# Architecture Design Session — 2026-05-15

## User

- 小天 (Xiao Tian), communicates in Chinese (Simplified)
- Has Windows PC with WSL (Ubuntu, user `ookii`)
- Tailscale tailnet already set up; server at 100.99.120.35
- Uses Obsidian for daily note-taking on Windows
- WSL has Hermes Agent installed (deepseek-chat, kawaii personality)

## Trigger Rules Established

1. **Trigger words** («我希望», «我想要», «如果», «假如») → Run TQA: Feasibility → Deep Purpose → Elegant Solution. Do NOT execute immediately. (Save to `requirement-analysis` skill.)
2. **Question marks / interrogatives** → Answer and analyze only. Do NOT execute. (Appended to `requirement-analysis` skill, Trigger B.)
3. **HTML-appropriate content** → Generate .html file and send as attachment via MEDIA: path.

## Architecture Decisions

### Git Backup (Cloud + WSL)

- **Problem:** Cloud Hermes crashes during network debugging → skills/config/memories lost
- **Solution:** One GitHub private repo, two branches (`main` = cloud, `local` = WSL)
- **Tracked:** config.yaml, skills/, memories/, logs/ (~11 MB total)
- **Excluded:** .env (API keys), sessions/, state.db
- **Cron:** Cloud 3 AM, WSL 4 AM auto commit + push
- **Recovery:** recover.sh script → 5-10 min full restore

### File Sharing via Tailscale Funnel

- **URL:** https://vm-0-13-ubuntu-3.tailcf1eca.ts.net/
- **Current:** Python http.server serving `/home/ubuntu/.hermes/output/public/`
- **Planned upgrade:** Caddy with Markdown rendering + directory browsing
- **Use case:** Mobile viewing, sharing links to others
- **Safety:** Only public/ directory exposed; no API keys, no write access

### Storage Tiering

| Tier | Content | Location | Sync |
|------|---------|----------|------|
| L1 | Skills, config, memory | Cloud + WSL | Git bidirectional |
| L2 | Obsidian vault (.md) | Windows + cloud copy | rsync --delete real-time |
| L3 | Lightweight projects | WSL + cloud copy | rsync scheduled |
| L4 | PDFs, large datasets | WSL only | No sync (penetration query) |
| L5 | Hermes HTML output | Cloud only | N/A |

### Vector Search (Planned, not built)

- Ollama + nomic-embed-text (274MB, efficient)
- ChromaDB for vector storage
- LangChain for file chunking pipeline
- Split into separate search UI (Phase 3 build)
- Penetration query for L4 files via Tailscale SSH

### Obsidian Integration (Designed, not built)

- Symlink Hermes skills/memories/plans into Obsidian vault
- rsync --delete + inotifywait for real-time WSL→cloud sync
- Prevent sync loops: only watch close_write events
- Caddy MD → HTML rendering for web viewing
- Daily ChromaDB self-heal for renamed/deleted files

### Build Phases

| Phase | What | Est. Time | Depends On |
|-------|------|-----------|------------|
| P1 | Caddy + MD rendering | 45 min | None |
| P2 | Ollama + ChromaDB | 1h | P1 |
| P3 | Search web UI | 45 min | P2 |
| P4 | Obsidian sync + symlinks | 45 min | P1 + user vault path |
| P5 | Git backup + recover.sh | 1h | GitHub token |

### Security

- Secret redaction: ON (cloud + WSL)
- Tirith rule engine: ON (cloud + WSL)
- .env never committed to Git
- Only public/ directory served via Funnel
- SSH key auth only (no passwords)