Proposals
Proposals that the rig has shipped, is shipping, or rejected. Proposals declare user_story: and optionally source_research: in their frontmatter; superseded proposals chain via supersedes: / superseded_by:.
- Multi-Tenancy — Serving Multiple Isolated Customers on The Rig How The Rig runs many customers/partners on one platform with hard isolation — a shared control plane plus a per-tenant siloed data plane, keyed on a server-resolved tenant_id. Covers per-layer isolation, cross-tenant LLM-leakage controls, the client-notification model, per-tenant cost metering, GDPR, and a phased rollout.
- Worked Example — Planning the First User Story A concrete demonstration of the development process from development-process.md applied to the first user story (dangerous-command guard). TaskSpec, issue decomposition, dependency graph, per-issue specs, rollout sequence, risks.
- Development Process — How the Trusted Rig Gets Built How to organize development, testing, and release for the trusted rig. Three-era bootstrap, team topology, per-tier testing strategy, quality gates, release cadence, feedback loops, emergency process. Opinionated, small-team, measurable.
- Agent Secrets Broker — Autonomous Secret Lifecycle for LLM Agents Architecture whitepaper for a capability-based secret lifecycle broker that lets local/cloud LLM agents mint, store, deploy, rotate, and retire secrets across Bitwarden, GitHub, SOPS, Kubernetes, and Cloudflare without plaintext ever entering a prompt, tool argument, or log line.
- Self-auditing rig — stuck-issue detection, memory, and recognition loop A closed feedback loop where the rig detects stuck issues, investigates, files them, captures fixes into memory, and recognises recurrences on next session. Replaces manual triage.
- Stage A — Compiled AGENTS.md with Schema Validation One PR to rig-gitops replacing hand-written AGENTS.md with a compiled, schema-validated, size-budgeted version