# Sharing Policy This org is accessible to external collaborators — external coaches, writers, reviewers. Treat it as a semi-public space. Before committing anything here, check the lists below. ## ✅ Safe to commit - Article prose (drafts, iterations, finals) - Tool output values for specific hands referenced — solver action frequencies, equity, ranges, blockers per hand. These per-hand results are not IP. - Reviewer feedback files - Editorial decisions - Claude transcripts where ideation happened (ad-hoc track) - Image references — URLs, captions, alt text - Article structure files, outlines, briefs - Hygiene check status (the canonical numbers are already public at internals.quintace.ai/solver-qa/#hygiene) - Verifier outcomes per claim (PASS / FAIL / AMBIG) ## ❌ Never commit - DA pipeline prompt internals (CAI track — decomposer, FactGraph, ClaimManifest, verifier-first work) - System prompts for the DA pipeline / quint-ai surface (ad-hoc publishing pipeline prompts in `ad-hoc/tools/generate_tier2.py` etc. are **carved out** — see below) - Knowledge layer modules (CAI track) - MCP server code, agent implementations, any `quint-ai` repo content - Solver / RLServ endpoint URLs, model names (`moe_dynamic_*`), training details - Decomposer / FactGraph / ClaimManifest schemas (Chang's verifier-first work) - DA pipeline orchestration code, deployment scripts, GitHub Actions internals - Partner-specific data (WPT / Gold / Global stats, partner-tagged player data, anything partner-confidential) - Coach roster, comp, contract terms - Unpublished competitive intel, fundraising material, investor decks - Anything from `engineering-department/`, `hr-department/`, `company/` in the internal repos - Raw research from `engineering-department/gameplay-ai/projects/llm-verifier-game-expansion/` — the upstream of the ad-hoc publishing pipeline. Books rendered from it ship here; the source `.md` files stay internal. ## 🟢 Carve-out — ad-hoc publishing tools (committed deliberately) The 82 publishing tools in `ad-hoc/tools/` and their embedded prompts (in `generate_tier2.py`, `review_article.py`, `review_article_editorial.py`) are committed publicly **on purpose** (Thanh 2026-05-24, ad-hoc retirement decision): - External collaborators studying our publishing methodology benefit from seeing the actual pipeline that produced the rendered books and articles. - The tools alone are **inert** without (a) cross-workspace access to `engineering-department/.../llm-verifier-game-expansion/` raw research, and (b) an Anthropic API key. So shipping the source does not let an outsider rebuild books on their own. - The system prompts in these tools are **voice + format guidance** for publishing — not the deeper DA-pipeline / verifier-first IP that stays in the CAI track. The contract: tools-as-build-system internally; tools-as-documentation publicly. See `ad-hoc/tools/REBUILD.md` for the operator guide. ## ⚠️ Gray zone — be deliberate - `tool_trace.json` — share the resolved data for the specific hand; do NOT include pipeline metadata, agent runtime info, or anything beyond per-hand solver/equity/range output - `claim_manifest.json` — share per-claim PASS/FAIL outcomes if needed; do NOT share the decomposer schema itself - Per-article methodology notes — if your notes describe HOW the pipeline was invoked (which prompts, which tools, in what order), keep those in the internal repo. The article itself is public-bound; the methodology used to make it may not be. ## When unsure Default to "this stays in the internal repo." If you're not certain something is safe to share here, ask in `#cai_general` (internal Slack) or DM @Thanh / @Harold before pushing. ## Pre-push audit Before opening a PR, grep your changed files for: - Anything in the never-commit list above - Email addresses other than your own - API keys, tokens, secrets - Internal URLs (e.g. `*.aceguardianrl.com`, internal staging URLs, prompt repo paths) If anything looks borderline, don't push. Ask first. ## What if I accidentally commit something I shouldn't? Tell Thanh immediately. The fix is: 1. Force-push a clean version (rewriting history) 2. Rotate any secrets that may have been exposed 3. Note the incident so we tighten the audit