Proposal: Separate Core, Configuration, and User Extensions in AIOS Projects

[riaworks]

# Proposal: Separate Core, Configuration, and User Extensions in AIOS Projects

Type

Architecture / Enhancement Proposal

---

Context

As AIOS-Core evolves — particularly with recent improvements around security, integrity validation, and signed manifests — it becomes increasingly important to formalize a clear separation between immutable core code, project-level configuration, and user-defined extensions.

Without an explicit architectural contract, projects may experience:

• loss of user configuration during Core updates
• users modifying Core internals unintentionally
• broken or inconsistent project structures
• increased maintenance, support, and security risks

This Issue proposes a clean, explicit, and enforceable project structure aligned with best practices for extensible systems and secure software distribution.

---

Goals

• Establish the AIOS Core as an immutable component
• Prevent user configuration and extensions from being overwritten during updates
• Improve security, predictability, and maintainability
• Provide a clear mental model for users and contributors
• Prepare the project for long-term extensibility and growth

This proposal is intentionally focused on architecture and structure, not implementation details.

---

1. Project Configuration File

Proposal

Introduce a single configuration file at the project root, preferably in JSON format:

.aios-core-config.json

(YAML may be optionally supported, but JSON should be the default.)

Rationale

• JSON is stricter and easier to validate
• Reduces user error compared to YAML
• Enables schema-based validation (e.g., JSON Schema)
• Provides a stable and predictable configuration surface

Location

The configuration file must live at the project root, not inside the Core directory:

/ (project root)
├── .aios-core-config.json
├── .aios-core/
├── .aios-extends/

Why this matters

• Prevents configuration loss when the Core is replaced or updated
• Reinforces the Core as an immutable, managed component
• Keeps project-specific concerns outside Core boundaries

The configuration file may include:

• paths to extension directories
• project-level AIOS settings
• feature flags and runtime options
• future configuration without modifying Core internals

---

2. Architectural Rule: Core Immutability

Principle

The .aios-core directory must never be manually edited by users.

It should only be modified through:

• official AIOS updates
• controlled, automated processes

Rationale

• Preserves integrity and security guarantees
• Prevents accidental corruption
• Enables validation and trust mechanisms
• Simplifies upgrades and support

Recommendation

Every AIOS agent or project should include a basic rules document (.md) stating, as the first rule:

❗ Never manually edit the .aios-core directory.

---

3. User Extension Structure

Proposal

All user-defined functionality — such as custom agents, workflows, tasks, tools, or project-specific logic — should live outside the Core, in a dedicated directory at the project root:

.aios-extends/

Suggested Structure

.aios-extends/
├── agents/
├── workflows/
├── tasks/
├── tools/
├── etc/

This structure may mirror the Core layout but must not override or modify Core files.

Rationale

• Prevents user extensions from being lost during updates
• Enables independent versioning of custom logic
• Keeps the Core clean, auditable, and secure
• Improves contributor understanding and onboarding

---

4. Installation and Developer Experience

Proposal

During initial AIOS setup:

• Automatically create:

  • .aios-core-config.json
  • .aios-extends/

• Include a .README.md file in each extension subdirectory explaining:

  • its purpose
  • what belongs there
  • basic usage examples

Optional Enhancement

Provide a helper command:

aios init-extends

Which would:

• scaffold the extension directory structure
• generate README files
• prepare the project for safe and supported customization

---

5. Benefits

• Clear and enforceable architecture

• No loss of user data during Core updates

• Stronger security and integrity guarantees

• Improved developer experience (DX)

• Easier maintenance and support

• Clean separation between:

  • Core (immutable)
  • Configuration (project-level)
  • Extensions (user-defined)

---

Open Questions for Discussion

• Should YAML be supported alongside JSON, or only JSON?
• Should the config file name be fixed or configurable?
• Should multiple extension roots be supported?
• How strictly should Core immutability be enforced (warnings vs hard errors)?

---

Conclusion

This Issue does not propose immediate code changes.
Instead, it aims to establish a clear architectural contract between AIOS-Core and the projects that use it.

By defining explicit boundaries between Core, configuration, and extensions, we can significantly improve security, extensibility, and long-term maintainability.

Feedback and discussion are encouraged before any implementation PR is opened.

[github-actions]

👋 Welcome to AIOS!

Thanks for opening your first issue! We're excited to have you here.

What happens next?

• A maintainer will review your issue and add appropriate labels
• We'll respond as soon as possible
• Feel free to join the discussion in our Community Discussions

Helpful Resources:

• 📖 Contributing Guide
• 💬 Community Discussions
• 📚 Documentation

Labels Guide:

• good-first-issue - Great for newcomers
• help-wanted - We need community help
• bug - Something isn't working
• enhancement - Feature requests

Thanks for helping make AIOS better! 🚀

[riaworks]

Addendum: AIOS Project Directory and Context Isolation

This document is an addendum to Issue #57 – Proposal: Separate Core, Configuration, and User Extensions in AIOS Projects.

The purpose of this addendum is to reinforce context isolation, structural clarity, and agent determinism in AIOS projects, especially in environments where multiple LLMs and coding assistants coexist (AIOS, Claude Code, Cursor, Copilot, etc.).

---

🎯 Problem Statement

In real-world projects, it is common to encounter:

• Documentation generated by different LLMs being mixed together
• Files created unintentionally outside the intended project context
• Ambiguity for agents regarding where to read from and where to write to
• Users being unsure which documentation truly belongs to AIOS

This leads to:

• Reduced reliability
• Poor traceability
• Context contamination between tools
• Increased maintenance and cognitive load

---

✅ Proposal: Dedicated AIOS Project Directory

In addition to separating Core / Config / Extensions, this proposal introduces a dedicated and explicit AIOS project workspace.

📁 Directory Naming Convention

aios-project-[project-name]/

• [project-name] should be requested during installation
• If not provided, a safe fallback must be used:

aios-project-default/

This directory becomes the official AIOS project context.

---

🧠 Core Objectives

• Prevent mixing AIOS documentation with other LLM-generated artifacts

• Allow users to explicitly choose whether AIOS documentation should be used

• Ensure all agents know exactly:

  • where to read documentation
  • where to write artifacts
  • which structural rules apply

• Apply an MVC-like philosophy, but at the project context level

---

⚙️ AIOS Project Configuration File

Introduce a dedicated configuration file for AIOS projects:

.aios-project-configs.json

This file allows:

• Multiple AIOS projects in a single repository
• Explicit declaration of the active project
• Global enforcement rules for agents

---

📄 Example: .aios-project-configs.json

{
  "aios.projects": {
    "default": "aios-project-default",
    "active": "aios-project-my-product"
  },

  "aios.projects.paths": {
    "aios-project-default": "/aios-project-default",
    "aios-project-my-product": "/aios-project-my-product",
    "aios-project-client-x": "/aios-project-client-x"
  },

  "aios.projects.rules": {
    "agents_must_read_config_on_activation": true,
    "agents_must_respect_project_paths": true,
    "deny_writes_outside_project": true
  }
}

---

📂 Internal AIOS Project Structure

Each aios-project-[project-name] directory must follow a deterministic and semantic structure:

aios-project-[project-name]/
├── docs/        # Documentation only
├── stories/     # Stories / narratives only
├── tasks/       # Executable tasks only
├── logs/        # Logs and traceability
├── assets/      # (optional) supporting files
└── README.md

Example with multiple projects

aios-project-my-product/
├── docs/
├── stories/
├── tasks/
└── logs/

aios-project-client-x/
├── docs/
├── stories/
├── tasks/
└── logs/

---

🤖 Mandatory Rules for AIOS Agents

Suggested architectural rule:

Every AIOS agent must:

1. Read .aios-project-configs.json upon activation
2. Identify the active AIOS project
3. Strictly respect the configured paths
4. Read and write files only inside the active AIOS project directory

This prevents scenarios such as:

• Claude Code generating documentation in the wrong context
• Agents mixing artifacts from different projects
• Accidental writes to Core or non-authorized directories

---

🧰 Installation / Setup Script Behavior

The AIOS installation or setup script must:

• Detect whether project directories already exist
• Create only what is missing
• Never overwrite client project folders

Conflict Handling

If a partial structure is detected, the installer should explicitly ask whether to:

1. Complete the missing structure only
2. Create a backup and generate a new clean structure
3. Abort without making changes

Example prompt:

“Partial AIOS project structure detected. Do you want to:
(1) Complete existing structure
(2) Create new structure with backup
(3) Cancel operation”

---

🧾 Direct Benefits

• Strong context isolation
• Absolute clarity for users and agents
• Predictable and auditable structure
• Native support for multiple AIOS projects
• Solid foundation for manifests, validation, and future security layers

---

📌 Conclusion

This addendum reinforces that AIOS is not just a Core, but a project context orchestrator.

An explicit aios-project-[project-name] directory introduces architectural discipline, prevents context leakage between LLMs, and prepares the AIOS ecosystem for professional, multi-project environments.

[riaworks]

Exemplo de organização de configuração AIOS, ele não pode poluir o Claude.md e se tornar um problema nos momentos de atualização, com merge ou backup.

Aconselho a manter um Claude.md limpo seguindo o padrão de de uso de imports como exemplo do meu projeto!

Imports

RIAWORKS Framework

@../.aios-projects/riaworks/riaworks-root.md

AIOS Agent System (Optional)

@../.aios-projects/aios-root.md

Toda a configuração do AIOS fica isolada em a /.aios-projects/aios-root.md

E permite ao usuário ter seus próprios agentes também.

⎿ Loaded .aios-projects\riaworks\riaworks-root.md
⎿ Loaded .aios-projects\riaworks\CORE\01_RULES\rw-commands.md
⎿ Loaded .aios-projects\riaworks\CORE\01_RULES\code-style.md
⎿ Loaded .aios-projects\riaworks\CORE\01_RULES\testing.md ⎿ Loaded .aios-projects\riaworks\CORE\01_RULES\git.md
⎿ Loaded .aios-projects\riaworks\CORE\01_RULES\docs.md
⎿ Loaded .aios-projects\riaworks\CORE\03_KNOWLEDGE\architecture.md
⎿ Loaded .aios-projects\riaworks\CORE\03_KNOWLEDGE\handlers\00_README.md
⎿ Loaded .aios-projects\aios-root.md

ANÁLISE CLAUDE CODE:
● Entendi a arquitetura. Você tem um pattern limpo

• CLAUDE.md = projeto-específico, usa @ imports - .aios-projects/aios-root.md = config AIOS separada

• .claude/CLAUDE.md = deveria ser leve, não um dump do AIOS

[nikolasdehor]

Boa proposta @riaworks. A separação core/config/extensions é fundamental. Na prática, o AIOX já tem esse modelo com as 4 camadas (L1-L4) definidas no CLAUDE.md, mas a enforcement ainda é parcial. Os deny rules em settings.json protegem L1/L2, mas L3/L4 dependem de convenção. Posso ajudar a formalizar isso com validação automática no CI se houver interesse.

[nikolasdehor]

Essa proposta é muito relevante! A separação de Core, Configuration e User Extensions resolveria vários problemas que vemos hoje:

1. Conflitos de manifest — toda branch conflita em install-manifest.yaml porque core e config estão juntos
2. Framework protection — o frameworkProtection em core-config.yaml existe justamente porque não há separação clara
3. Contribuições de comunidade — extensões de usuário ficam misturadas com o core, dificultando review

Podemos ajudar na implementação se houver alinhamento com a proposta. Temos experiência com o padrão de camadas L1-L4 que já existe no projeto.