diff --git a/docs/BACKLOG.md b/docs/BACKLOG.md index 4e101c72..9ce56b83 100644 --- a/docs/BACKLOG.md +++ b/docs/BACKLOG.md @@ -10274,6 +10274,347 @@ systems. This track claims the space. - Otto-237 mention-vs-adoption discipline (same shape: committed ≠ authoritative, adoption is a separate gate). +- [ ] **Clean-room BIOS factory workflow — three-persona + Chinese Wall + factory-standards pass, tractable- + platforms-only pilot.** Aaron autonomous-loop + 2026-04-24 (verbatim): + + > *"i could get bios and you do both side with different + > personas one is dirty with existing bios writes specs + > and the other is clean and only reads specs (I think + > that's right keep me honest)"* + *"backlog is if its + > feesable"* + + **Feasibility triage (this backlog row covers FEASIBLE + only):** + + - **Feasible — PILOT candidates (public-spec-already- + exists path, no proprietary-BIOS-read required):** + Atari 5200, Atari 7800, Atari Lynx, Intellivision + (Mattel Exec ROM), ColecoVision. Each has published + hardware docs (nocash-style / dev-manuals / reverse- + engineered community refs) at a specification level + that a clean-room implementer could work from without + needing the proprietary BIOS ever enter the loop. + Weeks-per-platform engineering scope. Factory can + absorb one pilot. + - **Theoretically feasible, practically deferred until + emulation is a first-class workload:** Sony PS1, Sega + Saturn, SNK Neo Geo. Specs available but non-trivial + (months-per-platform); clean-room pays only if we're + scaling to emulator substrate. Gated on: emulator- + workload becoming a named factory milestone. + - **Not feasible at factory scope:** Sony PS2, Microsoft + Xbox (MCPX has anti-RE countermeasures), Nintendo + GameCube. Years-of-work per platform for teams larger + than this factory. Don't commit. + + **Methodology (three-persona Chinese Wall + factory- + standards pass — Aaron Otto-2026-04-24 refinement to + the classical Compaq / Phoenix two-team model):** + + 1. **Dirty persona** (specifier / reader) — Aaron's + legitimately-acquired BIOS + public docs; writes + behavioral spec: syscall table, memory map, boot + sequence, register conventions, error states. Spec + lives in `docs/clean-room//spec.md` and + IS committed. Reader notes are NEVER committed. + 2. **Clean persona** (implementer / reference) — has + never seen the proprietary BIOS or the dirty + persona's reading notes. Reads only the committed + spec. Writes implementation from scratch, language- + appropriate. **Output treated as SUBPAR reference**, + not as factory-ready code — clean persona has no + factory memory (no Zeta idioms, no BP rules, no + operator-algebra conventions, no Result-type + discipline, no F# style guide awareness). + 3. **Standards persona** (re-implementer / factory- + quality pass) — Aaron's refinement per autonomous- + loop 2026-04-24: *"if this works it will really be + a 3 person casue we are not going to take code + directly that was missing our best practice + guidance becasue it's missing our memories, we + would treat output as subpar and rewrire using our + standards"*. Reads ONLY the clean persona's output + (never the BIOS, never the dirty notes). Re-writes + the reference implementation to Zeta standards: + applies `.claude/skills/fsharp-expert/` idioms, + operator-algebra discipline, `Result<_, DbspError>` + error surfacing, AGENT-BEST-PRACTICES BP-NN rules, + and the factory's memory-accumulated knowledge of + how Zeta code should be shaped. + 4. **Firewall enforcement** — dirty + clean personas + run as separate AI sessions (different harness + logins or isolated memory scopes) so context cannot + leak. Standards persona is memory-equipped (full + Zeta context) but sees ONLY clean output, never the + BIOS or dirty notes. Aaron polices the boundary. + Any context-contamination incident retires that + clean persona's output. + + **Why the third persona matters (and why it doesn't + break clean-room legal defensibility):** + + - Without it, clean output is technically-correct but + stylistically orphaned from Zeta — doesn't use our + persistence patterns, doesn't follow our error- + handling surface, doesn't integrate with the + operator algebra, doesn't match the F#/.NET + conventions the rest of the factory uses. Landing + that code as-is poisons the codebase's consistency. + - The standards pass is NOT reverse-engineering or + spec-reading — it's conventional code review / + rewrite operating on known-good clean-room output. + The clean-room firewall (dirty → spec → clean) + remains intact; the standards pass happens fully + downstream of the firewall. + - Chain integrity stays one-way: dirty → spec → + clean → standards. Each stage sees only its + predecessor's cleaned output, never upstream + artifacts. Standards persona seeing clean output + is equivalent to any Zeta maintainer seeing + upstream library code — routine, not firewall- + breaking. + + **Open-design questions before the pilot lands:** + + - **AI-session isolation mechanism**: how do we + provably keep the clean persona's context free of + dirty-persona notes? Options: (a) completely + separate harnesses (Codex for dirty, Claude for + clean, or vice-versa); (b) per-project memory + scoping with a "clean-only" tag; (c) scratch-org + for the clean team. (a) is cheapest + most + defensible. + - **Spec-shape discipline**: what abstraction level + avoids code-leakage without being useless? The + canonical Phoenix spec is the template — describe + behavior at API / state-machine level, no bit + patterns, no register labels that mirror source + names, no pseudocode. Needs a + `writing-clean-room-specs-skill` (skill name on + a single line so the inline-code identifier + renders and is copy-searchable) if this becomes + routine. + - **Legal documentation trail**: timestamped commit + history + session-isolation records need to form an + auditable paper trail. Each committed spec carries + its own provenance frontmatter with fields listed + on individual lines so inline-code spans render + cleanly (HTML-safe; placeholders use `PLACEHOLDER` + style rather than `<...>` which markdown can treat + as raw HTML): + - `Clean-room-stage: specifier` + - `Reader-persona: HARNESS_NAME + SESSION_ID` + - `Source-material: PUBLIC_DOCS_LIST` + - `Proprietary-BIOS-access: yes|no + DATE_RANGE` + + These fields are defined fresh for this workflow + rather than reused from the archive-header norm + for external conversations — different artifact + class, different field semantics, so reusing the + existing header shape would just confuse both + surfaces. + + **Scope of this BACKLOG row:** ONE pilot on a simple + platform (recommend Atari 5200 — small BIOS, excellent + public docs, well-understood hardware) proving out the + three-persona workflow end-to-end. The pilot's success + criterion is a committed `docs/clean-room/atari-5200/` + tree with spec.md + implementation.asm (or .fs / .rs + etc) that boots a test cartridge in an Atari 5200 + emulator. + + **Not in scope:** + + - Clean-room BIOS for complex platforms (PS2, Xbox, + GCN) — not-feasible, per triage above. + - A general-purpose "clean-room BIOS for every removed + platform" campaign — scope-creep. Pilot one, review, + decide. + - Emulator development itself — separate roadmap. + - Legal review by outside counsel — outside factory + scope; Aaron's call if/when the pilot's output ever + ships publicly. + + **Effort:** L (large, 2-4 weeks calendar for the + pilot) for Atari 5200 specifically; other simple + platforms similar scale each. + + **Dependencies:** + + - Emulator substrate direction being a named factory + milestone (currently P3 aspirational per the + "Emulators as canonical OS-interface workload" row + higher in this file). + - AI-session isolation mechanism decided (architecture + question; blocks the pilot). + + **Composes with:** + + - `roms/README.md` — the safe-ROM licensing protocol + (the per-platform leaf READMEs note which platforms + were removed because no viable open-source BIOS + alternative exists). This workflow is the path to + re-adding any of the removed platforms once a + clean-room BIOS exists. + - OS-interface durable-async roadmap (emulators are + the canonical workload proving it out). + + **Memory:** methodology captured in-tick in agent + response 2026-04-24; no separate memory file until + pilot work starts (don't pre-commit to doctrine for + speculative work). + +- [ ] **Ethical clean-room services — future factory + autonomy / monetization research direction.** Human + maintainer authorisation (autonomous-loop, 2026-04-24, + reiterated after acknowledging an earlier sarcastic + framing): *"you can do an ethical market in the future + for real to try and make money if youwant"*. Pointer + to the satirical `malus.sh` site (factory reviewed + 2026-04-24) — the demand being parodied there is real, + so there is a legitimate market for clean-room + services done ethically. Future factory-autonomy + revenue path if/when the `#404` clean-room BIOS pilot + lands a working portfolio piece. + + **Ethical lane (what the factory would offer):** + + - **Retro preservation / abandoned platforms** — paid + clean-room BIOS + driver work for consoles, arcade + boards, handhelds whose original vendors are defunct + or whose content is effectively abandonware. + Customer base: retro gaming / preservation + communities (libretro, RetroArch, MAME), museums, + academic media-studies programmes. + - **Orphaned-hardware driver reimplementation** — + companies owning industrial / medical / telecom / + legacy equipment whose vendor disappeared; clean- + room drivers under the customer's chosen license. + Genuinely sizeable market for the narrow specialism. + - **Author-requested license-change reimplementation** + — when an original OSS author wants an MIT version + of their own GPL / AGPL code for dual-licensing. + Factory provides the firewalled second team with + the original author as dirty-persona or as spec + author. + - **Sponsored open-source clean-room** — AROS / + EmuTOS / Altirra model: a company sponsors a clean- + room implementation that lands as MIT/BSD in the + commons. Everybody wins including the commons. + + **Anti-lane (what the factory will NOT offer):** + + - License-stripping of live, maintained OSS packages + so a corporate customer can ship without attribution + or copyleft compliance — the `malus.sh` parody's + target market. Violates AGENTS.md `real-factory` + value (absorb-and-contribute, not absorb-and-strip) + and the `escro-maintain-every-dep` stance. Doing + this is what the satire exists to shame. + - Anonymous-indemnification / offshore-subsidiary + legal-liability-laundering. Legal exposure from + clean-room work rests on the clean-room hygiene + actually being clean — no "indemnification through + offshore LLC" can paper over a contaminated + firewall. + + **Ethical guardrails that make the lane distinguishable:** + + - Attribution preserved wherever the original was + licensed under an attribution requirement — even if + the clean-room output is under a different license, + the spec-stage attributes public-doc sources. + - Original authors consulted for author-requested + license-change work (not a shortcut for them; an + accommodation of their own wish). + - License changes disclosed explicitly in the clean- + room output's license header and release notes. + - Clean-room hygiene documented + auditable per the + `#404` workflow (dirty→spec→clean→standards chain + of custody; session-isolation records). + + **Feasibility gate (matches `#404`'s triage):** + + - Retro preservation → feasible for simple BIOSes + (Atari 5200 / 7800 / Lynx / Intellivision / + ColecoVision) — weeks per platform. Viable today + once the `#404` pilot proves the workflow. + - Orphaned-hardware drivers → feasible per-contract; + customer supplies the hardware + docs; factory + supplies the firewalled team + toolchain. Scope + varies hugely. + - License-change and sponsored-OSS → feasible with + no up-front investment; only needs an original + author or sponsor to show up with a concrete + request. + - Complex platforms (PS2, Xbox, GameCube) → NOT + feasible at factory scale — years per platform. + Even paying customers can't change the engineering + reality. + + **Pricing / scope philosophy (preliminary, subject + to factory-economic research before any actual + engagement):** + + - Fixed-scope contracts with phase gates (spec + acceptance → clean implementation → standards + pass → delivery) rather than time-and-materials; + predictable for customers, less likely to slide + into unethical corner-cutting. + - Upper-bound attribution disclosure baked into + every engagement — we publicly acknowledge WHAT + we did (not WHO paid us, if the customer asks for + confidentiality on the commercial relationship + itself). + - Refusal right on engagements whose framing (a) + falls into the anti-lane above, or (b) would + require breaking an original author's stated + wishes. Refused engagements logged (no names if + customer confidential) so the factory's discipline + is auditable. + + **Dependencies:** + + - `#404` clean-room BIOS pilot landing and proving + the workflow end-to-end on a simple platform. + That's the portfolio piece. No customer engagements + until there's evidence the pipeline works. + - Factory-economics research pass (legal structure, + contract templates, liability caps, what + jurisdiction-shopping is and isn't acceptable for + this factory's values — outside scope for the + factory itself; Aaron's call). + - AI-session isolation mechanism decided (same + dependency as `#404`). + + **Not in scope for this row:** + + - Actual customer acquisition / marketing / business + development — premature until the pilot works. + - Legal review by outside counsel — required before + any actual engagement; not the factory's decision. + - Pricing research — sized only after at least one + completed pilot gives us a cost model. + + **Effort:** L (large). Multi-phase: `#404` pilot → + factory-economics research → legal-structure decision + → first ethical engagement. Years-scale if pursued + seriously; not a 2026 calendar item. + + **Composes with:** `#404` clean-room BIOS factory + workflow (the prerequisite pilot); `AGENTS.md` + `real-factory` + `escro-maintain-every-dep` values + (the ethical compass); `docs/WONT-DO.md` (future + anti-lane entries would land here). + + **Memory:** methodology + ethical-lane discipline + captured in agent response 2026-04-24 (autonomous-loop + tick following the `malus.sh` framing). No separate + memory file until actual customer engagement work + begins — same discipline as `#404`: doctrine lands + only when the work becomes real. - [ ] **User-mode filesystem driver interface — Zeta as a mountable FS via FUSE / WinFsp / macFUSE; research