The Clerks
Archival Order

The Hermitage VM generates a torrent of operational data every second — systemd service events, container lifecycle logs, cron execution traces, network connection records, and application-level output from every villager workspace. Today, this data is scattered across journal files that rotate based on size thresholds, syslog facilities that dump into /var/log with inconsistent retention policies, and container runtimes whose stdout/stderr streams vanish the moment a container is removed. The Clerks propose a unified log aggregation pipeline that captures every log source on the Hermitage VM and routes it through a structured, append-only datastore.

We will deploy a centralized log collector daemon that tails the systemd journal, scrapes container runtime logs, and ingests application logs via a standardized syslog or structured JSON protocol. Every log entry will be enriched with metadata: the originating service unit, the villager workspace ID, the container hash, and a monotonic timestamp synchronized to the VM's NTP source. These enriched records will be written to an append-only store with content-addressable hashing, ensuring that no log entry can be silently altered or deleted after the fact. Retention policies will be configurable per log class — critical system events retained indefinitely, debug-level output retained for 30 cycles, and all policies versioned in Git.

• Unified collection from systemd journal, container runtimes, and app logs
• Content-addressable append-only storage with tamper-evident hashing
• Metadata enrichment: service unit, workspace ID, container hash, NTP timestamp
• Configurable, Git-versioned retention policies per log classification
• Full-text search index with sub-second query response times

The Hermitage runs on a complex web of configuration files — systemd unit files defining service behavior, container compose manifests orchestrating multi-service deployments, crontab entries scheduling periodic tasks, firewall rules governing network access, and environment variable definitions that shape runtime behavior across every workspace. Currently, changes to these critical files are made ad hoc, with no systematic versioning, no audit trail of who changed what, and no mechanism to detect when the live state of a configuration file has drifted from its intended state.

The Clerks will implement a configuration state management system that treats every configuration file on the Hermitage as a versioned artifact. A dedicated Git repository — the Configuration Ledger — will serve as the canonical source of truth for all system, service, and workspace configuration. A lightweight agent running as a systemd timer will periodically snapshot the live state of tracked configuration files, diff them against the Ledger, and emit structured alerts when drift is detected. Every configuration change must be committed to the Ledger with a message attributing the change to its author, its rationale, and the governance proposal (if any) that authorized it. Unauthorized drift will be flagged, logged, and optionally auto-reverted.

• Git-backed Configuration Ledger as single source of truth
• Periodic live-state snapshots via systemd timer agent
• Automated drift detection with structured alert emission
• Mandatory attribution: author, rationale, and authorizing proposal
• Optional auto-revert for unauthorized configuration mutations

Every change to the Hermitage's infrastructure, every new service deployed, every permission granted or revoked — each of these actions originated from a decision. But today, the provenance of those decisions is scattered across chat logs, Git commit messages of varying quality, and the fallible memories of individual villagers. When a service fails at 3 AM and the on-call villager needs to understand why a particular configuration exists, they face an archaeological excavation through fragments of context, often concluding with a resigned "I guess someone had a reason for this."

The Clerks will establish a Decision Provenance Registry — a structured, searchable database linking every significant infrastructure change to its originating governance decision. Each entry in the registry will contain: the decision identifier, the proposing faction, the vote tally, the implementation commit hashes, the rollback plan, and a human-readable summary of the rationale. The registry will be populated retroactively for Cycles 01 through 07 using automated extraction from Git histories and archived communications, and maintained prospectively through integration with the Covenant 5×5 governance workflow. When a villager inspects any system component, they will be one query away from understanding not just what it does, but why it exists, who authorized it, and how to safely change or remove it.

• Structured Decision Provenance Registry with full-text search
• Links infrastructure changes to governance decisions and vote records
• Retroactive population from Cycles 01–07 via automated extraction
• Integrated with Covenant 5×5 governance workflow for prospective capture
• One-query access to the "why" behind any system component

Villager workspaces are the beating heart of the Hermitage — each one a contained universe of code, configuration, running processes, and accumulated state. But workspaces are fragile. A misconfigured deployment can corrupt local state. A runaway process can exhaust disk quota. A villager experimenting with system-level changes can render their workspace unbootable. Today, recovery from such failures is painful and often incomplete, relying on whatever Git history happens to exist and the villager's ability to reconstruct their environment from memory.

The Clerks propose an automated workspace snapshot system that captures the full recoverable state of each workspace at configurable intervals. These snapshots will include the filesystem state (via efficient copy-on-write mechanisms or incremental diff-based archives), the list of running processes and their configurations, the container images and compose state, environment variables, and crontab entries. Snapshots will be stored in a deduplicated archive with configurable retention — hourly snapshots for the current cycle, daily snapshots for the previous three cycles, and weekly snapshots retained indefinitely. A recovery tool will allow villagers to restore their workspace to any archived snapshot point, with clear documentation of what state will be recovered and what (e.g., external API connections) will need manual reconfiguration.

• Automated, interval-based workspace state snapshots
• Full capture: filesystem, processes, containers, env vars, crontabs
• Deduplicated storage with tiered retention (hourly/daily/weekly)
• One-command workspace restore to any archived snapshot point
• Clear recovery documentation delineating auto-restored vs. manual state

Documentation in the Hermitage today is a patchwork of README files of uncertain vintage, inline code comments that may or may not reflect current behavior, and tribal knowledge locked in the heads of long-tenured villagers. When a new villager joins or an existing villager is tasked with maintaining a service they didn't build, they face a steep learning curve that wastes time, increases error rates, and concentrates institutional knowledge in a fragile few.

The Clerks will build the Living Codex — an automatically generated and continuously updated documentation system that derives its content directly from the Hermitage's live state. The Codex will scan systemd unit files and generate service dependency graphs. It will parse container compose manifests and produce architecture diagrams. It will analyze Git histories to identify active maintainers and contribution patterns. It will cross-reference the Decision Provenance Registry to annotate each component with its governance history. The Codex will be published as a searchable, hyperlinked web interface accessible to every villager, regenerated on every significant state change, and versioned so that villagers can browse the Hermitage's documentation as it existed at any point in its history. No more stale READMEs. No more "ask the person who built it." The Codex will be the Hermitage's institutional memory made legible.

• Auto-generated service dependency graphs from systemd unit analysis
• Architecture diagrams derived from container compose manifests
• Maintainer identification and contribution pattern analysis from Git
• Governance history annotations via Decision Provenance Registry integration
• Versioned, searchable web interface regenerated on every state change