ADR-023 — Tenant Restructure Decision

Status: Accepted 2026-05-07 Cross-reference: This follows the ANVIL Filesystem Sweep (Mechanical) — ADR-022. Phase D addresses organizational/tenant concerns. Context ADR-022 documented the mechanical filesystem sweep — orphans, broken refs, PHANTOM daemons. After completion CEO observed that the home tree, while mechanically clean, remained semantically misorganized: "Zelim da sam ponosan file strukture, a ne da sam zabrinut." "alai.no/ucenje" — Alem's personal Quran-19 scholarly site lives inside the ALAI commercial brand tree. A 6-agent multi-perspective audit (Petter / Brad / Parisa / Lexicon / Kelsey / Skybound) produced ~84 findings, ~22 convergent across 3+ angles. The unanimous top finding: personal scholarly content under commercial brand surface = brand contamination + GDPR exposure + blocks divestment . Beyond ucenje, the audit surfaced: BasicConsulting AS treated as separate legal entity in tree (vedtekter, share register expectations) when in fact it is a domain only owned by ALAI Holding AS (CEO clarified post-audit) ALAI-Tech-DOO is a real legal subsidiary (RS d.o.o., Bosnia/Serbia distribution of Bilko/Tok/Drop) but lived under ~/companies/ mixed with agent personas 12 agent personas (CodeCraft, Vizu, FlowForge, etc.) mislabeled as "companies" in ~/companies/ Client work scattered across ~/projects/ mixed with ALAI internal engineering CEO personal data (CV 19×, NAV records, employment-verification PII) scattered across business trees ~/Public/ containing CEO PII (employment-verification, ownership cert, firmaattest) — local-network readable Lumiscare client .env files committed to git history (auth bypass flags) Planka .env at 644 perms; Snowit terraform.tfstate one accidental git add . from leak Decision Implement multi-tenant home tree with strict isolation per legal entity / personal scope / client scope: ~/business/ # legal entities (ALAI corporate group)
├── ALAI-Holding-AS/ # commercial parent (renamed from ~/ALAI/)
└── ALAI-Tech-DOO/ # RS d.o.o. subsidiary

~/personal/ # CEO natural-person scope (NEW)

~/clients-external/ # one canonical subdir per client (NEW)

~/system/ # orchestration runtime
└── agents/personas/ # agent persona definitions (12)

~/projects/ # ALAI internal engineering repos ONLY (8 entries, was 23)
 Backward compatibility: ~/ALAI symlinked to ~/business/ALAI-Holding-AS/ for 158 LaunchAgent paths grace period ~/companies symlinked to ~/system/agents/personas/ for 10+ daemon/tool refs grace period Sub-decisions # Decision Rationale D-1 ~/ALAI/ renamed to ~/business/ALAI-Holding-AS/ Tenant isolation, name reflects legal entity D-2 Symlink ~/ALAI → canonical preserved 158 daemons hardcode old path; rewrite is non-urgent TD D-3 ~/companies/ removed entirely Was anti-pattern; entities → ~/business/ , personas → ~/system/agents/personas/ , brand-only domains → not a tree D-4 ALAI-Tech-DOO promoted to peer entity Real legal subsidiary per company.json D-5 BasicConsulting NOT a tree CEO clarified: domain only ( basicconsulting.no ), no firma. Domain assets → ~/business/ALAI-Holding-AS/brand-surfaces/basicconsulting.no/ D-6 ~/personal/ created Separation of CEO personal scope from business; GDPR purpose limitation D-7 ~/clients-external/ created Tenant isolation per client; ends ~/projects/ sprawl D-8 ucenje extracted Personal scholarly project moved to own repo ( johnatbasicas/ucenje ) + own subdomain ( ucenje.alai.no ); 301 redirect from alai.no/ucenje/* D-9 Agent personas relocated 12 personas (CodeCraft / Vizu / etc.) → ~/system/agents/personas/ ; symlink ~/companies → here for tool/daemon backward compat D-10 KenanHot reclassified product → client Kenan Hot is a person (soccer player, knyhot.pro), not an ALAI product D-11 FreeMyEV stub merged into client Was duplicate (stub in products/, active in clients-external) D-12 ufs/ renamed unified-form-service/ Opaque acronym → descriptive; placed under products/ (deployed at forms.alai.no) D-13 architecture/ and services/ renamed in ALAI-Holding-AS Disambiguate from ~/system/architecture/ and ~/system/services/ (operational vs commercial) — architecture → product-architecture , services → service-catalog Consequences Positive 13 named clients in ~/clients-external/ (one tenant per subdir, no cross-contamination) 9 ALAI products in ~/business/ALAI-Holding-AS/products/ (no client-as-product misclassifications) 12 agent personas in ~/system/agents/personas/ (correct semantic home; no longer "companies") 2 legal entities under ~/business/ (Holding AS + Tech DOO; no third entity confusion) CEO personal scope isolated under ~/personal/ (cv, nav, scholarly, code, real-estate, legal-personal) ~/projects/ narrowed from 23 → 8 entries (ALAI internal engineering only) ucenje brand contamination resolved (ucenje.alai.no separate, alai.no/ucenje 301) 26 GB freed (ollama.tar.gz cleanup) + 16 GB freed (test scaffolds + companies archive) ~/Public PII quarantined to ~/personal/legal-personal/ (5 sensitive PDFs no longer local-network readable) ~/companies/ completely removed (anti-pattern eliminated) Negative 158 LaunchAgent paths still resolve via ~/ALAI symlink (TD: rewrite to canonical, ≥30d grace) 10+ tool/daemon refs to ~/companies/ resolve via symlink (TD: same grace, lower priority) _legacy-bc-2026-05-07/ content from BasicConsulting unwind required manual reconciliation into clients/Entur/ and clients/RPG/ (DONE, but added one-time manual step) 19 CV references across grant submissions remain in place (each is a submission artifact, not a duplicate to dedup) Some opaque-name decisions deferred ( internal/ left as-is — well-organized but generic name) Neutral Boot health unchanged (29/29 daemons loaded, 0 failing, before and after) Git histories preserved (used git mv for in-repo moves, plain mv for cross-repo) ALAI-Tech-DOO retains its own git repo and .alai/ orchestration metadata Alternatives Considered Alternative Why rejected Status quo (semantic chaos accepted) CEO explicit "zelim da sam ponosan, ne zabrinut" + Lexicon legal exposure findings Storage-only deeper sweep (no rename) ucenje brand contamination is structural, not storage ~/tenants/ umbrella with per-tenant subdir Equivalent to chosen ~/business/ + ~/personal/ + ~/clients-external/ , but less natural-language for CEO solo founder Hard rewrite of all LaunchAgent paths in same operation High risk; symlink grace period is industry-standard Move ucenje to broj19.com (own domain, $12/year) Subdomain ucenje.alai.no is sufficient (CEO Decision #1B); domain purchase deferred Keep BasicConsulting as separate entity tree CEO clarified there is no separate firma; would create maintenance burden for non-existent legal entity Implementation Wave Scope Result W1-A (BLOCKER) Unload 3 PHANTOM daemons (mlx-router, db-ttl-sweep, distillation-scorer) DONE — boot failure resolved, 56 → 53 com.alai daemons W1-B (bulk cleanup) Archive + delete 35 paths; settings.bak retention; ~/~ cleanup; ~/projects/ALAI collision DONE — 30 valid tar archives in ~/backups/_archive/anvil-fs-sweep-2026-05-07/ , ~9GB freed W1-C (split-brain) 6 active pairs merged/renamed; ~/ALAI/CLAUDE.md surgical update DONE — agents merged, architecture/services renamed for disambiguation W2 (docs) canonical-registry.md, ADR-022, drift-detection-design.md DONE — MC #99701 W3 (validation + publish) Proveo E2E, BookStack publish DONE — Proveo 9/10 PASS, BookStack shelf 2845 Phase A (org-audit quick wins) chmod planka, gitignore tfstate, PII quarantine, ollama.tar.gz delete DONE Phase B (ucenje extract) New repo + CF Pages + 301 redirect DONE — ucenje.alai.no live, 301 verified Phase D.1 (personal + clients-external) Skeleton + AlemPersonal + client repo migration DONE Phase D.2 (~/ALAI rename) Symlink-based canonical rename DONE Phase D.3 (agent personas) 12 personas → ~/system/agents/personas/ DONE Phase D.4 (BasicConsulting unwind + companies removal) Tenant cleanup + symlink for daemon backward compat DONE Phase D push-through _multi-client-hub split, virtual-serbia classification, _legacy-bc reconciliation, futureProjects removal, ufs rename, KenanHot reclassification, FreeMyEV stub merge, nav-bc-residual merge DONE References Multi-perspective audit: ~/system/specs/anvil-organizational-audit-2026-05-07.md Sub-agent reports: /tmp/anvil-org-audit/01-petter*.md … 06-skybound*.md Mechanical sweep ADR: ~/system/architecture/decisions/ADR-022-anvil-fs-sweep-2026-05-07.md Canonical registry: ~/system/specs/canonical-registry.md (post-D updates) Tree blueprint (NEW): ~/system/specs/anvil-tree-blueprint-2026-05-07.md Git structure rules (NEW): ~/system/specs/anvil-git-structure-2026-05-07.md Memory entries: project_alai_entity_identity_clarified_2026-05-07.md , project_anvil_phase_d_done_2026-05-07.md MC chain: #99710 (org audit parent), #99742 (Phase B.1), #99744 (Phase B.2), #99722 (Brønnøysund — closed), #99723 (BC clarification — pending close), #99724 (Lumiscare notification), #99725 (Telegram revoke) Live deployment: https://ucenje.alai.no , https://github.com/johnatbasicas/ucenje