ontoref/README.md

<p align="center">
  <img src="assets/ontoref-logo.svg" alt="ontoref" width="320" />
</p>

<br>

**ontoref** is a protocol specification and tooling layer for structured self-knowledge in
software projects. It provides schemas, Nushell automation, and Rust crates so that projects
can describe what they are, record architectural decisions, track operational state, and
execute formalized procedures — all as typed, queryable artifacts.

---

## Axioms

| Axiom | Meaning |
| --- | --- |
| **Protocol, Not Runtime** | Never a runtime dependency. Projects adopt the protocol; ontoref provides the schemas and modules to do so. |
| **Self-Describing** | Consumes its own protocol: `.ontology/`, `adrs/`, `reflection/` in this repo ARE ontoref running against itself. |
| **No Enforcement** | ontoref defines contracts. There is no enforcement mechanism. Coherence is voluntary and emerges from justified adoption. |
| **DAG-Formalized Knowledge** | Concepts, tensions, decisions, state — encoded as DAGs. Enables transversal queries and impact analysis. |

## Layers

```text
ontology/          Protocol specification — Nickel schemas for nodes, edges, ADRs, state, gates
adrs/              Architecture Decision Records — typed NCL with constraints and ontology checks
reflection/        Operational tooling — Nushell modules, DAG modes, forms, and schemas
crates/            Rust implementation — typed struct loaders and mode executors
.ontology/         Self-description — ontoref's own ontology, state, gate, and manifest
```

## Crates

| Crate | Purpose |
| --- | --- |
| `ontoref-ontology` | `.ontology/` NCL → typed Rust structs: Node, Edge, Dimension, Gate, Membrane. `Node` carries `artifact_paths` and `adrs` (`Vec<String>`, both `serde(default)`). Graph traversal, invariant queries. Zero deps. |
| `ontoref-reflection` | NCL DAG contract executor: ADR lifecycle, step dep resolution, config seal. `stratum-graph` + `stratum-state` required. |
| `ontoref-daemon` | HTTP UI (10 pages), actor registry, notification barrier, MCP (21 tools), search engine, search bookmarks, SurrealDB, NCL export cache. |

`ontoref-daemon` caches `nickel export` results (keyed by path + mtime), reducing full sync
scans from ~2m42s to <30s. The daemon is always optional — every module falls back to direct
subprocess when unavailable.

### Daemon Capabilities

**Unified Auth Model** — all surfaces (CLI, UI, MCP) exchange a key for a UUID v4 session token
via `POST /sessions`. Token lifetime: 30 days, O(1) lookup. Project keys carry `role`
(admin|viewer) and `label` for audit trail. Daemon-level admin via `ONTOREF_ADMIN_TOKEN_FILE`.
`GET /sessions` and `DELETE /sessions/{id}` for session visibility and revocation. Key rotation
invalidates all sessions for the rotated project. CLI injects `ONTOREF_TOKEN` as Bearer
automatically.

**Q&A Knowledge Store** — accumulated Q&A entries persist to `reflection/qa.ncl` (typed NCL,
git-versioned). Not localStorage. Any actor — developer, agent, CI — reads the same store.

**MCP Server** — 21 tools over stdio and streamable-HTTP. Categories: nodes, ADRs, modes,
backlog, Q&A, sessions, search, bookmarks, notifications. Representative subset:

| Tool | What it does |
| --- | --- |
| `ontoref_qa_list` | List Q&A entries with optional filter |
| `ontoref_qa_add` | Append a new Q&A entry to `reflection/qa.ncl` |
| `ontoref_action_list` | List all quick actions from `.ontoref/config.ncl` |
| `ontoref_action_add` | Create a reflection mode + register it as a quick action |
| `ontoref_backlog_list` | List backlog items |
| `ontoref_backlog_add` | Add a backlog item |
| `ontoref_describe` | Describe project ontology and constraints |
| `ontoref_sync_scan` | Scan for ontology drift |

**Search Bookmarks** — search results persist to `reflection/search_bookmarks.ncl` (typed NCL,
`BookmarkEntry` schema). Same atomic-write pattern as Q&A. IDs are sequential `sb-NNN`.
Concurrency-safe via `NclWriteLock`. Add and remove from the daemon search UI.

**Personal Ontology Schemas** — `ontology/schemas/career.ncl`, `personal.ncl`, `project-card.ncl`
provide typed contract layers for career and content artifacts (Skills, WorkExperience, Talks,
Content lifecycle, Opportunities, PublicationCards). All types carry `linked_nodes` referencing
core ontology node IDs — bridging career artifacts into the DAG. Five content/career reflection
modes (`draft-application`, `draft-email`, `generate-article`, `update-cv`, `write-cfp`) query
these schemas to ground output in declared project artifacts rather than free-form prose.

**ADR–Node Linkage** — nodes declare which ADRs validate them via `adrs: Array String`.
`describe` surfaces a **Validated by** section per node (CLI and `--fmt md`). The graph UI
renders each ADR as a clickable link that opens the full ADR content in a modal via
`GET /api/adr/{id}`.

**Passive Drift Observation** — background file watcher that detects divergence between Yang
code artifacts and Yin ontology. Watches `crates/`, `.ontology/`, `adrs/`, `reflection/modes/`.
After a 15s debounce runs `sync scan + sync diff`; emits an `ontology_drift` notification when
MISSING/STALE/DRIFT/BROKEN items are found. Never applies changes — `apply` is always deliberate.

**Quick Actions** — runnable shortcuts over reflection modes, configured as `quick_actions` in
`.ontoref/config.ncl`. Accessible from HTTP (`/actions`), CLI (`ontoref`), and MCP
(`ontoref_action_list/add`).

## Install

```sh
just install-daemon        # build + install binary, bootstrapper, CLI, UI assets, config skeleton
ontoref config-edit        # browser form → ~/.config/ontoref/config.ncl
ontoref-daemon-boot        # NCL pipe bootstrap: nickel export config.ncl | daemon --config-stdin
ontoref-daemon-boot --dry-run   # preview composed JSON without starting
```

Installed layout (`~/.local/bin/`):

| Binary | Role |
| --- | --- |
| `ontoref` | Global CLI dispatcher — all reflection modes, ADR lifecycle, daemon control |
| `ontoref-daemon` | Bootstrapper (public entrypoint) — validates config via Nickel, pipes JSON to binary |
| `ontoref-daemon.bin` | Compiled Rust binary — never called directly |

Global config at `~/.config/ontoref/config.ncl` (type-checked Nickel). Global NATS stream topology at
`~/.config/ontoref/streams.json`. Project-local topology override via `nats/streams.json` +
`nats_events.streams_config` in `.ontoref/config.ncl`.

## Onboarding a project

```sh
cd /path/to/my-project
ontoref setup                          # idempotent; kind: Service by default
ontoref setup --kind Library           # Library | DevWorkspace | PublishedCrate | AgentResource | Mixed
ontoref setup --parent /path/to/fw     # implementation child: adds framework layer + browse mode
ontoref setup --gen-keys ["admin:dev" "viewer:ci"]   # bootstrap auth keys (no-op if keys already exist)
```

`ontoref setup` creates `.ontoref/project.ncl`, `.ontoref/config.ncl` (with logo auto-detection),
`.ontology/` scaffold, `adrs/`, `reflection/modes/`, `backlog.ncl`, `qa.ncl`, git hooks, and
registers the project in `~/.config/ontoref/projects.ncl`.

For existing projects that predate `setup`, the adoption mode is still available:

```sh
ontoref --actor developer adopt_ontoref
```

`ONTOREF_PROJECT_ROOT` is set by the consumer wrapper — one ontoref checkout serves multiple projects.

## Prerequisites

- [Nushell](https://www.nushell.sh/) >= 0.110.0
- [Nickel](https://nickel-lang.org/) (for schema evaluation)
- Rust toolchain (for building crates)
- [Just](https://just.systems/) (for CI recipes)

To build `ontoref-daemon` and `ontoref-reflection` with NATS/SurrealDB support, the
stratumiops repo must be checked out at `../../../stratumiops`. Without it, build without
default features:

```sh
cargo build -p ontoref-daemon --no-default-features
cargo build -p ontoref-ontology   # always standalone
```

## Development

```sh
cargo check-all                              # check all targets + features
cargo test-all                               # run full test suite
just ci-lint                                 # clippy + TOML + Nickel + Markdown
just ci-full                                 # all CI checks
nu --ide-check 50 reflection/modules/<file>.nu  # validate a Nushell module
./ontoref --actor developer <mode>           # run a reflection mode
```

## License

MIT OR Apache-2.0