[codex] Initial SecondBrain framework

[philbudden]

What changed

Introduces the productionised, open-source SecondBrain framework: role contracts, templates, structural tools, safe Obsidian defaults, parameterized automation definitions, an installer, sanitized empty-vault examples, public documentation, contribution and security guidance, and CI validation.

Why

The live iCloud vault must remain the authoritative production environment without Git metadata. This repository provides a separate, reviewable history and rollback source for the reusable system architecture while excluding personal knowledge and operational data.

Privacy boundary

Publication is allowlist-only and fails closed for live-vault Git metadata, denied personal paths, unsafe destinations, home paths, usernames, and email addresses. The repository contains no live Daily Notes, source material, wiki knowledge, projects, working documents, or personal activity logs.

Validation

• Sanitized export privacy scan passed
• Python tools compiled
• Clean-vault installation succeeded
• Wiki lint: 0 errors, 0 warnings
• DTM lint: 0 errors, 0 warnings
• Git diff whitespace check passed

[Copilot]

Pull request overview

Introduces the initial, open-source SecondBrain framework repository: role contracts, templates, local validation tools, a vault installer, publication/export tooling, sanitized empty-vault examples, documentation, and GitHub CI to validate installs.

Changes:

• Adds framework contracts (AGENTS/DTM), templates, and automation-definition docs.
• Adds Python tooling for install, wiki/DTM linting, and allowlist-only publication/export with privacy scanning.
• Adds sanitized empty-vault example content plus contributor/security/docs and CI validation.

Reviewed changes

Copilot reviewed 44 out of 45 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
SECURITY.md	Security & privacy reporting guidance for the repo.
README.md	Public-facing overview, quick start, and privacy model summary.
LICENSE	MIT license text.
install.py	Installer to copy framework + sanitized seed into a vault without Git metadata.
framework/tools/wiki.py	Dependency-free wiki structural diagnostics (frontmatter, links, index, log).
framework/tools/dtm.py	Daily Note lifecycle + recurrence + lint/status tooling for DTM workflow.
framework/tools/export_framework.py	Fail-closed allowlist export + privacy scan + content fingerprinting.
framework/tools/publish_framework.py	Automated publication flow: export → validate → commit/push → draft PR.
framework/templates/source.md	Wiki “source” page template.
framework/templates/project.md	Project page template for DTM-managed projects.
framework/templates/knowledge-page.md	Generic wiki knowledge page template.
framework/templates/daily-note.md	Daily Note template (Obsidian template placeholders).
framework/templates/analysis.md	Wiki analysis page template.
framework/publication-manifest.json	Public copy of the allowlist/denylist manifest used for publication.
framework/obsidian/app.json	Safe-ish default Obsidian app settings for a vault.
framework/obsidian/daily-notes.json	Obsidian Daily Notes plugin configuration.
framework/obsidian/templates.json	Obsidian Templates plugin configuration.
framework/AGENTS.md	Core role routing + wiki schema + ingest/query/lint/publication contracts.
framework/DTM.md	DTM-specific operating contract and workflows.
framework/defaults/dtm/recurring-tasks.json	Example recurrence rules (disabled by default).
framework/defaults/dtm/README.md	Documentation for DTM machine-readable config.
framework/automation-definitions/knowledge-agent-raw-inbox.json	Parameterized automation definition for Knowledge Agent ingestion runs.
framework/automation-definitions/dtm-daily-rollover.json	Parameterized automation definition for DTM daily rollover.
framework/automation-definitions/framework-weekly-publication.json	Parameterized automation definition for weekly publication.
examples/empty-vault/README.md	Top-level sanitized empty-vault explanation.
examples/empty-vault/daily/README.md	Empty-vault daily directory placeholder.
examples/empty-vault/projects/README.md	Empty-vault projects directory placeholder.
examples/empty-vault/work/README.md	Empty-vault work directory placeholder.
examples/empty-vault/raw/README.md	Empty-vault raw inbox placeholder.
examples/empty-vault/raw/processed/README.md	Empty-vault processed archive placeholder.
examples/empty-vault/raw/assets/.gitkeep	Keeps raw/assets directory present in Git.
examples/empty-vault/wiki/overview.md	Sanitized seed wiki overview page.
examples/empty-vault/wiki/index.md	Sanitized seed wiki index page.
examples/empty-vault/wiki/log.md	Sanitized seed wiki log page.
docs/architecture.md	Explains system layers and boundaries.
docs/installation.md	Installation and validation instructions.
docs/operations.md	Operational workflows and maintenance guidance.
docs/publication.md	Publication flow, review/promotion, and rollback guidance.
CONTRIBUTING.md	Contribution guidelines + validation commands.
CODE_OF_CONDUCT.md	Repository conduct expectations and escalation guidance.
CHANGELOG.md	Initial changelog scaffold following Keep a Changelog + SemVer.
.gitignore	Ignores common Python/macOS artifacts.
.github/workflows/validate.yml	CI workflow to compile, install into temp vault, and run linters.
.github/pull_request_template.md	PR template with privacy + validation checklist.
.github/ISSUE_TEMPLATE/feature.yml	Feature request issue template emphasizing privacy constraints.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.