Skip to main content

ADR-023 — Tenant Restructure Decision

Status: Accepted 2026-05-07
Cross-reference: This follows the ANVIL Filesystem Sweep (Mechanical) — ADR-022. Phase D addresses organizational/tenant concerns.

Context

ADR-022 documented the mechanical filesystem sweep — orphans, broken refs, PHANTOM daemons. After completion CEO observed that the home tree, while mechanically clean, remained semantically misorganized:

"Zelim da sam ponosan file strukture, a ne da sam zabrinut."
"alai.no/ucenje" — Alem's personal Quran-19 scholarly site lives inside the ALAI commercial brand tree.

A 6-agent multi-perspective audit (Petter / Brad / Parisa / Lexicon / Kelsey / Skybound) produced ~84 findings, ~22 convergent across 3+ angles. The unanimous top finding: personal scholarly content under commercial brand surface = brand contamination + GDPR exposure + blocks divestment.

Beyond ucenje, the audit surfaced:

  • BasicConsulting AS treated as separate legal entity in tree (vedtekter, share register expectations) when in fact it is a domain only owned by ALAI Holding AS (CEO clarified post-audit)
  • ALAI-Tech-DOO is a real legal subsidiary (RS d.o.o., Bosnia/Serbia distribution of Bilko/Tok/Drop) but lived under ~/companies/ mixed with agent personas
  • 12 agent personas (CodeCraft, Vizu, FlowForge, etc.) mislabeled as "companies" in ~/companies/
  • Client work scattered across ~/projects/ mixed with ALAI internal engineering
  • CEO personal data (CV 19×, NAV records, employment-verification PII) scattered across business trees
  • ~/Public/ containing CEO PII (employment-verification, ownership cert, firmaattest) — local-network readable
  • Lumiscare client .env files committed to git history (auth bypass flags)
  • Planka .env at 644 perms; Snowit terraform.tfstate one accidental git add . from leak

Decision

Implement multi-tenant home tree with strict isolation per legal entity / personal scope / client scope:

~/business/                # legal entities (ALAI corporate group)
├── ALAI-Holding-AS/      # commercial parent (renamed from ~/ALAI/)
└── ALAI-Tech-DOO/        # RS d.o.o. subsidiary

~/personal/                # CEO natural-person scope (NEW)

~/clients-external/        # one canonical subdir per client (NEW)

~/system/                  # orchestration runtime
└── agents/personas/      # agent persona definitions (12)

~/projects/                # ALAI internal engineering repos ONLY (8 entries, was 23)

Backward compatibility:

  • ~/ALAI symlinked to ~/business/ALAI-Holding-AS/ for 158 LaunchAgent paths grace period
  • ~/companies symlinked to ~/system/agents/personas/ for 10+ daemon/tool refs grace period

Sub-decisions

#DecisionRationale
D-1~/ALAI/ renamed to ~/business/ALAI-Holding-AS/Tenant isolation, name reflects legal entity
D-2Symlink ~/ALAI → canonical preserved158 daemons hardcode old path; rewrite is non-urgent TD
D-3~/companies/ removed entirelyWas anti-pattern; entities → ~/business/, personas → ~/system/agents/personas/, brand-only domains → not a tree
D-4ALAI-Tech-DOO promoted to peer entityReal legal subsidiary per company.json
D-5BasicConsulting NOT a treeCEO clarified: domain only (basicconsulting.no), no firma. Domain assets → ~/business/ALAI-Holding-AS/brand-surfaces/basicconsulting.no/
D-6~/personal/ createdSeparation of CEO personal scope from business; GDPR purpose limitation
D-7~/clients-external/ createdTenant isolation per client; ends ~/projects/ sprawl
D-8ucenje extractedPersonal scholarly project moved to own repo (johnatbasicas/ucenje) + own subdomain (ucenje.alai.no); 301 redirect from alai.no/ucenje/*
D-9Agent personas relocated12 personas (CodeCraft / Vizu / etc.) → ~/system/agents/personas/; symlink ~/companies → here for tool/daemon backward compat
D-10KenanHot reclassified product → clientKenan Hot is a person (soccer player, knyhot.pro), not an ALAI product
D-11FreeMyEV stub merged into clientWas duplicate (stub in products/, active in clients-external)
D-12ufs/ renamed unified-form-service/Opaque acronym → descriptive; placed under products/ (deployed at forms.alai.no)
D-13architecture/ and services/ renamed in ALAI-Holding-ASDisambiguate from ~/system/architecture/ and ~/system/services/ (operational vs commercial) — architectureproduct-architecture, servicesservice-catalog

Consequences

Positive

  • 13 named clients in ~/clients-external/ (one tenant per subdir, no cross-contamination)
  • 9 ALAI products in ~/business/ALAI-Holding-AS/products/ (no client-as-product misclassifications)
  • 12 agent personas in ~/system/agents/personas/ (correct semantic home; no longer "companies")
  • 2 legal entities under ~/business/ (Holding AS + Tech DOO; no third entity confusion)
  • CEO personal scope isolated under ~/personal/ (cv, nav, scholarly, code, real-estate, legal-personal)
  • ~/projects/ narrowed from 23 → 8 entries (ALAI internal engineering only)
  • ucenje brand contamination resolved (ucenje.alai.no separate, alai.no/ucenje 301)
  • 26 GB freed (ollama.tar.gz cleanup) + 16 GB freed (test scaffolds + companies archive)
  • ~/Public PII quarantined to ~/personal/legal-personal/ (5 sensitive PDFs no longer local-network readable)
  • ~/companies/ completely removed (anti-pattern eliminated)

Negative

  • 158 LaunchAgent paths still resolve via ~/ALAI symlink (TD: rewrite to canonical, ≥30d grace)
  • 10+ tool/daemon refs to ~/companies/ resolve via symlink (TD: same grace, lower priority)
  • _legacy-bc-2026-05-07/ content from BasicConsulting unwind required manual reconciliation into clients/Entur/ and clients/RPG/ (DONE, but added one-time manual step)
  • 19 CV references across grant submissions remain in place (each is a submission artifact, not a duplicate to dedup)
  • Some opaque-name decisions deferred (internal/ left as-is — well-organized but generic name)

Neutral

  • Boot health unchanged (29/29 daemons loaded, 0 failing, before and after)
  • Git histories preserved (used git mv for in-repo moves, plain mv for cross-repo)
  • ALAI-Tech-DOO retains its own git repo and .alai/ orchestration metadata

Alternatives Considered

AlternativeWhy rejected
Status quo (semantic chaos accepted)CEO explicit "zelim da sam ponosan, ne zabrinut" + Lexicon legal exposure findings
Storage-only deeper sweep (no rename)ucenje brand contamination is structural, not storage
~/tenants/ umbrella with per-tenant subdirEquivalent to chosen ~/business/ + ~/personal/ + ~/clients-external/, but less natural-language for CEO solo founder
Hard rewrite of all LaunchAgent paths in same operationHigh risk; symlink grace period is industry-standard
Move ucenje to broj19.com (own domain, $12/year)Subdomain ucenje.alai.no is sufficient (CEO Decision #1B); domain purchase deferred
Keep BasicConsulting as separate entity treeCEO clarified there is no separate firma; would create maintenance burden for non-existent legal entity

Implementation

WaveScopeResult
W1-A (BLOCKER)Unload 3 PHANTOM daemons (mlx-router, db-ttl-sweep, distillation-scorer)DONE — boot failure resolved, 56 → 53 com.alai daemons
W1-B (bulk cleanup)Archive + delete 35 paths; settings.bak retention; ~/~ cleanup; ~/projects/ALAI collisionDONE — 30 valid tar archives in ~/backups/_archive/anvil-fs-sweep-2026-05-07/, ~9GB freed
W1-C (split-brain)6 active pairs merged/renamed; ~/ALAI/CLAUDE.md surgical updateDONE — agents merged, architecture/services renamed for disambiguation
W2 (docs)canonical-registry.md, ADR-022, drift-detection-design.mdDONE — MC #99701
W3 (validation + publish)Proveo E2E, BookStack publishDONE — Proveo 9/10 PASS, BookStack shelf 2845
Phase A (org-audit quick wins)chmod planka, gitignore tfstate, PII quarantine, ollama.tar.gz deleteDONE
Phase B (ucenje extract)New repo + CF Pages + 301 redirectDONE — ucenje.alai.no live, 301 verified
Phase D.1 (personal + clients-external)Skeleton + AlemPersonal + client repo migrationDONE
Phase D.2 (~/ALAI rename)Symlink-based canonical renameDONE
Phase D.3 (agent personas)12 personas → ~/system/agents/personas/DONE
Phase D.4 (BasicConsulting unwind + companies removal)Tenant cleanup + symlink for daemon backward compatDONE
Phase D push-through_multi-client-hub split, virtual-serbia classification, _legacy-bc reconciliation, futureProjects removal, ufs rename, KenanHot reclassification, FreeMyEV stub merge, nav-bc-residual mergeDONE

References

  • Multi-perspective audit: ~/system/specs/anvil-organizational-audit-2026-05-07.md
  • Sub-agent reports: /tmp/anvil-org-audit/01-petter*.md06-skybound*.md
  • Mechanical sweep ADR: ~/system/architecture/decisions/ADR-022-anvil-fs-sweep-2026-05-07.md
  • Canonical registry: ~/system/specs/canonical-registry.md (post-D updates)
  • Tree blueprint (NEW): ~/system/specs/anvil-tree-blueprint-2026-05-07.md
  • Git structure rules (NEW): ~/system/specs/anvil-git-structure-2026-05-07.md
  • Memory entries: project_alai_entity_identity_clarified_2026-05-07.md, project_anvil_phase_d_done_2026-05-07.md
  • MC chain: #99710 (org audit parent), #99742 (Phase B.1), #99744 (Phase B.2), #99722 (Brønnøysund — closed), #99723 (BC clarification — pending close), #99724 (Lumiscare notification), #99725 (Telegram revoke)
  • Live deployment: https://ucenje.alai.no, https://github.com/johnatbasicas/ucenje

No comments to display

Back to top