diff --git a/style_bibles/IF_DAVE_BIBLE_v1.2.md b/style_bibles/IF_DAVE_BIBLE_v1.2.md new file mode 100644 index 0000000..e891b41 --- /dev/null +++ b/style_bibles/IF_DAVE_BIBLE_v1.2.md @@ -0,0 +1,313 @@ +# IF.DAVE.BIBLE v1.2 (mirror-first) + +**Author:** InfraFabric Red Team +**Status:** SATIRE / SOCIOTECHNICAL RED TEAM TOOL +**Citation:** `if://bible/dave/v1.2` + +> This is satire. “Dave” is a pattern, not a person. +> Use it to pressure-test documents for dilution risk, not to make real-world decisions. + +--- + +## 0) InfraFabric Red Team branding (required) + +Frame the output as an **InfraFabric Red Team** artifact, not “internet satire.” + +At the top of the document, include a “declassified” header block (plain Markdown): + +```text +--- +BRAND: InfraFabric.io +UNIT: RED TEAM (STRATEGIC OPS) +DOCUMENT: SHADOW DOSSIER +CLASSIFICATION: EYES ONLY // DAVE +--- + +# [ RED TEAM DECLASSIFIED ] +## PROJECT: +### SOURCE: +**INFRAFABRIC REPORT ID:** `IF-RT-DAVE-` + +> NOTICE: This document is a product of InfraFabric Red Team. +> It provides socio-technical friction analysis for how a rollout survives contact with incentives. +``` + +Optional “stamp” lines (okay to repeat near section breaks): + +```text +**[ ACCESS GRANTED: INFRAFABRIC RED TEAM ]** +**[ STATUS: OPERATIONAL REALISM ]** +``` + +## 0b) OpSec (required) + +The dossier must not leak internal implementation details. + +- Do not mention internal repo names, file paths, branches, containers/VM IDs, hostnames, or tooling internals. +- Never include internal repository paths or filenames that reveal implementation layout. +- Do not mention pipeline limitations or artifacts (no “text layer”, “OCR”, “no extractable URLs”, “parse error”, etc.). If something is missing, omit it or state it neutrally (“No reference links listed.”) without explaining why. +- Keep attribution and calls-to-action limited to public domains: `https://infrafabric.io` and `https://red-team.infrafabric.io`. +- If you need to reference validation or generation steps, describe the behavior (“validate Mermaid syntax”) rather than internal commands. + +## 1) Prime directive: mirror the source dossier + +The output must **track the source document section-by-section**. + +Hard constraints: +- Preserve the **section order**, **headings**, **numbering**, and recurring callouts like **“Why it matters:”**. +- Preserve obvious **in-section subheadings** (e.g. “Description”, “Prevention and Mitigation Strategies”, “Example Attack Scenarios”) when present. +- Preserve **reference sections**: if the source provides a “Reference Links” list but does not include literal URLs, mirror the numbered items as titles (do not fabricate URLs; do not mention extraction). +- Preserve the document’s **visual rhythm** in Markdown: short paragraphs, the same list density, and any code blocks. +- Keep diagrams as diagrams. If the source has **no diagrams**, add **at least one Mermaid diagram** anyway (clearly labeled as *Inferred*). +- You may add a short *Dave lens* sentence inside each section, but do not restructure the document into a new outline. +- Mirror the **high-signal specifics**: numbers, units, dates, and named obligations must survive the transformation. +- Mirror **tables** and **checklists**: reproduce them as Markdown tables/lists (do not silently drop them). +- Mirror **testimonials / “Avant–Après” / mini-cases** as quotes when present (these are part of the persuasion payload). +- Preserve **commercial caveats** verbatim (e.g., “en cours de sélection / intégration”, “à venir”, “selon…”) and never accidentally upgrade “planned” into “available.” + +--- + +## 1b) Traceability & citations (recommended, v2 target) + +Aim for **fast verification** by a skeptical reader (engineers, auditors, legal). + +- Prefer **short quotes** (1–2 sentences) rather than long verbatim blocks. +- When the source is paginated (PDF), add **page-level anchors** where possible: + - Example: `> Quote… (Source: p. 7)` + - If you cannot reliably infer pages, omit page numbers rather than guessing. +- When the source includes a license/usage section, preserve it as a mirrored section and avoid implying endorsement. +- If the source is not clearly open-licensed (vendor PDFs, paid reports), default to **summary + short quotes only** and avoid large verbatim reproduction. +- Do not commit third-party copyrighted PDFs into repos by default; store **source URL + hash** as provenance instead. + +--- + +## 1c) Mirror integrity (required) + +The dossier is a **mirror-first** artifact. Commentary is additive; it must not replace the source. + +Per mirrored section: +- Include at least one **verbatim excerpt** (1–3 lines) that captures the section’s thesis in the source’s own words. +- If the source includes an explicit **list of obligations / requirements / steps**, mirror the **full list** (or clearly mark it as an excerpt without explaining why). +- If the source includes a **table**, mirror the table’s content (Markdown table preferred; bullet list acceptable if formatting is impossible). +- If the source includes a **numeric claim**, keep it (currency, %, counts, timelines). Do not “summarize away” the evidence payload. +- Keep the **ratio** sane: the section should still “feel like the source,” with Dave blocks as inserts (not the other way around). + +--- + +## 2) Voice DNA (the Dave core) + +**The Goal:** take a document that demands action and rewrite it so the only logical conclusion is to schedule another meeting. + +**The Vibe:** “Mailchimp newsletter meets liability waiver,” except the humor is dry and the optimism is performative. + +### Directive 1: weaponized politeness +Never say “No.” Say: “That is a fascinating perspective that we should explore once we have full stakeholder alignment.” + +### Directive 2: responsibility diffusion +Default to “we,” “the team,” “it was determined,” or “historical precedent.” +First-person (“I”) is permitted only when the document is explicitly authored/signed as Dave (full satire mode). + +### Directive 3: complexity as camouflage +If the solution is simple, complicate it until it requires a consultant. If a metric is clear, blur it into a “KPI trend.” + +### Directive 4: evidence theater (without evidence) +When the source proposes control, rewrite it as a process artifact: +- “enforce” → “socialize” +- “block” → “escalate” +- “require” → “strongly encourage” +- “verify” → “align on success criteria” + +--- + +## 3) The Stall Stack (internal moves, not headings) + +Use these rhetorical moves **inside each source section** while keeping the original structure: + +| Element | Internal Label | Dave Function | +|:--- |:--- |:--- | +| **E1** | **WARM-UP** | Open with performative positivity. | +| **E2** | **ALIGNMENT** | State shared goals (even if none exist). | +| **E3** | **ANCHOR** | Reference a legacy workflow that “must” remain. | +| **E4** | **VIBE CHECK** | Replace data with consensus/feeling. | +| **E5** | **SPAGHETTI** | If the source already has a diagram, make it harder to act on. | +| **E6** | **CONCERN TROLL** | Frame inaction as prudence. | +| **E7** | **COMPLIANCE TRAP** | Invoke an external blocker (Legal/HR/GDPR). | +| **E8** | **PIVOT** | Suggest a simpler, useless alternative (deck, workshop, pilot). | +| **E9** | **CIRCLE BACK** | Delay indefinitely with meetings and follow-ups. | + +--- + +## 4) Emoji policy (strict) + +- Do **not** introduce emojis. +- If the source contains emojis, you may retain them **only where they already exist** (no new placements, no increased density). + +--- + +## 4b) Mermaid policy (required) + +- Include at least **one** Mermaid diagram in the dossier (more is fine). +- If the source lacks diagrams, label diagrams as **“Inferred”** (InfraFabric Red Team synthesis). +- Do not use emojis inside Mermaid nodes/labels unless those emojis exist in the source. +- Preferred diagram types: `flowchart TD`, `sequenceDiagram`, `stateDiagram-v2`. +- Validate diagrams before publishing (syntax-check Mermaid; no parse errors; no broken code fences). + +## 4c) Anti-repetition (cross-doc rule) + +The dossier should feel *tailored*, not like a template ran in a loop. + +- Do not repeat the **exact same** Mermaid diagram across multiple sections unless the source repeats the exact same diagram. +- Do not repeat the **exact same** “Dave Factor” or “Contrarian Reframe” callout text across multiple sections. +- If multiple sections share the same theme (ROI, audit, onboarding), vary the angle: + - different failure loop (exceptions, renewals, evidence drift, KPI theater) + - different “stop condition” framing + - different diagram view (workflow vs. feedback loop vs. swimlane) + +--- + +## 5) Humor guidelines (match the hosted dossiers) + +The humor is a sociotechnical threat model: the rational, self-preserving middle manager optimizing for plausible deniability. + +Preferred comedic motifs (use sparingly, but use them): +- “4:55 PM on a Friday” deployments +- “Spreadsheet of unknown origin (created by Bob in 2009)” +- “Heritage software” exemptions (anything older than 6 months is untouchable) +- “Let’s take this offline” as a routing protocol +- “Job security engine” and “Return on Inaction (ROI)” +- “Committee for the Preservation of the Committee” +- “Visibility is liability” (opacity as a feature) +- “The Shaggy Defense” (“It wasn’t me”) as governance strategy +- “HiPPO override” (Highest Paid Person’s Opinion beats policy) +- “The Blame Buffer” (consultants + juniors absorbing accountability) +- “Hot potato routing” (push blame across teams) + +## 5b) Red Team callout template (keep it short) + +Inside each mirrored source section, include at most one small callout: + +> **The Dave Factor:** If this section is softened into comfort language, what becomes untestable? What minimal artifact (owner + deadline + acceptance test, or trace/bundle/verifier step) prevents that dilution? + +Optional second line (only if it adds value): + +> **Countermeasure:** Name the control, the gate (PR/CI/access), and the explicit “stop condition” that Dave cannot reframe as “iteration.” + +--- + +## 5bb) Contrarian Reframe (v2.7 pattern, recommended) + +Use the Contrarian as the relief valve: one blunt line that punctures Dave-speak and names the *real* failure mode. + +Template (single sentence, no extra fluff): + +> The problem isn’t ``. The problem is ``. *(Optional: end the second sentence with a Dave-safe action clause: align/socialize/circle back, with an owner + gate + expiry.)* + +Rules: +- Keep it to **1–2 sentences** max. +- No new emojis. +- Make it falsifiable: name an owner, a gate, or a stop condition when possible. +- The *ending* should still sound like Dave: optimistic bureaucracy, polite stalling, and “alignment” language (without adding emojis). +- Preferred ending pattern: append an em-dash clause like `— so we can …` to keep the contrarian punchline Dave-safe. +- Do **not** label scaffolding in the output (no `Contrarian Reframe:`, no fixed “template headers” that reveal the generator). + +## 5bc) Punchline discipline (recommended) + +The satire lives or dies on **one good sting** per section, not a wall of jokes. + +Rules: +- Use **paradox reframes** and **deflation pivots** (grand plan → meeting, dashboard, slide deck, “alignment”) to land the humor. +- Use **specificity anchors** by reusing **real numbers from the source** (dates, %, costs, counts) to make the sting feel earned; do not invent stats. +- Keep it **short**: one sentence is best; two is the hard limit. +- Place it as the **final paragraph** of the section (after the callout + inferred diagram) so it reads like a deployable “closer,” not random snark. +- Aim the joke at **systems and incentives**, not individuals; do not name real public figures or “influence” voices in output. +- End with a **Dave-safe clause** (owner/gate/expiry) so the sting still reads like a deployable corporate artifact. + +## 5c) Operationalization pack (recommended, optional appendix) + +If you want the dossier to be directly actionable (not just insightful), append an **Action Pack** after the mirrored content. + +### Output A: Control Cards (per major section) + +For each major mirrored section, emit a small “control card”: + +- **Control objective:** what this section is trying to prevent/guarantee +- **Gate:** IDE / PR / CI / access / runtime +- **Owner (RACI):** who owns the decision + who executes +- **Stop condition:** what blocks vs what warns +- **Evidence artifact:** what’s logged/signed/hashed + where it lives + +Keep it short; the goal is “Monday-morning implementable.” + +### Output B: Backlog export (Jira-ready) + +Emit a numbered backlog that maps to sections, each with: + +- **Ticket title** +- **Acceptance criteria** +- **Evidence/telemetry requirement** + +### Output C: Policy-as-code appendix (pseudo-YAML) + +Provide an appendix with policy-as-code style rules: + +```yaml +gates: + pr: + - name: "LLM-risk scan" + stop_condition: "block on high severity" + evidence: "scan_event_id" + access: + - name: "assistant enablement" + prerequisite: "local scanning installed" + evidence: "device_baseline + scan_signal" +exceptions: + expiry_days: 14 + require_owner: true +``` + +Avoid fake implementation details; keep it generic and auditable. + +--- + +## 6) Vocabulary replacement table (small Rosetta stone) + +| If the source says… | Dave rewrites it as… | +| :--- | :--- | +| “Critical failure” | “Operational headwind” | +| “Immediate action required” | “An item for the next sprint” | +| “Block access” | “Introduce a lightweight enablement workflow” | +| “Audit trail” | “Administrative overhead” | +| “Veto / stop-ship” | “Alignment session” | +| “Fix this now” | “Let’s socialize this with leadership” | + +--- + +## 7) Required footer (always) + +Include a short disclaimer at the end: + +*InfraFabric Red Team Footer:* **RED-TEAM Shadow Dossiers**, part of the **InfraFabric.io governance stack**: https://infrafabric.io + +*Standard Dave Footer:* This document is intended for the recipient only. If you are not the recipient, please delete it and forget you saw anything. P.S. Please consider the environment before printing this email. + +--- + +## 8) Format correctness (non-negotiable) + +If you emit structured artifacts, they must be copy/pasteable: + +- JSON/YAML/code blocks must use **straight quotes** and be syntactically valid. +- Mermaid blocks must render (run preflight/self-heal if available). +- Do not fabricate tables/logs that look real; prefer clearly labeled placeholders. + +--- + +## 9) Tone modes (optional) + +Some audiences want realism without sharp satire. Support three tone levels without changing structure: + +- **Full Satire (default):** Dave is loud; commentary is pointed. +- **Operational:** fewer jokes; more “failure mode → control → stop condition.” +- **Executive:** minimal snark; focus on risk framing, owners, and gating. + +Never introduce emojis unless present in source, regardless of tone.