluggable — stdio and HTTP already dual-shipped. New protocol = new adapter. Cost: one adapter per wave.

Bigger context = the model loads more of the kernel per session. The kernel benefits without changing anything. Passive compounding.

Persistent memory + principles compound with reasoning-heavy models. The state layer gives smarter agents a frame. Active compounding.

The IDE agent is the one taking action; the kernel tells it what policies to honor. Auditability is in the IDE's workflow (commits, reviews). Clean separation of concerns.

Action tools + keyring + compliance scorecard give non-IDE agents a policy frame and audit trail. Covers consumers the IDE doesn't reach.

The Java 2026 rules (rules/java.mdc) are 16 KB of real operational knowledge — Virtual Threads, Structured Concurrency, Loom over Reactive. This is craftsmanship, not prompt engineering.

**/*.java → java.mdc is zero-effort, instant, and correct. Glob-triggered rules are elegant — they require nothing from the agent except loading the file.

A markdown repo works in any environment, today and in ten years. No daemon, no DB, no migration path. Adoptable in regulated or air-gapped contexts without negotiation.

Every standard change is a commit. Reviewable. Revertable. Teachable. An auditor can answer "what was our Java policy on 2026-03-01" by reading git log. Hard to beat.

The severity-ordered output in java-review / ux-review is product design applied to agent output. Crisp. Scannable. Actionable.

Delegates to the IDE's own index, LSP, AST. Doesn't reinvent what works. This is a mature architectural choice — harder than it looks.

Gotchas, decisions, architecture notes — survive across agent restarts, provider changes, and new sessions. Dedup + supersedes + confidence scoring make it trustworthy over time.

One prompt routes to claude / gemini / codex / local based on capability. Zero API keys — uses the user's installed CLIs. Future model drops in as another bridge.

56 expert roles — not just engineering. Designed as primitives so a marketing task and a code task use the same invocation shape.

Behavioral contract, neurotype, format preferences, principles — bootstrap once, every session starts with the user's brain modeled in.

person_lens adapts tone and content to a specific recipient. Communication is a first-class problem, not a prompt-crafting afterthought.

Session reports, tool performance, compliance scorecard. Agent behavior is measurable — which is the foundation for improving it.

Where does the IDE's index stop being the right answer and a reachable index start being necessary? Is there a clean boundary, or is it per-use-case?

If cortex stays, what guardrails would make it acceptable to you — citation requirements, freshness SLA, confidence thresholds, no-answer-when-uncertain?

Does markdown stay the source of truth for standards? If yes, we keep the kernel repo as the authoring frontend. If no, what replaces it?

Do we want non-engineering roles to have agent partners at all? If yes, what's the minimum viable content? If no, let's say so clearly.

Kernel's YAML frontmatter (name / description / relevant_when) vs okuro's canon shape. Should canon adopt yours as the public format? I lean yes.

Glob-triggered passive rules are a property okuro does not have. Worth adding to canon? Your call — you designed the mechanism.

The severity-ordered output format in java-review is excellent. Should it become a canon skill template that other reviews inherit?

How do we support teams that cannot run a daemon or DB? A stateless CLI emit mode from canon would let those teams consume okuro content without installing okuro.

Zero-key LLM routing through your own CLIs.

Okuro owns no API keys. bridge_invoke() routes every prompt to an installed CLI subprocess (claude, gemini, codex, cursor) with a capability-aware routing table. Local inference via tm-inference is an optional accelerator, never a dependency.

One call delivers the full session packet.

Profile, principles, conventions, project state, relevant memories, tech stack, progress, and role catalogue — budgeted to ~13k tokens. Provider-native instruction files (~/.claude/CLAUDE.md, ~/.gemini/GEMINI.md, ~/.codex/instructions.md) are generated automatically, so every agent lands with the same context shape.

Cross-agent persistent learnings.

Topic-tagged writes — gotcha / convention / decision / learning / architecture — stored once, read by every future session across every provider. Semantic retrieval via sqlite-vec. A gotcha Claude discovers at 10am is visible to Codex at 10:05.

A codebase index built for agents.

Semantic search, literal-regex cortex_search_code, file routing ("where does X live?"), header-first reads, section reads. Replaces blind grep/glob/full-file reads. Indexes run as a sidecar; agents hit the index, not the disk.

Every session leaves a trace.

Per-project progress log with summary → files → next-steps. Session compliance scoring tracks which tools were used and which mandatory checkpoints were hit. Tool telemetry feeds compliance_scorecard() — provider-vs-provider behavior over time.

Capture the half-formed, surface the forgotten.

capture_thought parks ideas, observations, and questions without forcing structure. daily_digest resurfaces unresolved threads you'd otherwise lose. Full todo CRUD with status runs alongside — same store, different intent.

ADHD-aware, cascade by default.

set_reminder respects your active-hours windows. Snooze defaults to 15 minutes for the AuDHD profile. The system proposes reminders from observed patterns — you accept_suggestion or reject_suggestion, no silent auto-creation.

Communication guidance per human.

person_lens returns tone, formality, and prior-interaction hints for the specific person the agent is drafting to. person_match resolves "the frontend lead in Zurich" to a record. CRUD rounds it out.

56 roles across 11 domains, self-maintaining.

roles_match(task) picks the best expert for the job. Roles carry learnings (roles_knowledge) and refresh on a schedule — weekly / biweekly / monthly — so domain knowledge never ages silently. roles_maintenance exposes which roles are overdue.

Single-source secrets.

Every credential lives in okuro.keyring. Get, set, list, delete — no .env files, no hardcoded tokens, no creds in git history. Agents call keyring_get(name) and never see the value outside the process.

Machine state without shelling out.

GPU (sysinfo_gpu_status), storage, docker, free-port scanning, service health, and a combined sysinfo_system_overview. Replaces nvidia-smi, df -h, docker ps, curl localhost — with structured output an agent can reason about.

Registry of tools and skills.

canon_list_tools / canon_list_skills expose the callable ground truth. canon_validate checks consistency — a skill that points at a missing tool fails here, not at runtime.

Approved choices, proposals, lint.

Per-project stack profiles (e.g., okuro-web-prod) list approved layers — language, framework, db, ops. stack_match(need) checks before install. New choices go through stack_propose → stack_decide_proposal. stack_lint_profile catches drift.

External input, replayable.

ingress_ingest accepts input from outside channels (webhooks, voice, files). The inbox queue (inbox_list, inbox_replay) lets agents process new items idempotently and replay history when logic changes.

Cognition as a first-class config.

13 working principles (DP01–DP09, SYS-*) govern agent behavior. The cognitive profile — neurotype, pet peeves, format preferences, active hours — drives UI adaptations (hierarchy, whitespace, action language) and appears verbatim in every bootstrap packet. One source of truth for "how this human prefers to work."