Sharpe Brain OS

Canon

Read-only — mutations only through structured review

Domains (6)

CareerStrategy, stakeholder mapping, power mapping, CEO path

active

FamilyHome, relationships, obligations, household operations

active

FinanceCapital allocation, investing discipline, scenario modeling

active

PersonalPlanning, thought, reflection, personal development

active

SCCWork, control board, governance, partner operations

active

VentureIP, licensing, public surfaces, product company logic

active

Rules (20)

ai-assistive-onlylockedcritical

AI is assistive only. AI may advise, summarize, score, draft, and recommend. AI may never autonomously mutate canon, approve decisions, or execute writes without human approval.

audit-mandatorylockedcritical

Every governed mutation must emit an audit event with actor, action, target, and before/after metadata. Audit records are append-only.

canon-mutation-lockedlockedcritical

Canon changes only through explicit structured review and ledger write. Never from a chat reply, a note, a connector sync, or an AI suggestion.

consistent-response-shapelockedstandard

All API endpoints return { ok: boolean, data?: any, error?: string }. Failures return appropriate HTTP status codes with clear error messages.

controlled-transitionslockedhigh

State transitions on governed objects must follow an explicit allowed-transition map. Invalid transitions are rejected with a clear error.

cross-domain-read-allowedlockedstandard

Cross-domain visibility is allowed. The brain may surface signals across domains.

cross-domain-write-deniedlockedhigh

Cross-domain mutation is denied by default. No domain may write to another domain's state without explicit approval.

db-structured-truth-onlylockedhigh

Database is for structured truth only. Files, PDFs, screenshots, transcripts, and analytics dumps go to Blob Storage.

decisions-edit-draft-onlylockedstandard

Only unlocked (draft) decisions may be edited. Edit is limited to title, decisionText, and context fields.

decisions-lock-one-waylockedhigh

Decision lock is one-way. Locked decisions cannot be edited or unlocked. There is no unlock path.

domain-validationlockedhigh

Every governed object must have a domainKey validated against canon.domains at creation time. Unregistered domains are rejected.

external-integration-boundarylockedhigh

External systems are integration boundaries only. They emit signals. They do not hold write authority over internal canon.

finance-isolated-serverlockedhigh

Finance data lives on a separate database server. No finance automation until finance policy is locked in canon.

focus-lifecyclelockedstandard

Focus items follow a three-state lifecycle: active, paused, completed. Completed is terminal — no transitions out, no edits.

focus-priority-valueslockedstandard

Focus item priority is constrained to: low, medium, high. Default is medium.

loops-lifecyclelockedstandard

Open loops follow a two-state lifecycle: open and closed. Transitions are bidirectional (open↔closed). Both directions are allowed.

no-delete-governed-objectslockedhigh

Governed objects cannot be deleted. Terminal states (closed, locked, completed) are the end of the lifecycle.

no-public-private-mixinglockedcritical

No public page may share runtime, secrets, or direct data access with the private brain. Public surfaces are separate deployments.

root-authoritylockedcritical

Personal Microsoft tenant under sharpescommandcenter.com is the root authority. No outside SSO may become root.

single-write-authoritylockedcritical

Single-write authority per domain. No parallel write paths allowed. If two systems can write the same object, one is wrong.