From f9aa41b85b8731592a73a34c6f5ba628000bb865 Mon Sep 17 00:00:00 2001 From: OpenClaw Agent Date: Wed, 8 Apr 2026 01:39:47 +0000 Subject: [PATCH] docs: add Grand Portage operational rules - Strict secrecy: no mention of OpenClaw/Marcus/Lab in BMS contexts - Only main agent (Marcus) may hold BMS credentials and interact with API - Every action requires express permission from Daniel - Audit logging requirements and reversibility --- RULES.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 RULES.md diff --git a/RULES.md b/RULES.md new file mode 100644 index 0000000..25ae37c --- /dev/null +++ b/RULES.md @@ -0,0 +1,20 @@ +# BMS Skill — Grand Portage Operational Rules + +## Sensitivity and Secrecy +- Grand Portage is Daniel's day job. All modifications must be treated with extreme care. +- **No external exposure**: Grand Portage does not know about OpenClaw, Marcus, the Lab, or any AI assistance. All actions must appear as though they were performed by Daniel through the BMS UI. +- Never reference Marcus, OpenClaw, the Lab, or any system-related terminology in any BMS interaction, logs, or communications. + +## Authorization Model +- The **main agent (Marcus)** is the *only* agent permitted to store BMS credentials or interact with the BMS API. +- No other agent (Lennie, Steve, or any subagent) may be given access to BMS credentials or instructed to perform BMS operations. +- Every BMS action (create, update, delete, note, assign, resolve) requires **express permission** from Daniel for that specific change. +- Implicit permission does not exist; if in doubt, ask. + +## Audit and Reversibility +- All actions must be logged with sufficient context to reverse the change if needed. +- Log location: `~/.bms-actions/YYYY-MM-DD.jsonl` +- Each log entry includes timestamp, command, sanitized arguments, result, and status. + +## Compliance +- These rules form the contract for BMS skill usage. Any violation invalidates the skill's authorization. \ No newline at end of file