Raw data stays behind explicit access boundaries. Most humans never read these directly. Agents are the only readers; they synthesize PII-free, sanitized context into the world model.
Contacts, leads, deals, sales pipeline, account data.
Agent-only · live APISprint stats, dev tickets.
Agent-only · live APIOfficial product docs, shipped feature documentation.
All-org read · external-ownedProduct landscape, relationships, 200+ product records.
All-org read · non-sensitiveCustomer servers, configs, setup state, fleet list.
Agent-only · ops-team adminInterviews, usability studies, surveys, insights library.
Design + agents · PII-clearedMeeting recordings, anytime, any format.
Agent-only · parser-onlyUsage telemetry, feature adoption rates.
Agent-only · plannedSupport tickets, issue patterns.
Agent-only · CS adminsHR, IT, legal, compliance docs.
Agent-only · reference-onlyknowledge-standardsShared primitives — metadata schema, tagging taxonomy, writing standards, agent configs, memory layer schema, playbooks. Versioned, distributed via submodule. Tier 1 branch protection — all changes require PR + review. Acts as the contract that prevents garbage-in, garbage-out across the system.
Top-down strategic direction. Highest-authority input to the system — sets the frame all other layers operate within.
Feeds world model · readable by agents
Isolated · never enters shared state
CEO published intent becomes highest-priority context in the world model — agents weight it above bottom-up signals.
world-modelThis is what people actually access. Synthesized, PII-free context produced by agents from restricted data sets. No raw customer data, no ticket PII, no individual names from transcripts — only patterns, counts, themes, and decisions. Fed by agents (bottom-up) and CEO intent (top-down). Tier 1 branch protection.
current-state.md — active priorities, open questions, what changed this sprintactive-dris.md — who owns what problem, time-boxed with expirydecisions-log.md — cross-org decisions mirrored from all vaultsblockers.md — what is stuck, severity-ratedproduct-health/ — one file per product: status, blockers, milestonesStructured working memory for agents. A scratchpad of current state, evolving facts, lessons, and decision history. Records have types, metadata, and decay rules. Not a vault — a cognitive substrate.
Current truth — what's the situation right now.
Decays in 30d without reinforcement.
Historical truth — patterns/insights that persist indefinitely.
No decay.
Specific choice with rationale; supersedable, forms a chain.
No decay; supersedable.
Something that happened; immutable historical record.
Immutable.
created_at · valid_from / valid_until · confidence · importance · reinforcement_count · last_reinforced_at · superseded_by · tags
Recency heavy · tag-match heavy · confidence heavy. Superseded records killed, never surfaced.
Importance heavy · tag-match heavy · recency ~0. Old lessons just as valid as new.
Importance + tag match. Returns current + full supersession chain so the agent sees evolution.
Tag-match heavy · importance · recency ignored. Founding event from 5 years ago = yesterday's event.
Read from data set vaults (per access grant). Write to world model and memory layer. Each agent has an explicit data-set access list.
Where work-in-progress lives. Agents extract knowledge upward; teams write here; agents synthesize to world model. Tier 2 branch protection — force pushes and deletions blocked, direct commits to main allowed.
Decisions, work tracking, research, design files.
ActiveRoadmaps, requirements, metrics, decisions.
ActiveADRs, runbooks, system specs, on-call.
PlannedCustomer health, escalations, playbooks.
PlannedSensitive and scratch content. Never flows into shared state. Cryptographically isolated by design.
Team, sensitive, hiring, org strategy, career.
Working notes, drafts, career, daily notes.
Design · PM · Engineering · Customer Success · Leadership · New hires.
Intelligence delivered — no more asking someone for context. Read the world model directly. Get current state without asking anyone. Agents read the memory layer for evolving context. daily-briefing delivers a compiled view each morning.
What makes this an architected intelligence platform, not a knowledge base.
Most humans never read raw data set vaults; agents are the controlled intermediary. They read raw data (PII, operational details, verbatim transcripts) and synthesize sanitized, anonymized outputs into the world model. A support ticket with a customer name becomes "ticket category frequency count" — the person reading the world model never sees raw data they shouldn't have access to.
Each data set vault has an explicit consumer list defining which agents and which human roles (if any) can read it.
Personal vaults are cryptographically edge nodes. Content never enters shared state, world model, or memory layer. No agent reads personal vaults.
Data set vaults are read-only to agents. Agents can write to: world model (synthesis), memory layer (working state), team vaults (outputs). They cannot modify source data. World model is append-only for agents.
Memory records inherit the access scope of the data set they were derived from. A memory tagged "hubspot" is only surfaced to agents with HubSpot access. Cross-dataset memories require explicit dual-access.
Decayed or superseded records are archived, not deleted. Full audit trail preserved. Archived records remain queryable via explicit archive search but are excluded from normal retrieval.
When a decision supersedes another, the full chain is preserved. Agents see the evolution: current decision plus what it replaced and why. No decision is silently overwritten. Rationale persists.
State records automatically lose confidence. If no agent or human reinforces a fact within 30 days, it degrades toward archive. This prevents the system from asserting outdated information as current truth.
knowledge-standards defines the schema all data must conform to. Any record without valid metadata is rejected. Tags must come from the approved taxonomy. Prevents garbage-in, garbage-out.
The CEO vault has two cryptographically separate zones. The published intent zone is readable by the world-model-maintainer agent only — it writes CEO priorities into current-state.md. The private zone is fully isolated: board prep, M&A, personnel, and compensation never enter any shared layer. Publishing is an explicit, deliberate act by the CEO.
CEO decisions in the published zone carry a system-wide authority flag. When a CEO decision conflicts with a team-level decision, agents surface both but mark the CEO decision as authoritative. Team decisions are not silently overwritten — they are flagged as potentially superseded, requiring the team to acknowledge the CEO direction.
Two protection tiers enforced via GitHub Rulesets. Tier 1 (world model + knowledge standards): restrict deletions, restrict force pushes, require pull request with 1 approval before any merge to main. Tier 2 (team vaults): restrict deletions and block force pushes — direct push allowed to keep daily workflows fast. Personal vaults: no branch protection, owner-only repos.