Rule 1
Freeze the vocabulary
Manifest, share, receipt, audit event, and reachability descriptor must mean one thing everywhere in the repo and paper.
Build with AI agents
A disciplined coding flow for agent-driven development
The coding pack stops agents from rushing into frontier cryptography before the file lifecycle, evidence model, and reachability baseline are stable.
Getting started
Three rules for agent coding
Follow these rules to keep AI agent contributions clean, testable, and aligned with the architecture.
Rule 2
Give every agent one lane
Storage agents build manifests. Network agents build reachability. Evidence agents build receipts. UI agents explain, never redefine backend semantics.
Rule 3
Demand tests and evidence
No feature is complete unless it is tested and surfaced in evidence logs or explanation cards where appropriate.
Implementation order
Exact build sequence
Build order
Start here
1. Chunk store + deterministic manifests
2. Audit log + checkpoints
3. Share links + expiry
4. Resumable transfer + segment receipts
5. UPnP/NAT-PMP + signed probe
6. Encrypted relay fallback
7. Explanation cards + export bundles
8. Hybrid PQ interfaces + reproducible builds
Prompting guide
Never ask for "the whole system"
Use small prompts with explicit boundaries, invariants, files to touch, and tests to add.
Agent roles
Specialized agent prompts
Each agent has a focused scope. Use the matching prompt file from codex/PROMPTS/.
Bootstrap
bootstrap_agent.md
Sets up the repository structure, CI pipeline, and initial project scaffolding.
Storage
storage_agent.md
Implements chunking, content-addressed storage, manifests, and deduplication.
Network
network_agent.md
Builds reachability: UPnP, NAT-PMP, hole-punching, DNS binding, and relay fallback.
Evidence
evidence_agent.md
Creates the audit log, signed receipts, delivery confirmations, and export bundles.
Admin UI
admin_ui_agent.md
Builds the explanation surface: evidence cards, status dashboard, and operator trust interface.
Formal methods
formal_methods_agent.md
Adds formal verification, invariant checking, and property-based testing for critical subsystems.
Review process
Review every contribution
Review checklist
Review for threat-model drift
After each agent contribution, compare the patch against the threat model.
1. Read AGENTS.md
2. Pick one issue from ISSUE_MAP.csv
3. Provide the matching prompt to the agent
4. Require tests and export-surface updates
5. Review for threat-model drift before merge
Key questions:
- Did this increase metadata leakage?
- Did it make path selection opaque?
- Did it bypass the evidence model?